Legal

Privacy Policy

Last updated: May 15, 2026 · Effective immediately for all users

1. Who We Are

Wiesior ("we", "us", "our") is a free productivity web application built for students. This Privacy Policy explains what personal data we collect when you use Wiesior, how we use it, who we share it with, and what rights you have over your data.

If you have any questions about this policy, contact us through the app.

2. Data We Collect

We collect only the data needed to make the app work:

Account data — your username, email address, and a bcrypt-hashed password (we never store your password in plain text).
Schedule & planner data — the tasks, time slots, and notes you add to your weekly planner.
Goals — goal titles, descriptions, mini-steps, deadlines, and completion status.
Daily notes — short notes you write per day (retained for up to 90 days).
Worklogs & worklinks — work session logs and links you save in your workspace.
Community posts — if you publish content to the community, your username and post content are stored publicly.
Profile data — any bio, skills, or profile details you optionally add in Settings.

We do not sell your data. We do not use it for advertising. We do not share it with third parties for commercial purposes.

3. Cookies & Analytics

We use Google Analytics 4 (GA4) to understand how visitors use the app — pages visited, session length, device type. GA4 sets cookies on your browser to track these metrics.

We ask for your consent before loading Google Analytics. You can choose:

Accept all cookies — GA4 loads and collects analytics data.
Essential only — GA4 does not load. Only the cookies required for authentication (your session token) are set.

You can change your choice at any time by clicking "Cookie preferences" in the footer, or by clearing your browser's localStorage for this site.

The session authentication cookie (planner_token) is an HttpOnly cookie required for the app to work. It is not used for tracking and is not shared with third parties.

4. Google OAuth

You can sign in using your Google account. When you do, Google shares your name and email address with us so we can create or find your account. We do not access your Google Drive, Gmail, Calendar, or any other Google service. Your Google password is never shared with or seen by Wiesior.

Google's own Privacy Policy governs how Google handles your data during the OAuth process.

5. AI Features (Gemini)

Wiesior uses Google's Gemini AI in two places:

Timetable import — when you upload a photo of your class timetable, the image is sent to the Gemini API to extract your schedule. We do not store the image on our servers. Once the schedule is extracted, the image is discarded.
Editorial agent — when an admin generates blog content, a text prompt is sent to Gemini. No user-identifying data is included in these prompts.

Google's Gemini API Terms and Privacy Policy apply to data processed by their AI services.

6. Email

We use your email address for:

Sending a one-time verification link when you register
Sending a password-reset link if you request one
Sending task-assignment or post notifications (only if you are a member of a team)

We do not send marketing emails. We do not add you to any mailing list.

7. Data Storage & Security

Your data is stored in a MongoDB database hosted on MongoDB Atlas (cloud, EU or US region depending on Atlas availability). All data is transmitted over HTTPS. Passwords are hashed with bcrypt before storage. JWT session tokens are stored in HttpOnly cookies, not accessible to JavaScript.

We take reasonable technical measures to protect your data, but no system is perfectly secure. We recommend using a strong, unique password.

8. Your Rights (GDPR & general)

If you are in the European Union or UK, you have the following rights under the GDPR:

Right of access — you can request a copy of all personal data we hold about you.
Right to rectification — you can correct inaccurate data via the Settings page or by contacting us.
Right to erasure — you can request deletion of your account and all associated data. We will delete it within 7 days.
Right to portability — you can request your data in a machine-readable format.
Right to withdraw consent — you can withdraw analytics consent at any time (see Section 3).
Right to object — you can object to processing by contacting us.

To exercise any of these rights, contact us through the app. We will respond within 30 days.

9. Data Retention

We keep your data for as long as your account is active. If you request deletion, we remove all personal data within 7 days. Daily notes are automatically deleted after 90 days. Community posts may remain visible under your username unless you delete them or request account deletion.

10. Children

Wiesior is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child under 13 has created an account, please contact us and we will delete the account promptly.

11. Changes to This Policy

We may update this Privacy Policy as the app grows or as legal requirements change. When we do, we'll update the "Last updated" date at the top of this page. Continued use of the app after changes indicates acceptance of the updated policy.