Privacy Policy

The Service is provided by:

Email: privacy@worklist.app (recommended contact for privacy matters)

For users in the European Economic Area (EEA), the United Kingdom and Switzerland, Banana Pancakes s.r.o. is the controller of your personal data under applicable data protection laws, including the EU/EEA General Data Protection Regulation (GDPR). We have not appointed a statutory Data Protection Officer, but you can contact us with any privacy questions at the address or email above.

The competent supervisory authority in our home EU Member State is:

• The Worklist web application and any associated mobile or desktop applications.
• The Website and any related pages that link to this Privacy Policy.
• Our communications with you (for example, when you contact support or receive product updates).

It does not apply to third-party services you integrate with Worklist (for example, identity providers, file storage providers, or other tools). Those services are governed by their own privacy policies.

Depending on how you use Worklist:

• For individual accounts, we normally act as controller of your personal data.
• When an organization (for example, your employer) provides you with access to Worklist, that organization is usually the controller of Workspace data, and we act as its processor. In that case, our Data Processing Agreement (DPA) with the organization governs how we handle Workspace data on its behalf.

To make our encryption model and responsibilities clear, we use the following terms:

• Account Data – information needed to create and manage your account (for example, email address, OPAQUE/PAKE verifier for authentication, billing details).
• Workspace – a collaborative space where you and other users can create tasks, lists, projects and related content.
• Workspace Content – the actual content you store in Worklist, such as task titles and descriptions, comments, checklists, tags, attachments and any other data you enter into a Workspace.
• Encrypted Data – data that is protected by strong cryptography such that we cannot read it in plaintext.
• Metadata – limited information about your use of the Service that does not include Workspace Content (for example, when your account was created, when you last signed in, the number of items in a Workspace, subscription plan, etc.).

Our goal is that Workspace Content is end-to-end encrypted and zero-knowledge, meaning we are technically unable to read it in plaintext. We still process metadata and Account Data to operate the Service.

The Service is built around the principle that your Workspace Content is private to you and your collaborators:

• Workspace Content is encrypted on your device before being sent to our servers (the server-held OPAQUE verifier cannot decrypt it).
• We store only encrypted Workspace Content and do not hold the keys required to decrypt it in plaintext.
• Our staff cannot read your Workspace Content in the normal operation of the Service.

However, there are important implications and limitations:

1. Account and metadata are not zero-knowledge. We must process some Account Data and metadata (e.g., email address, subscription status, last login time) in plaintext to operate billing, access control, notifications and security.
2. Your devices and collaborators are part of the trust model. If your device is compromised or collaborators mishandle decrypted data, encryption on our servers cannot protect you from that.
3. Key management is critical. Depending on the key management model, losing access credentials or keys may mean we cannot recover Workspace Content for you. You are responsible for following any backup procedures we provide.
4. Legal requests. If we receive a lawful request from authorities, we may be compelled to disclose account-level data and encrypted Workspace Content. Because Workspace Content is encrypted end-to-end, we will only be able to provide it in encrypted form unless you cooperate in its decryption.

If the Service design changes in ways that materially affect this encryption model, we will update this Privacy Policy and, where required, ask for your consent.

We do not sell your personal data. We do not share your personal data with third parties for their independent marketing purposes.

We share personal data only with:

Our main establishment is in the Czech Republic (EU). However, some of our service providers may be located in, or process data from, countries outside the EEA/UK/Switzerland.

When we transfer personal data to countries that do not provide an adequacy decision under GDPR, we rely on appropriate safeguards, such as:

• Standard Contractual Clauses (SCCs) adopted by the European Commission.
• Equivalent contractual mechanisms under UK data protection law.
• Additional technical and organizational measures (including encryption) where appropriate.

You can request more information about the specific safeguards for your data by contacting us.

We keep personal data only for as long as necessary to fulfill the purposes described in this Policy or as required by law. In practice, this means:

• Account Data – kept for as long as your account is active. After deletion or termination, we retain limited data (e.g., logs, account identifiers) for a reasonable period (typically up to 3 years) for security, fraud prevention and record-keeping.
• Workspace Content – stored for as long as your account or Workspace is active, or until you or the Workspace owner delete it. Encrypted backups may persist for a limited additional period as part of our disaster-recovery procedures.
• Billing and financial records – retained for the periods required by Czech and EU accounting and tax laws (generally up to 10 years after the end of the relevant tax period).
• Support communications – retained for the duration necessary to resolve your request and for a reasonable period thereafter (typically up to 3 years) for audit, training and dispute resolution.
• Analytics data – where used, retained in aggregated or pseudonymous form and deleted or anonymized once no longer needed.

When retention periods expire, we delete or irreversibly anonymize personal data, unless we are legally required to keep it longer (for example, due to ongoing disputes or investigations).

Where GDPR or similar laws apply, you may have the following rights with respect to your personal data:

• Right of access – to obtain confirmation as to whether we process your personal data and receive a copy of it.
• Right to rectification – to have inaccurate personal data corrected and incomplete data completed.
• Right to erasure – to request the deletion of your personal data in certain circumstances.
• Right to restriction – to request that we restrict processing of your personal data in certain cases.
• Right to data portability – to receive personal data you have provided to us in a structured, commonly used and machine-readable format and to transmit it to another controller when technically feasible.
• Right to object – to object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests.
• Right to withdraw consent – where processing is based on your consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

These rights typically apply to Account Data and metadata, not to encrypted Workspace Content we cannot decrypt. For Workspace Content, we may only be able to act through functions you or your Workspace owner control (e.g., deleting content from within the app).

To exercise your rights, contact us at privacy@worklist.app. We may need to verify your identity before fulfilling your request. You also have the right to lodge a complaint with your local data protection authority. You may choose to contact the Czech Office for Personal Data Protection using the contact details above or your local authority.

The Service is not directed to children and is intended for use by individuals who are at least:

• 16 years old in the EEA; or
• 13 years old in jurisdictions where lower age limits apply under local law.

We do not knowingly collect personal data from children under these ages. If you believe a child has provided us with personal data in violation of this Policy, contact us and we will take appropriate steps to delete such data.

We take technical and organizational measures to protect personal data, including:

• End-to-end encryption of Workspace Content, as described above.
• Encryption in transit (TLS) for data between your device and our servers.
• OPAQUE (asymmetric PAKE) for password authentication; we store only an opaque verifier, not your password or a reusable hash.
• Access controls and least-privilege principles for our internal systems.
• Regular software updates, monitoring and backups.
• Contractual and confidentiality obligations for staff and service providers.

The stored opaque verifier cannot be used on its own to decrypt Workspace Content or to recover your password; a successful login still requires the password on your device to complete the PAKE exchange and derive session keys.

No system can be guaranteed to be 100% secure. You are responsible for maintaining the security of your account credentials, devices and any keys or recovery information we may provide.

We may update this Privacy Policy from time to time, for example to reflect changes in the Service, legal requirements or our data practices. When we make material changes, we will notify you by appropriate means (for example, by email or in-app notice) and indicate the effective date at the top of the Policy. Where required by law, we will seek your consent to significant changes.

For any questions, requests or concerns regarding this Privacy Policy or our data practices, contact:

Email: privacy@worklist.app

You may also use support@worklist.app for general support queries.