Privacy Policy

Effective date: May 24, 2026

Last updated: May 24, 2026

PomoMind.io ("Service") is operated by Honeycomb LLC ("we", "us", or "our"), a Japanese limited liability company (合同会社) with its registered office at 5-16-5 Shiba, Minato-ku, Tokyo 108-0014, Japan.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have. It applies to your use of the PomoMind.io website and any related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Information You Store Locally on Your Device

PomoMind.io is designed to keep most of your data on your own device. The following information is stored in your browser's local storage and is not transmitted to our servers:

Tasks you create in the Task List
Pomodoro session settings (focus duration, break duration, etc.)
UI preferences (theme, sound settings, volume, etc.)
Session statistics (completed pomodoros, etc.)

This data remains on your device until you clear your browser data or use the in-app reset feature. We have no access to it.

1.2 Information Collected Automatically

When you visit the Service, the following information may be collected automatically:

IP address (used by Cloudflare for security, traffic routing, and DDoS protection; truncated/anonymized by Google Analytics)
Browser type, browser version, operating system, device type, and screen resolution
Pages visited, referring URL, time spent on pages, and date/time of visit
Approximate geographic location derived from IP address (country/region level)
Anonymous user/session identifiers stored in cookies and similar technologies
For visitors arriving from Google Search: aggregated search query data, impression counts, and click-through data made available to us via Google Search Console

1.3 Information You Provide When Contacting Us

When you send us an email at the address listed in Section 12, we receive:

Your email address
Your name (if you include it)
The contents of your message and any attached files

This information is used only to respond to your inquiry and to keep a reasonable record of the correspondence.

1.4 Account Information (Future)

We plan to introduce optional user accounts in a future update. When that feature is released, we expect to collect the following information for account creation and management:

Email address
A display name (optional)
Authentication credentials (such as a hashed password, or third-party login tokens if we offer sign-in with Google or similar providers)
Session-related identifiers

The exact details will be confirmed in an updated version of this Privacy Policy, which will be published before the feature becomes available.

1.5 Payment Information (Future)

If we launch paid premium features, payment processing will be handled by Stripe, Inc. Card details (card number, expiration date, security code, etc.) are sent directly from your browser to Stripe and do not pass through, and are never stored on, our servers.

The only payment-related information we receive and retain through Stripe is limited to:

The customer and payment-method identifiers (tokens) issued by Stripe
Subscription status and transaction history
Billing email address

For details on how Stripe handles personal information, please refer to Stripe's privacy policy. When this feature is enabled, Stripe will also be added to the third-party services listed in Section 4 and to the service providers described in Section 5.2.

2. How We Use Your Information

We use the information collected for the following purposes:

To provide and maintain the Service, including the timer, task management, and meditation features
To analyze usage patterns and improve the Service (e.g., understanding which features are used most)
To monitor and improve the Service's visibility in search results (via Google Search Console)
To ensure security and prevent abuse, including DDoS protection and bot detection
To diagnose technical problems and monitor service performance
To communicate with you if you contact us (e.g., responding to support inquiries)

We do not sell your personal information to third parties.

3. Cookies and Similar Technologies

We use cookies, local storage, and similar tracking technologies to operate the Service.

3.1 Strictly Necessary

These are required for the Service to function. They include local storage entries that hold your task list, settings, and preferences. The Service will not work correctly without them.

3.2 Analytics Cookies (Google Analytics)

We use Google Analytics, a web analytics service provided by Google LLC, to understand how users interact with the Service. Google Analytics uses cookies and similar identifiers to collect information such as the pages you visit, the time spent on each page, and your approximate geographic location.

IP addresses are processed by Google Analytics in a truncated/anonymized form. Information collected is transmitted to and stored by Google on servers that may be located outside Japan, including in the United States.

You can prevent Google Analytics from using your information by installing the Google Analytics Opt-out Browser Add-on.

3.3 Search Performance (Google Search Console)

We use Google Search Console to monitor how the Service performs in Google Search results. Google Search Console provides us with aggregated, non-personally-identifiable data such as which search queries lead to our site, impression counts, click-through rates, and crawl status. We do not receive information that identifies individual users through Google Search Console.

3.4 Security and Performance (Cloudflare)

We use Cloudflare, Inc. as our content delivery network and security provider. Cloudflare may set cookies (such as __cf_bm and cf_clearance) to identify trusted web traffic, block malicious requests, and improve performance. These cookies do not store personal information beyond what is needed for security purposes.

Cloudflare's privacy practices are described at https://www.cloudflare.com/privacypolicy/.

3.5 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can usually:

View what cookies are stored
Delete existing cookies
Block cookies from specific sites or all sites
Set the browser to notify you when a cookie is being set

Please note that disabling cookies may affect the functionality of the Service. Disabling local storage will prevent the Service from saving your tasks and settings between sessions.

4. Third-Party Services and External Data Transmission

In accordance with Article 27-12 of Japan's Telecommunications Business Act (改正電気通信事業法外部送信規律), we disclose the following information about third-party services that may receive information from your device when you use the Service:

Service	Provider	Information Transmitted	Purpose	Privacy Policy
Google Analytics	Google LLC (USA)	IP address (anonymized), browser/device info, page URLs, referrer, anonymous client ID	Web traffic analysis	Link
Google Search Console	Google LLC (USA)	Information provided by Google's search crawler (Googlebot); aggregated search query data accessible to us	Search performance monitoring	Link
Cloudflare	Cloudflare, Inc. (USA)	IP address, browser/device info, request headers	CDN, security, DDoS protection	Link

This list will be updated whenever we add or remove third-party services.

5. Disclosure of Personal Information to Third Parties

As a matter of principle, we do not disclose your personal information to any third party without your prior consent, except in the cases described in this section. This section corresponds to our obligations under Article 27 of Japan's Act on the Protection of Personal Information (個人情報保護法).

5.1 Cases Where We May Disclose Without Prior Consent

We may disclose your personal information without obtaining your prior consent in the following limited cases:

When required or permitted by law (including responses to lawful requests from courts, law enforcement, or other governmental authorities)
When necessary to protect a person's life, body, or property, and it is difficult to obtain your consent
When particularly necessary for improving public health or promoting the sound growth of children, and it is difficult to obtain your consent
When cooperating with a national or local government agency carrying out duties prescribed by law, where obtaining your consent risks impeding those duties
In connection with a merger, acquisition, reorganization, or sale of business assets, in which case the receiving entity will be required to honor commitments made in this Privacy Policy

5.2 Outsourcing to Service Providers (業務委託)

We may entrust the handling of personal information to third-party service providers (such as the analytics, CDN, and infrastructure providers listed in Section 4) to the extent necessary to operate the Service. In such cases, we select providers that meet appropriate security standards and supervise them as required by applicable law. Disclosure to such providers, when limited to the purpose of operating the Service on our behalf, is not treated as third-party provision under Japanese law.

5.3 No Sale of Personal Information

We do not sell your personal information for monetary or other valuable consideration.

5.4 Joint Use (共同利用)

We do not currently engage in joint use (共同利用) of personal information with any third party. If we begin to do so in the future, we will update this Privacy Policy in advance with the items required by law (the items of information shared, the scope of users, the purpose of use, and the name of the party responsible for management).

6. International Data Transfers

Honeycomb LLC is based in Japan. The third-party services we use (Google Analytics, Google Search Console, Cloudflare) may transfer and process information outside of Japan, including in the United States and other countries. These transfers are governed by the privacy policies of the respective providers, who implement appropriate safeguards (such as Standard Contractual Clauses for transfers from the EEA/UK).

7. Data Retention

Local storage data remains on your device until you clear it or until you use a feature that clears it. We have no control over this data.
Google Analytics data is retained according to the retention period configured in our Google Analytics account (currently set to 14 months).
Google Search Console data is retained by Google according to Google's policies (typically 16 months of historical performance data).
Cloudflare logs are retained by Cloudflare according to its standard log retention policies.
Inquiry emails received via our contact email are retained for as long as needed to respond and to keep a reasonable record of the correspondence (typically up to 3 years, after which they are deleted unless there is a legitimate reason to retain them longer).

8. Your Rights

Depending on where you live, you may have the following rights regarding your personal information:

8.1 General Rights

Right to access: You can request information about what personal data we hold about you.
Right to correction: You can request that we correct inaccurate data.
Right to deletion: You can request that we delete your personal data, subject to legal exceptions.
Right to object: You can object to certain types of processing.
Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise these rights, please contact us at the address listed in Section 12.

8.2 Visitors from the European Economic Area (EEA), UK, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent laws, including:

The right to data portability
The right to lodge a complaint with your local data protection authority

The legal bases on which we process your information include: (a) your consent, (b) our legitimate interests in operating and improving the Service, and (c) compliance with legal obligations.

8.3 Visitors from California, USA (CCPA / CPRA)

If you are a California resident, you have the right to:

Know what personal information is collected about you
Request deletion of personal information
Opt out of the "sale" or "sharing" of personal information

We do not sell personal information in the traditional sense, but the use of advertising and analytics cookies may be considered "sharing" under California law. You can manage these via your browser settings.

8.4 Visitors from Japan (個人情報保護法)

If you are located in Japan, you have rights under the Act on the Protection of Personal Information (個人情報保護法), including disclosure (開示), correction (訂正), suspension of use (利用停止), and deletion (削除) of your retained personal data (保有個人データ). Requests can be made via the contact information in Section 12.

9. Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in jurisdictions where that is the applicable threshold). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.

10. Security Measures

We take reasonable technical, organizational, physical, and personnel measures to protect the personal information we process. While our organization is small, we apply the following measures proportionate to the nature and scope of the data we handle.

10.1 Technical Measures

All traffic to and from the Service is encrypted using HTTPS (TLS).
We rely on Cloudflare for network-level security, including DDoS protection, web application firewall, and bot management.
Production systems and administrative interfaces are protected by access controls, including authentication and authorization mechanisms appropriate to the service.
Software dependencies are kept up to date, and known security vulnerabilities are addressed in a timely manner.

10.2 Organizational Measures

The number of personnel with access to systems handling personal information is kept to the minimum necessary.
Internal rules for handling personal information are reviewed periodically.
Records of incidents and inquiries are maintained.

10.3 Physical Measures

The Service is operated on cloud infrastructure provided by reputable third parties; we do not operate self-managed physical servers.
Devices used to administer the Service are protected by screen locks, full-disk encryption (where supported), and reasonable physical safeguards.

10.4 Personnel Measures

Anyone with access to personal information is required to handle that information in accordance with this Privacy Policy and applicable law.

10.5 Data Breach Response

If a data breach occurs that creates a risk to the rights or interests of users, we will respond in accordance with applicable law. This may include notifying the affected users and the relevant supervisory authorities (such as Japan's Personal Information Protection Commission, or, for users in the EEA, the relevant data protection authority within 72 hours where required by the GDPR).

However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes (such as the introduction of user accounts, premium features, or new third-party services that affect data handling), we may also notify users through an in-app message or other prominent notice. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Operator: Honeycomb LLC (合同会社ハニカム)
Address: 5-16-5 Shiba, Minato-ku, Tokyo 108-0014, Japan
Responsible person: Taisuke Waragai
Email: [email protected]

We aim to respond to inquiries within 2–3 business days.