Privacy Policy

Waitlist (planner waitlist form): If you join the waitlist, we collect the email address you submit, an optional label indicating where you signed up (for example "planner-waitlist"), and optional interest in a template slug if you arrived from a template link. We use a technical identifier derived from your connection (for example IP address) only for abuse prevention and rate limiting. Waitlist submissions are delivered to us using Resend (email infrastructure); Resend processes the message content (including your email) as our service provider.

You may also provide information when you use other parts of the service, such as:

• Account information (name, email address, password) if you register
• Profile information (for example profile picture, preferences)
• Content you create (checklists, boards, planners, items)
• Inputs used for AI-assisted features (topics, prompts, preferences) and associated generated content
• Communication data (support requests, feedback)
• Payment-related information only if we offer paid features in the future—typically handled only by payment processors, not stored as full card numbers on our servers

We also automatically collect certain information when you use the service:

• Device and connection information (IP address, browser type, operating system)
• Usage data (pages visited, features used, approximate timing)
• Cookies and similar technologies (see the cookies section)
• Log files and security-related data
• Where we use Google reCAPTCHA on forms, Google may collect hardware and software signals subject to Google's policies

We use personal information for purposes that are reasonably necessary for our functions, including to:

• Provide, maintain, and improve the service
• For waitlist signups: record your interest, send you access-related messages when the preview opens or changes (we do not use the waitlist for general marketing unless we obtain separate consent where the law requires it)
• Process transactions and send related notices if paid features exist at the time
• Send technical notices and respond to questions
• Monitor usage in aggregate to understand how the product is used
• Detect, prevent, and address abuse, security issues, and technical faults
• Comply with legal obligations and enforce our terms
• Send optional marketing only where you have agreed or the law allows

Australian Privacy Principles: We collect and hold personal information that is reasonably necessary for our activities. Where we rely on consent (for example optional communications), you may withdraw consent subject to law and practicality.

European residents (GDPR): If the GDPR applies to you, we may process data based on contract, consent, legitimate interests, or legal obligation as appropriate. Nothing in this Policy limits GDPR rights where they apply.

We use reasonable technical and organisational measures to protect personal information, including transport encryption, access controls, and secure hosting practices. No online service is perfectly secure; you use the service at your own risk as described in our Terms.

We do not sell your personal information. We may disclose information only as reasonably required:

• With your consent
• To comply with law, court orders, or lawful requests from authorities
• To protect rights, safety, and integrity of users and the service
• To service providers who assist us (for example hosting on Vercel, email delivery via Resend, authentication or analytics providers, AI providers where you use AI features)
• In connection with a merger, acquisition, or asset sale, subject to continued protection of information
• With other users where you use collaborative features

Overseas disclosure: Some providers may store or process data outside Australia (for example in the United States or the European Union). Where APP 8 applies, we take steps that are reasonable in the circumstances to ensure overseas recipients handle information in line with Australian privacy law, except where an exception applies.

Google reCAPTCHA: Where used, processing is subject to Google's Privacy Policy and Terms of Service.

Where the product uses AI or automation, we may:

• Process inputs you provide to generate or refine content
• Send inputs or context to third-party AI providers under their terms and our configuration; those providers process data as subprocessors
• Store outputs and related metadata to operate and improve the service

We do not intentionally use your personal information to train third-party foundation models for unrelated purposes unless you consent or law permits. For limitations on relying on AI output, see our Terms of Service.

Under the APPs you may request access to the personal information we hold about you, and ask us to correct information that is inaccurate, out of date, incomplete, irrelevant, or misleading (where those grounds apply under the Privacy Act). We will respond within the timeframes and limits the law requires; for straightforward requests we aim to reply within about 30 days, but complex requests can take longer or may be handled partly under lawful exceptions.

If you have a privacy concern, contact us first at contact@checkolo.com. If we cannot resolve it with you, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

This site is oriented to Australian privacy law. If you live elsewhere and believe another law applies to how we handle your information, email us with enough detail for us to assess your request; we will respond in good faith where we can identify and act on it.

We use cookies and similar technologies for essential operation, preferences, analytics where enabled, and marketing cookies only where consent or law allows. You can control cookies through your browser; blocking some cookies may limit features.

We keep personal information only as long as needed for the purposes in this Policy, including legal, accounting, or reporting requirements. Waitlist: we retain your email and related metadata for the preview period and reasonable follow-up, or until you ask us to delete it, whichever comes first unless we must keep it longer by law.

When you delete an account where that feature exists, we delete or de-identify personal information except where retention is required or permitted by law.

The service is not directed at children under 18 in Australia without appropriate parental involvement. We do not knowingly collect personal information from young people in a way that conflicts with applicable law. If you believe a child has provided personal information inappropriately, contact us and we will take reasonable steps to delete it.

If we become aware of unauthorised access, disclosure, or loss of personal information that is likely to result in serious harm, we will assess the incident under the Notifiable Data Breaches scheme and, where required, notify affected individuals and the OAIC in accordance with the Privacy Act.

We may update this Policy from time to time. We will revise the "Last updated" date and, for material changes, use reasonable efforts to notify you (for example a notice on the site or email where we have your address).