Privacy Policy

1. Introduction

NopeMode ("we", "us", "our") provides a screen time management service that helps users control and monitor their device usage. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

By creating an account or using our service, you agree to the collection and use of information as described in this policy.

Data Controller

The controller responsible for processing your personal data is:

• Martin Ševela, OSVČ (sole trader)
• IČO: 19236760
• Sinkulova 1209, Praha 4, Czech Republic
• Email: info@nopemode.com

2. Information We Collect

2.1 Account Information

When you register, we collect:

• Email address (used as your username and for account recovery)
• Password (stored as a cryptographic hash, never in plain text)

2.2 Device Information

When you connect a device, we collect:

• Device name (chosen by you)
• Device platform (Windows, Android)
• Last seen timestamp

2.3 Usage Data

As a core part of the screen time management service, we track usage data on your managed devices. This data is essential for enforcing policies and providing usage reports. It includes:

• Application usage: which apps are used, foreground time, active time, and media playback time per day
• Website usage: domains visited, browser used, foreground and active time per day
• Policy usage: time spent per policy category (e.g., social media, gaming) per day

This data is collected locally on the device and synced to your account on our server. It is only accessible to you (the account owner) and any manager accounts you have authorized.

2.4 Subscription & Payment Data

Payment processing is handled by our payment provider, Paddle. We store:

• Your Paddle customer ID
• Subscription tier, status, and billing period dates

We do not store your credit card number, bank details, or other payment credentials. These are handled entirely by Paddle. Please review Paddle's Privacy Policy for details on their data handling.

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the NopeMode service
• Enforce screen time policies you have configured
• Display usage reports and statistics in your dashboard
• Send transactional emails (account verification, password reset)
• Process subscription payments
• Diagnose and fix technical issues

We do not sell your personal data. We do not use your data for advertising. We do not build user profiles for marketing purposes. We do not engage in automated decision-making or profiling.

3.1 Legal Bases for Processing

Under the GDPR, we process your personal data on the following legal bases:

• Contract performance (Art. 6(1)(b)) — account data, device data, usage tracking, policy enforcement, and transactional emails are necessary to provide the service you signed up for
• Legal obligation (Art. 6(1)(c)) — subscription and payment records are retained as required by tax and accounting law
• Legitimate interest (Art. 6(1)(f)) — error tracking and diagnostics help us maintain service quality and fix bugs; our interest is balanced against minimal data collection (no personally identifiable information is sent to error tracking)

4. Third-Party Services

We use the following third-party services:

4.1 Paddle (Payment Processing)

Paddle handles all payment processing, invoicing, and tax compliance. When you subscribe, your payment details are provided directly to Paddle.

4.2 GlitchTip / Sentry (Error Tracking)

We use error tracking to identify and fix bugs. When an error occurs, technical information about the error (stack trace, device type, OS version) may be sent to our self-hosted GlitchTip instance. We do not send personally identifiable information (such as your email address) to error tracking services.

4.3 Email Provider

We use an SMTP email service to send transactional emails (account verification, password resets, support responses). We do not send marketing or promotional emails.

4.4 International Data Transfers

Your data is primarily stored and processed within the European Union. Some of our third-party service providers may process data outside the EU/EEA:

• Paddle is established in the United Kingdom, which benefits from an EU adequacy decision for data protection

Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as EU adequacy decisions or Standard Contractual Clauses (SCCs), in accordance with GDPR Articles 44-49.

5. Data Storage & Security

Your data is stored on servers located in the European Union. We use industry-standard security measures including:

• TLS encryption for all data in transit
• Cryptographic password hashing
• JWT-based authentication with token expiration
• Access controls limiting data access to authorized users only

6. Data Retention

We retain your data for as long as your account is active:

• Account and device data — retained for the lifetime of your account
• Usage reports — retained for the lifetime of your account to provide historical statistics
• Subscription and payment records — retained as required by applicable tax and accounting law (up to 10 years after the transaction)

When you delete your account, all associated data (devices, policies, usage reports) is permanently deleted. Subscription records may be retained for the legally required period for tax compliance purposes.

7. Your Rights

Under the General Data Protection Regulation (GDPR) and similar laws, you have the right to:

• Access your personal data — you can view all your data in the NopeMode dashboard
• Data portability — you can download a copy of your data in a structured, machine-readable format from your account settings
• Erasure — you can delete your account and all associated data from your account settings
• Rectification — you can update your email and other account details at any time
• Restrict processing — you can request that we limit how we process your data in certain circumstances
• Object to processing — where we process data based on legitimate interest, you have the right to object; we will stop processing unless we have compelling legitimate grounds
• Withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at info@nopemode.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. For Czech Republic residents, this is the Office for Personal Data Protection (UOOU): www.uoou.cz.

8. Children's Privacy

NopeMode is designed as a screen time management tool for use by parents and guardians. We do not knowingly collect personal data directly from children. Children do not create their own accounts.

When used to manage a child's device, the parent or legal guardian creates and controls the account. Usage data collected from managed devices is processed under the parent's account based on their consent and authority as the child's legal guardian.

Parents and guardians may exercise data rights (access, export, deletion) on behalf of their children through their account settings or by contacting us.

Under the Czech implementation of GDPR, parental consent is required for processing personal data of children under 15 years of age in relation to information society services. NopeMode relies on the parent or guardian to provide this consent by creating and managing the account.

9. Cookies

The NopeMode web application uses local storage (not cookies) to maintain your login session. We do not use tracking cookies, analytics cookies, or third-party cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. The "Effective date" at the top of this page indicates when this policy was last updated.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

• Email: info@nopemode.com