Privacy Policy

Last updated: December 2024

Who we are

It Works ("the app", "we", "us") is operated by RESPIRA.

• Website: https://itworks.now
• Operator: RESPIRA (https://respira.cafe)
• Contact: mihai@itworks.now

What data we collect

Important: It Works is a manual tracking tool. We do not connect to your bank accounts, credit cards, payment processors, or any financial institutions. All income data is entered manually by you. We have no access to your financial accounts or transactions.

Data you provide

Account information

• Email address (required for login)
• Name (optional)

Your content

• Intentions you add to The List
• Income entries you log in The Map
• Client/source names you create
• Notes and tags you add

Important: Your List items, income entries, and client names are encrypted and accessible only to you. We cannot read, view, or analyze your personal content.

Data collected automatically

Usage data

• When you log in (for streak calculation)
• Feature usage patterns (anonymized)
• Device type and browser (for compatibility)

We do NOT collect:

• Your location
• Your contacts
• Data from other apps
• Advertising identifiers

How we use your data

We will never:

• Sell your data to anyone
• Share your personal content with third parties
• Use your data for advertising
• Train AI models on your content
• Access your income data for any purpose

Who can access your data

You — Full access to all your data, anytime.

Our team — Access to account information (email) for support purposes only. We cannot access your List items, income entries, or client names.

Service providers — Limited access for specific functions:

• Supabase (database) — encrypted storage with row-level security
• Resend (email) — email address only
• Vercel (hosting) — server logs only
• LemonSqueezy (payments) — email and subscription status only

All service providers are GDPR-compliant and bound by data processing agreements.

Data security

Your data is protected by:

• Encryption in transit (TLS 1.3)
• Encryption at rest (AES-256)
• Row-level security (only you can access your rows)
• Secure authentication (magic links, no passwords stored)
• Regular security audits

We use Supabase's row-level security policies to ensure that database queries can only return data belonging to the authenticated user.

Your rights (GDPR)

As an EU-based service, we fully comply with GDPR. You have the right to:

Access — Download all your data anytime from Settings → Export Data

Rectification — Edit any of your data directly in the app

Erasure — Delete your account and all data from Settings → Delete Account

Portability — Export your data in standard formats (JSON, CSV)

Objection — Opt out of non-essential emails in Settings → Notifications

Withdraw consent — Unsubscribe from marketing emails anytime

To exercise any right, email mihai@itworks.now or use the in-app settings.

Data retention

Active accounts: Data retained while your account exists.

Deleted accounts: All data permanently deleted within 30 days of account deletion.

Backups: Retained for 90 days for disaster recovery, then permanently deleted.

Cookies

We use minimal cookies:

We do NOT use:

• Advertising cookies
• Third-party tracking cookies
• Social media cookies

Children

It Works is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us to have it removed.

International transfers

Your data is stored in EU data centers (Supabase EU region). If data must be transferred outside the EU, we ensure appropriate safeguards (Standard Contractual Clauses).

Changes to this policy

We'll notify you of significant changes via email and in-app notice at least 30 days before they take effect. Continued use after changes constitutes acceptance.

Contact

Questions about privacy?

• Email: mihai@itworks.now
• Website: respira.cafe

For GDPR inquiries, our response time is within 30 days.