STRIKE Precision productivity
Legal overview Back to site
English

STRIKE – Privacy Policy (EN)

Mirrored from the current STRIKE app legal source for web hosting.

STRIKE – Privacy Policy (EN)

Last updated: 14th of December 2025

"STRIKE" ("the App", "we", "us") is a productivity application developed and operated by OniLink UG (haftungsbeschränkt). We are committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights under applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

---

1. Data We Collect

We only collect data necessary to operate the App and provide our services:

• Account Information: email address, encrypted password. If you sign in with Apple, we receive your Apple ID email (or a private relay email if you choose to hide your email) and a unique identifier.
• Productivity Data: strikes, campaigns/projects, labels, completion status, countdown timers and session tracking (duration, completion rate, interruptions), auto-mapping results, recurring patterns, and activity logs.
• Device Information: device type, manufacturer, model, OS version and SDK level, app version, settings, crash logs, and diagnostic data (for support and troubleshooting).
• Purchase Information: subscription status and purchase history (processed via Stripe).
• Import Data: When using Full Command tier features, you may authorize access to Google Tasks, Google Calendar, Apple Reminders, or Apple Calendar. We request the following OAuth scopes from Google: tasks, tasks.readonly, calendar, calendar.readonly, calendar.events. For Apple services, we request EventKit permissions to read reminders and calendar events. Imported data is stored in your STRIKE account and not synced back to the original services.

We do not collect location data, advertising identifiers, camera/microphone access, or sell your data to third parties.

---

2. How We Use Your Data

We use your data only for:

• Operating the App (saving and syncing strikes, projects, and settings).
• Authentication and account security.
• Providing optional features (analytics dashboards, notes, countdown timers, auto-mapping, recurring patterns).
• Payment processing and subscription management.
• Responding to support requests.
• Crash reporting and performance monitoring (via Firebase Crashlytics & Analytics) to improve app stability and user experience.
• Processing imported data from Google Tasks, Google Calendar, Apple Reminders, or Apple Calendar (Full Command tier only).

We do not use your data for targeted advertising or behavioral marketing.

---

3. Third-Party Services

We use limited third-party providers:

• Supabase (hosting & backend): stores account and productivity data (encrypted in transit and at rest), provides authentication, real-time sync. Data may be stored on servers in the EU and other jurisdictions. [https://supabase.com/privacy]
• Firebase (Google): Crashlytics for crash reporting, Analytics for usage statistics. These services may collect device and usage data. Crash data is retained according to Firebase's retention policies (typically 90 days for detailed logs, longer for aggregated data). [https://firebase.google.com/support/privacy]
• Google APIs (Full Command tier): OAuth-based access to Google Tasks and Google Calendar for importing your data. We request specific scopes: tasks, tasks.readonly, calendar, calendar.readonly, calendar.events. Your Google credentials are never stored on our servers. [https://policies.google.com/privacy]
• Apple EventKit (Full Command tier, iOS/macOS): Read-only access to Apple Reminders and Apple Calendar for importing your data. Access requires your explicit permission. [https://www.apple.com/legal/privacy]
• Stripe: handles payments and subscription status for web users. Your financial data is processed securely by Stripe and never passes through our servers. [https://stripe.com/privacy]
• Google Fonts: may connect to Google servers to download fonts, which could log your IP address.
• Local Notifications: processed on your device only, not sent to our servers.

---

4. Data Retention

• Your account remains active indefinitely unless you request deletion.
• Strike data (tasks, projects, campaigns) is automatically deleted after 2 years of inactivity to keep your workspace fresh.
• Countdown session data and analytics metrics are retained for the duration of your account.
• Purchase records are kept as required by law (e.g. tax obligations, typically 10 years in Germany).
• Crash logs are retained for up to 90 days (detailed) or longer in aggregated/anonymized form.
• Imported data from Google or Apple services is stored in your STRIKE account and follows the same retention policies as other productivity data.

---

5. Your Rights

Under GDPR you have the right to:

• Access your personal data (Art. 15 GDPR)
• Correct inaccurate data (Art. 16 GDPR)
• Request deletion of your data (Art. 17 GDPR)
• Restrict or object to processing (Art. 18, 21 GDPR)
• Request data portability (Art. 20 GDPR)
• Withdraw consent at any time (Art. 7 GDPR)

To exercise your rights:
• Delete all data: App > Command Suite > Settings > Danger Zone > Delete All Data (two-step confirmation required)
• Export your data: Use CSV export feature in the app
• Revoke Google/Apple access: Manage permissions in your Google Account or iOS/macOS Settings
• Other requests: Contact us at strike@onilink.org

---

6. Security

We take appropriate technical and organizational measures to protect your data, including:
• Encryption in transit (HTTPS/TLS) and at rest (database-level encryption via Supabase)
• Row-Level Security (RLS) policies to ensure users can only access their own data
• OAuth 2.0 with PKCE for secure authentication
• Secure password storage (bcrypt hashing)
• Access controls and audit logging

However, no system is 100% secure, and we cannot guarantee absolute protection against all threats.

---

7. International Data Transfers

Supabase and Firebase may store and process data on servers located in the EU and/or other jurisdictions. Where data is transferred outside the EU/EEA to countries without an adequacy decision, appropriate safeguards are applied:
• Standard Contractual Clauses (SCCs) approved by the EU Commission
• Data Processing Agreements (DPAs) with service providers
• Additional technical and organizational measures to ensure data protection

For Google services, transfers are governed by Google's Data Processing Terms and applicable SCCs.

---

8. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us:

OniLink UG (haftungsbeschränkt)
Niovi Ioannidi
Nikopoler Str. 35
01619 Zeithain
Germany

Commercial Register: HRB 47126, Amtsgericht Dresden
Email: strike@onilink.org

You also have the right to lodge a complaint with your local data protection authority.

---

View this document online: https://www.onilink.org/strike-legal