Privacy Policy

Reminders is operated by Very Simple Systems. In this Privacy Policy, “Very Simple Systems,” “we,” “us,” and “our” refer to the operator of Reminders. This Privacy Policy explains how we collect, use, and protect your information when you use the Reminders service.

1. Information We Collect

We collect the following categories of information:

• Account profile: Your name and email address provided at registration or onboarding.
• Email address: Used to authenticate you and send reminder notifications and billing communications.
• Verified phone number: Collected when you choose to enable SMS reminders. Only US/Canada (+1) numbers are supported. Your phone number is stored after you verify it via a one-time SMS code.
• Reminder content: Titles, due dates, reminder schedule and notification preferences, repeat settings, and optional notes you enter when creating or editing reminders.
• Notification preferences: Whether you have enabled email, SMS, and/or backup contact follow-up for each reminder.
• Backup contact information:Name, email address, and privacy-level setting for any backup contact you nominate. We store only what you provide. We do not verify the backup contact's identity or consent independently; you confirm that consent before saving.
• Payment and billing identifiers: Stripe customer ID and Stripe subscription ID. We do not store full payment card numbers or CVCs. Payment processing is handled by Stripe.
• Operational logs: Structured service logs used to diagnose issues and monitor service health (see Section 8).
• Notification delivery records: Provider message IDs, send timestamps, and delivery status updates received from Resend (email) and Twilio (SMS).
• Legal acceptance records: Timestamp and version identifier when you agree to our Terms, Privacy Policy, Refund Policy, and Disclaimer before checkout.

2. How We Use Your Information

We use the information we collect to:

• Authenticate your account and provide access to the service.
• Schedule, queue, and deliver reminder notifications by email and SMS.
• Notify a backup contact when you have not responded to a reminder.
• Process payments and manage your subscription or one-time purchases through Stripe.
• Send billing-related communications (subscription activated, payment failed, cancellation confirmed).
• Diagnose issues and monitor service health.
• Comply with applicable legal obligations.

We do not sell your personal information. We do not use reminder content for marketing or advertising purposes.

3. SMS and Email Notification Processing

Reminder notifications are sent by our third-party service providers (see Section 7). Email is sent via Resend; SMS is sent via Twilio. Each provider receives only the information needed to deliver the specific notification: your email address or phone number, and message content. Delivery records (send status, timestamps, provider message IDs) is stored in our database for operational monitoring.

SMS is limited to US and Canada (+1) numbers. You must verify your phone number before SMS reminders are sent. SMS delivery is not guaranteed and may fail due to carrier filtering, network issues, or other factors outside our control.

4. Backup Contact Processing and User Consent

If you enable a backup contact for a reminder, we store their name, email address, and the privacy level you select. If you do not respond to a reminder after the follow-up window, we send a backup contact email to that address on your behalf. The backup contact email content varies based on your chosen privacy setting (Full Details, Limited Details, or Generic).

You are responsible for ensuring your backup contact has agreed to receive these emails. We do not independently verify backup contact consent.

5. Phone Verification

To enable SMS reminders, you must verify a US/Canada phone number. We send a one-time verification code via Twilio SMS. We store a hash of the code for verification purposes and discard the raw code after verification. We do not store the OTP/code itself. Your verified phone number is stored on your account profile.

6. Payment Processing Through Stripe

Checkout and subscription management are handled by Stripe. When you complete a checkout, Stripe processes your payment and notifies us of the result. We store Stripe customer and subscription identifiers on your account so we can link payment events to your account. We do not receive or store your full card number, expiry, or CVV. Stripe's privacy practices are governed by Stripe's own Privacy Policy.

7. Service Providers and Processors

We rely on the following third-party service providers to operate Reminders:

• Supabase: Database hosting and authentication. Your data is stored in a Supabase-managed Postgres database.
• Vercel: Application hosting and serverless compute for the Next.js web application.
• Stripe: Payment processing for Plus subscriptions and Priority Reminder one-time purchases.
• Twilio: SMS delivery for reminder notifications and phone number verification.
• Resend: Email delivery for reminder notifications and billing/account communications.

Each provider is subject to its own privacy policy and data processing terms. We share only the minimum information required for each provider to perform its function.

8. Operational Logging

We maintain structured operational logs to diagnose issues and monitor the service. These logs include:

• Log names, such as reminder created, checkout started, or phone verified.
• Severity level (debug, info, warn, error).
• Timestamps and optional correlation IDs for grouping events in a single request.
• Sanitized operational details are redacted before storage. We do not intentionally log OTPs, full phone numbers, raw note content, full backup contact details, raw payment information, or raw auth tokens.
• Hashed IP and user-agent values for anomaly detection. Raw IP addresses and user-agent strings are not stored.

Retention:

• Debug and info severity logs are purged after 90 days.
• Warn and error severity logs are purged after 180 days.
• A hard backstop deletes any log older than 180 days regardless of severity.

Operational logs are accessible only to administrators through our internal admin panel. Normal authenticated users have no access to these logs.

9. Data Retention and Deletion

We retain your data as follows:

• Active reminder data is retained while your account is open.
• Completed and expired one-time reminders expire 8 days after their due date and are soft-deleted after 90 days.
• Notification logs are retained for operational monitoring.
• When you delete your account, your user record and associated reminders, preferences, and notification data are deleted through database cascade. Stripe event records are retained with your user identifier anonymised.

You can export your data at any time from the Settings page before deleting your account.

10. Security

We take reasonable technical and organisational measures to protect your information, including encrypted database connections, row-level security policies in Supabase, and HMAC-based phone verification. However, no internet service is completely secure. We cannot guarantee absolute security of your information.

11. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal information. You can:

• Update your profile name from the Settings page.
• Export your data from the Settings page.
• Delete your account from the Settings page.
• Contact us at privacy@verysimple.systems to make a request regarding your personal information.

12. International Data Processing

Very Simple Systems is based in Canada. Your data is processed on infrastructure hosted by Supabase and Vercel, which may involve servers in the United States and other jurisdictions. By using Reminders, you consent to this processing.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice where reasonably practicable. Continued use after changes take effect constitutes acceptance of the updated Policy.

14. Contact

For privacy-related questions or requests, contact us at privacy@verysimple.systems or support@verysimple.systems.