Privacy Policy

WCH Apps is operated from Switzerland and is responsible for the personal data processed through the WCH Apps services. For privacy requests, contact support@wchapps.com.

Some connected services, payment providers, hosting providers, and Garmin may act as independent controllers or processors for their own services. Their terms and privacy notices also apply when you use them.

• Account data, such as your email address, name, authentication provider identifiers, login state, and account timestamps.
• Watch pairing data, such as app code, platform, part number when supplied, installation identifier, pairing code metadata, pairing and unpairing timestamps, and watch authorization state.
• Task Link connection data, such as connected provider, provider account id, provider email or display name when returned, granted scopes, encrypted access tokens, encrypted refresh tokens, token expiry metadata, and reconnect state.
• Task and list data needed to provide the service, such as provider list names, task names, task ids, completion state, sections, ordering data, cursors, and action results. Task Link normally fetches this data from connected providers and returns it to the portal or watch on demand rather than storing a separate task database, but operational records, idempotency results, logs, and support/debugging records may include limited task metadata.
• Billing data, such as Stripe customer ids, subscription ids, checkout session ids, plan, billing interval, subscription status, current billing period, and payment event metadata. WCH Apps does not store full payment card numbers.
• Usage and operations data, such as monthly action counts, request ids for idempotency, rate-limit buckets, IP addresses from request headers, error logs, webhook event ids, and timestamps.
• Optional product analytics data, such as page views, UI interactions, browser and device metadata, session replay recordings with form inputs masked, client-side errors, and your account id and email when you are logged in. Client-side analytics and session replay start only after you allow analytics in the privacy choices prompt.
• Server-side security and reliability diagnostics, such as route, method, request path, render context, error information, timestamps, and limited account or request context where available. These diagnostics may be processed even if you decline optional analytics because they are needed to keep the service secure and reliable.
• Support communications and any information you choose to send when you contact us.
• Local browser data, such as authentication cookies, pairing intent cookies, connection handoff state, and theme preference stored in local storage.

Task Link is not designed to collect Garmin health, activity, biometric, GPS, or sensor data. Do not put sensitive health, financial, or emergency information in task titles if you do not want it processed by WCH Apps and the connected task provider.

• To create and secure your account.
• To pair, authorize, unpair, and troubleshoot watch app installations.
• To connect your selected task providers and refresh provider access tokens when needed.
• To load lists and tasks, update task status, perform bulk actions, and keep provider-specific behavior hidden from the watch API.
• To provide Starter and Premium plan limits, billing, checkout, subscription state, invoices, and payment-related support.
• To rate-limit abusive traffic, detect operational issues, debug failures, and keep the service reliable.
• To understand product usage, review session replays during debugging, and diagnose client-side errors when you allow optional analytics.
• To handle support, privacy, deletion, provider disconnect, and account requests.
• To comply with legal, tax, accounting, payment, security, and platform obligations.

Where Swiss data protection law, the GDPR, or similar laws apply, we process personal data on these legal bases:

• Contract necessity, when processing is needed to provide your account, watch pairing, provider connections, task sync, and billing.
• Consent, when you authorize a third-party provider connection, choose optional account sign-in methods, or allow optional client-side analytics and session replay with input masking.
• Legitimate interests, such as security, abuse prevention, rate limiting, server-side error diagnostics, debugging, service reliability, and product improvement, where those interests are not overridden by your rights.
• Legal obligation, where records must be kept for tax, accounting, dispute, fraud prevention, or compliance reasons.

When you connect Todoist, Google Tasks, Microsoft To Do, TickTick, Toodledo, or another provider, WCH Apps accesses only the scopes you authorize and uses provider data to provide Task Link features. We store encrypted provider tokens so Task Link can continue working after the initial connection, refresh access when the provider allows it, and avoid asking you to reconnect unnecessarily. We may send task status changes, bulk status changes, or future supported task actions back to that provider at your request.

WCH Apps' use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell Google user data, use it for advertising, or use it to train generalized AI models.

Disconnecting a provider in the portal removes the WCH Apps connection and clears stored token material. Where a provider supports remote token revocation, WCH Apps attempts revocation. Where it does not, you may also need to revoke access in that provider's own account settings.

WCH Apps provides web and API services used by Garmin companion apps. Any data you submit to WCH Apps or a WCH Apps companion app is submitted to WCH Apps and the connected provider, not to Garmin. Garmin is not responsible for WCH Apps' collection, use, storage, or disclosure of that data.

We do not sell personal data. We share data only as needed to run the service:

• Supabase, for authentication, database, and application data storage.
• Vercel, for hosting, deployment, logs, and request handling.
• Stripe, for checkout, subscription billing, tax, fraud prevention, and payment records.
• PostHog, for product analytics, session replay with input masking, and error tracking.
• Connected task providers, such as Todoist, Google, Microsoft, TickTick, and Toodledo, to read or update the task data you authorize.
• Garmin and Connect IQ surfaces, where needed for app distribution, installation, or platform operation.
• Professional advisers, authorities, or counterparties where required for legal, tax, accounting, security, fraud, dispute, or business-transfer purposes.

WCH Apps uses cookies and browser storage for authentication, security, pairing flow continuity, provider connection handoff, and theme preference. If you allow analytics, we also use PostHog analytics cookies and browser storage, served through a WCH Apps first-party proxy, to understand product usage, replay sessions with form inputs masked, and diagnose client-side errors. Declining analytics disables optional client-side analytics and session replay, but essential authentication, security, pairing, provider handoff, and server-side reliability diagnostics still operate. You can change or withdraw your analytics choice from the privacy choices control in the product. We do not currently use third-party advertising cookies in the product.

• Account, paired app, and active provider connection records are kept while your account is active, unless you request deletion and no legal retention requirement applies.
• Unpaired watch installation records may be retained as tombstones for analytics, abuse prevention, and support debugging. Never-paired expired watch rows are cleaned after the pairing code has been expired for more than 6 hours.
• OAuth handshake sessions are short-lived, single-use where applicable, and cleaned after they have expired or been used for more than 24 hours.
• Provider tokens are kept until you disconnect the provider, unpair the app, delete the account, or the token becomes invalid and is cleared.
• Rate-limit records are cleaned after 24 hours. Task action usage reservations are cleaned after they are finalized or released for more than 24 hours.
• Bulk task-action idempotency records are cleaned after completed requests are more than 7 days old, or pending requests are more than 24 hours old.
• Billing checkout attempt records are cleaned after checkout sessions have been expired for more than 7 days, or after checkout creation records without a Stripe session are more than 24 hours old.
• Processed, dead-lettered, or security-related webhook and Google RISC event records may be retained for up to 180 days for audit, replay, abuse-prevention, and security purposes.
• Billing and payment records may be retained for tax, accounting, chargeback, audit, and legal requirements.
• Application and hosting logs are retained only as long as reasonably needed for security, debugging, abuse prevention, and service operation, subject to processor retention settings.

We use technical and organizational measures designed to protect personal data, including HTTPS in transit, database access controls, encrypted provider token storage, short-lived OAuth sessions, rate limiting, and limited internal access. No internet service can be guaranteed to be perfectly secure.

WCH Apps is operated from Switzerland, but providers and processors may process data in other countries. Where required, we rely on appropriate safeguards such as contractual data protection terms, standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms.

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to processing of your personal data, to withdraw consent for provider connections or optional analytics, and to complain to a data protection authority. You can disconnect providers and unpair watch apps in the portal. For account deletion, data access, export, correction, objection, or other privacy requests, contact support@wchapps.com.

We may need to verify your identity before acting on a request. We may keep records where required or permitted for tax, accounting, security, fraud prevention, dispute, backup, or legal reasons.

WCH Apps is not directed to children and should not be used by anyone under 16 without a parent or legal guardian where consent is required by law.

We may update this Privacy Policy when the service, providers, legal requirements, or data practices change. The latest version will be posted on this page with the updated date.