RoutineHQ logoRoutineHQ

Privacy Policy

Last updated: 20 November 2025

RoutineHQ ("we", "us", "our") provides a web application that helps you create and run repeatable routines and checklists.

We are committed to protecting your privacy and processing your personal information responsibly and transparently.

This Privacy Policy explains what information we collect, how we use it, and the rights you have under POPIA (South Africa), GDPR (EU/UK) and similar data protection laws.

1. Information we collect

1.1 Information you provide to us

  • Account information: your name, email address and password (stored securely using industry-standard hashing).
  • Routine data: titles, steps, notes, categories, run history and related metadata.
  • Support requests: emails or messages you send to us.
  • Payment information: handled securely by Paystack. We do not store your card details.

2. Information we collect automatically

When you use RoutineHQ, we may collect:

  • Device data: browser type, operating system and screen size.
  • Usage data: pages viewed, buttons clicked, time spent in the app.
  • Log data: IP addresses (used temporarily for security and fraud prevention).

This is used to improve the product and ensure security.

3. How we use your information

We use your personal information to:

  • Provide and improve the RoutineHQ service.
  • Sync and store your routines, steps and run history.
  • Send onboarding or product emails (you may unsubscribe at any time).
  • Provide customer support.
  • Process subscription payments via Paystack.
  • Comply with legal obligations.

We do not sell your data or share it with advertisers.

4. Legal bases for processing (GDPR/UK GDPR)

We process your data on the following bases:

  • Contract: to provide the RoutineHQ service you signed up for.
  • Legitimate interests: product analytics, fraud prevention, service improvement.
  • Consent: marketing emails (unsubscribe any time).
  • Legal obligation: tax or payment record-keeping.

5. Data storage and security

Your data is stored securely using Supabase (PostgreSQL) hosted in modern cloud infrastructure with:

  • Encryption in transit (TLS)
  • Encryption at rest
  • Row-level security and strict access controls
  • Regular backups and database safeguards

Only you can access your routines unless you explicitly share them.

6. Data sharing

We share data only with trusted third-party processors necessary to run the service:

  • Supabase (database, authentication, file storage)
  • Paystack (payments)
  • Email provider (e.g. Brevo/SendGrid/ConvertKit)

Each provider complies with modern data protection standards.

7. International transfers

Where services operate outside your country, we ensure appropriate protections exist (SCCs, POPIA safeguards or equivalent).

8. Data retention

We keep your data:

  • For as long as you have an active RoutineHQ account.
  • For up to 90 days after deletion (backups).
  • Payment records may be kept longer where required by law.

9. Your rights

Under GDPR/POPIA you have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Object to processing
  • Export your data (data portability)
  • Withdraw consent (for emails)

You can exercise these rights by contacting us at support@myroutinehq.com.

10. Deleting your data

You may permanently delete your account by contacting us or following the Data Deletion Policy at /data-deletion.

All routines, run history and identifying information will be removed.

11. Changes to this policy

We may update this Privacy Policy. The "Last updated" date will reflect any changes.

12. Contact us

For privacy or data requests:

📧 support@myroutinehq.com

RoutineHQ – South Africa