Privacy Policy
Effective: 17 February 2026 · Last updated: 17 February 2026
This Privacy Policy explains how CheckCheckNext ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our web application at checkchecknext.com (the "Service"). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
[Your Name]
Email: [[email protected]]
2. Age Restriction
CheckCheckNext is intended for users aged 16 and over, in accordance with GDPR Article 8. We do not knowingly collect personal data from anyone under 16. If we become aware that we have collected data from a person under 16, we will delete it promptly.
3. Data We Collect
We collect and process the following categories of personal data:
Account Data
- Display name, email address, and profile avatar provided by your OAuth provider (Google, Facebook, or X)
- OAuth provider identifier
App Content
- Events you create (titles, descriptions, dates, locations, budgets)
- Categories and custom fields you define
- Shares and collaboration settings
AI Data
- Conversations with the AI assistant
- AI memories and corrections used to personalise your experience
Authentication Data
- A single JWT authentication cookie used to keep you signed in
- Refresh tokens stored securely in our database
Cloudflare Analytics
Our hosting provider, Cloudflare, collects basic analytics data (page views, country of origin, browser type). This data is aggregated, does not use cookies, and does not contain personally identifiable information.
4. Legal Basis for Processing (GDPR Art. 6)
We process your personal data on the following legal bases:
- Consent (Art. 6(1)(a)): You consent to data processing when you sign in with an OAuth provider and agree to this Privacy Policy.
- Contract (Art. 6(1)(b)): Processing is necessary to provide you with the Service as described in our Terms of Use.
- Legitimate Interest (Art. 6(1)(f)): We process minimal data for security, fraud prevention, and service improvement, balanced against your rights and freedoms.
5. How We Use Your Data
We use your personal data to:
- Create and manage your account
- Store and display your events, categories, and other content
- Provide AI-powered features including natural language event parsing, insights, and personalised suggestions
- Enable sharing and collaboration with other users
- Authenticate your sessions and protect your account
- Improve and maintain the Service
6. Third-Party Data Sharing
We share data with the following third parties only as necessary to operate the Service:
| Provider | Data Shared | Purpose |
|---|---|---|
| OAuth tokens | Authentication | |
| Facebook (Meta) | OAuth tokens | Authentication |
| X (Twitter) | OAuth tokens | Authentication |
| Cloudflare | All service data (hosting) | Hosting, CDN, AI processing, database |
We do not sell your personal data to any third party. We do not use third-party advertising or tracking services.
7. Data Retention
We retain your personal data for as long as your account is active. When you delete your account, all associated data -- including events, categories, custom fields, shares, AI conversations, and AI memories -- is permanently deleted from our database immediately. There is no recovery period.
8. Cookies
CheckCheckNext uses a single, strictly necessary cookie:
- Authentication cookie (JWT): A secure, HTTP-only cookie that keeps you signed in. This cookie is essential for the Service to function and does not require consent under GDPR.
We do not use analytics cookies, advertising cookies, or any other tracking cookies.
9. International Transfers
Your data is processed and stored on Cloudflare's global network, which includes servers both inside and outside the European Economic Area (EEA). Cloudflare participates in the EU-U.S. Data Privacy Framework (DPF) and maintains appropriate safeguards for international data transfers, including Standard Contractual Clauses where required.
10. Your Rights Under GDPR
As a data subject, you have the following rights under GDPR:
- Right of Access (Art. 15): Request a copy of the personal data we hold about you.
- Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
- Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
- Right to Restriction (Art. 18): Request that we restrict the processing of your personal data.
- Right to Data Portability (Art. 20): Request your data in a structured, commonly used, machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interest.
- Right to Withdraw Consent (Art. 7(3)): Withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact us at [[email protected]]. We will respond within 30 days.
11. Data Deletion
You can request the complete deletion of your account and all associated data at any time. To do so:
- Send an email to [[email protected]] from the email address associated with your account.
- Include "Account Deletion Request" in the subject line.
- We will verify your identity and process the deletion within 30 days.
Upon deletion, we permanently remove all of your data from our systems, including: your user profile, all events, categories, custom fields, shares, AI conversations, AI memories, and authentication tokens. This action is irreversible.
12. Supervisory Authority
If you believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority. You may contact the data protection authority in your country of residence, your place of work, or the place of the alleged infringement. In the UK, the relevant authority is the Information Commissioner's Office (ICO) at ico.org.uk.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our practices or for legal, regulatory, or operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically.
14. Contact
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: [[email protected]]