Effective Date: Nov 1, 2020
Thank you for using Todo Master products and services. We respect your privacy and are committed to protecting it through our compliance with this Policy.
Todo Master is an online integration platform (the “Platform”) which provide services including but not limited to allowing users to connect different apps to another with a series of steps without coding are collectively referred to herein as the service (“Services”).
The Services are provided or controlled by (i) Todo Master, a business entity incorporated in Singapore.
Please read the following carefully to understand our approach and practices regarding the processing of your personal data.
How Does This Policy Apply?
Under applicable data protection laws, a party is either considered to be a controller or a processor of data. This is a factual assessment and is determined based on the role and activities of the relevant parties.
(i) If you are using the Services as an individual
If you use the Platform to create a Personal Account or are an individual who has been invited to join a Workplace used for personal not business purposes (a “Personal Workplace”) (collectively an “Authorized User”) or are an individual who has been invited to access the Services without an account (an “Individual User”), we will be the controller of the following categories of data:
- Account Data
- Administrative Data
- Workplace Data
- Interactions Data
- Third Party Data
Types of Data We Use
We may collect and use the following types of data when you access the platform or use the Services:
Account Data. You, may give us data regarding the creation or activation of your account on the Platform, including your name,, and your email address, passwords, password hints, and similar security information used for authentication and account access when you access the Platform or use the Services, If you only browse and search the introduction of Todo Master products, functions and services displayed on our website or if you are an Individual User, you do not need to register as a Platform user and provide the above information.
Workplace Data. We process the content you generate on the Platform and with the Services, including:
- details of relevant Trello, Asana, Google Tasks and any other apps accounts;
- the nature of the integration which includes the steps configured on Todo Master platform;
- search queries and commands when you use the Services with search or related productivity functionality;
Administrative Data. We process data as necessary to administer and provide the Services. This data includes:
- usage, viewing and technical data, including your IP address and log data of how you use the Services such as your online status, your last updated status, your use of Services features e.g. your last integration steps created ), details of application crashes and other system activity, operating system and platform, battery, and signal strength;
- data regarding your communications with us, for example, when you provide us with feedback or contact us with a question or comment through our chat or email services (including on social media);
- if you purchase a paid for version of the Services, billing details such as credit card information, banking information and/or a billing address;
In order to bring you a better product and service experience, we are constantly working to improve our technology, and we may introduce new or optimized features from time to time. We will explain to you the purpose, scope, and use of the data and information by updating this Policy, pop-ups, page prompts, etc. We will always seek your consent to collect and use any additional information and data in relation to such new features. If you have any questions, comments or suggestions, you can contact us at email@example.com. We will answer your questions as soon as possible.
How We Use Information
We may use ,process, and disclose to third parties (only to the extent necessary), Account Data, Administrative Data, Business Workplace Data (including data accessed through your use of a Third Party Integration with Todo Master such as Asana, Trello and Google Tasks), Interactions Data and Third Party Data to allow your access to and use of the Platform and the Services. Without prejudice to the purposes already set out above, we may use, process and/or disclose your personal data for the following purposes including:
- To operate our products and provide you with rich, interactive experiences.
- To respond to, handle, and to process queries, requests, applications, complaints, and feedback from you.
- To enable us to administer, operate, and provide the Services.
- To verify your identity, authenticate you as a user and provide you with access to the Platform.
- To ensure that you are old enough to use our Platform (as required by law).
- To manage your relationship/account with us.
- To allow you to participate in interactive features of the Platform, when you choose to do so, including to enable you to create, edit, modify and share content on the Platform and interact with other users.
- To provide you with user support.
- To help improve the security and reliability of Todo Master services. This includes detecting, preventing and responding to fraud, abuse, security risks and technical issues that may harm Todo Master, our users or the public. To continually improve our Platform, Services and products, including adding new features or capabilities.
- To comply with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority.
- To notify you with service messages about changes to our Platform or Services and otherwise communicate with you; subscribe you to newsletters, and manage your subscriptions and preferences; call you or e-mail you with updates and marketing as described in this statement; evaluate our marketing campaigns and sales opportunities. These marketing messages you can control whether you receive them and you can opt out of marketing or advertising emails by utilizing the “unsubscribe” link or mechanism noted in marketing or advertising emails.
- To enforce our terms, conditions and policies.
- To fulfil any other purposes for which you have provided the data.
- To transmit to third parties including our business partners, third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in US or abroad, for the aforementioned purposes.
- To fulfil other incidental business purposes related to or in connection with the above.
We may also process Administrative Data in furtherance of our legitimate business interests. In this regard, we will be processing the Administrative Data:
- To ensure content from the Services is presented in the most effective manner for the Services and any device used.
- To keep the Services safe and secure (including verifying accounts and activity).
- To help secure and troubleshoot our products
- For internal operations relating to the Services, including troubleshooting, data analysis, testing, research, statistical, and survey purposes.
- To develop and improve the Services. We use data for analysis and evaluation to understand how the Services are being used.
If we stop operating the services of this Services, we will stop collecting your personal data, notify you in the form of announcement 30 days in advance, and delete or anonymize your personal data possessed by us according to applicable laws.
How We Share Your Personal Data
In order to provide the Services to you, we may disclose your personal data (including data which you choose to share with us through Third Party Integrations with Todo Master Email such as Asana, Trello and Google Tasks) with the following selected third parties including without limitation to those who may be processing your personal data on our behalf for one or more of the purposes stated above and herein:
Service Providers and Authorized third-party vendors
We may disclose your personal data to service providers who support our business, such as cloud service providers and other technology and authorized third-party vendors (wheresoever located and only to the extent necessary). These service providers and vendors help us provide, administer and support the Services, including research, payment processing and transaction fulfillment, database maintenance, technology services, deliveries, email deployment, advertising, analytics, measurement, data storage and hosting, disaster recovery, search engine optimization, marketing, and data processing.
Third Party Integrations
We may share certain data with Third Party Integrations if you give such Third Party Integrations access to your account and information, and any content you choose to use in connection with those Third Party Integrations.
Sale or Merger
We may also disclose your information to third parties in our legitimate business interests:
- in the event of that we sell or buy any business or assets (whether a result of liquidation, bankruptcy or otherwise), in which case we will disclose your data to the prospective buyer of such business or assets; or
- if we sell, buy, merge, are acquired by, or partner with other companies or businesses, or sell some or all of our assets. In such transactions, user information may be among the transferred assets.
If applicable, we will also disclose your information to our business partners so that we can make you special offers via the Services with your consent and / or in our legitimate business interests.
We will share your information with law enforcement agencies, public authorities or other organizations if legally required to do so, or based on our legitimate business interest if such use is reasonably necessary to:
- comply with legal obligation, process or request;
- enforce our Terms of Service and other agreements, policies, and standards, including investigation of any potential violation thereof;
- detect, prevent or otherwise address security, fraud or technical issues; or
- protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).
International Data Transfers: Privacy Shield and Contractual Terms
We maintain servers located in AWS Singapore and your information may be processed on servers located outside of the country where you live. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this policy. Whenever we process the personal data of European Union or United Kingdom Services users outside of the European Economic Area, we ensure we comply with Model Contractual Clauses, or EU-US or Swiss-US privacy shield frameworks, when required.
Security of Your Personal Data
We attach great importance to the security of your personal data. However, please note that Information you send to us electronically may not be secure when it is transmitted to us.
Despite our best efforts, you understand that due to technical limitations and various potential malicious attacks, no security measures are perfect or impenetrable and it is impossible to ensure permanent and absolute security. Therefore, we strongly suggest you take active measures, including but not limited to using a complicated password, regularly changing your password, and avoiding disclosure of your account password or other Information relating to logging in to your account, so as to protect the security of your personal data. We also recommend that you do not use unsecure channels to communicate personal data or other sensitive or confidential information to us.
We will retain your personal data for the length of time needed to fulfill the purposes outlined in this Policy unless a longer retention period is required, for example to comply with legal obligations or requests or for the establishment, exercise or defense of legal claims, or for legitimate businesses purposes, or as provided by law.
Should you or we terminate your account for any reason, we will take steps to ensure that your personal data is no longer available through the Services, or otherwise used by us, within a reasonable period of time (subject to technical limitations) after such account termination.
Third Party Integrated Services
Information Relating to Children
By accessing the Platform and/or using this Services, you represent that you are at the legal age in your jurisdiction or not under guardianship. If you are below legal age or under guardianship:
- you must obtain approval from your parent(s) or legal guardian(s); and
- your parent(s) or legal guardian(s) are responsible for: (i) all your actions in connection with your access to and use of the Services; (ii) your compliance with this policy; and (iv) ensuring that any of your participation in the Services will not, in any event, result in any violation of applicable laws and regulations relating to child protections in your jurisdiction.
If you do not have consent from your parent(s) or legal guardian(s) and your parent(s) or guardian(s) is not willing to open the account under their name, you must cease accessing the Services.
We do not seek or knowingly collect any data about children under of the legal age. If we become aware that we have unknowingly collected data about a child under of the legal age, we will make commercially reasonable efforts to delete such information from our database.
Additional Information for Certain Jurisdictions
We may provide additional information about the privacy, collection, and use of personal data of prospective and current user of Todo Master Services located in certain jurisdictions.
A. California Privacy Rights
This Policy describes how we may share your personal data for marketing purposes. It applies to all users of the Services, including California residents.
If you are a user of the Services and a California resident under 18 years of age, you may request to have your User Content or personal data removed from the publicly viewable portion of the Services by contacting us directly. User Content or personal data may not be removed from our systems or databases. In certain situations, User Content or personal data cannot be removed.
As a California resident, you may contact us with any questions or to request a list of third parties to whom we may disclose personal data for marketing purposes and the categories of Information we may disclose. See “Contact Us” below.
Under the California Consumer Privacy Act (“CCPA”), California residents have the right to know what personal information about them is collected, request deletion of their personal data, opt-out of the sale of their personal data, and not be discriminated against if they choose to exercise any of these rights. Todo Master does not sell any of the data we collect about you. If you’d like to exercise any of the other rights afforded to you, contact us at firstname.lastname@example.org.
B. Privacy Rights for Services users in the European Union
If you are a user of the Services in the European Union, under the General Data Protection Regulation you have the below rights in relation to your personal data. Where we act as a controller for your personal data, you should contact us to exercise any of your rights. Where we act as a processor, you should contact the Business Workplace Owner to exercise any of your rights.
You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we use your personal data and who we share it with. You also have the right to ask us to correct your personal data where it is inaccurate or incomplete. In certain circumstances, you have the right to ask us to delete the personal data we hold about you:
- where you believe that it is no longer necessary for us to hold your personal data (for example, if you decide that you no longer wish to use the Services);
- where we are processing your personal data based on legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing; or
- where you believe the personal data we hold about you is being unlawfully processed by us.
In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data:
- where you believe the personal data we hold about you is inaccurate and while we verify accuracy;
- where we want to erase your personal data as the processing is unlawful, but you want us to continue to store it;
- where we no longer need your personal data for the purposes of our processing, but you require us to retain the data for the establishment, exercise or defense of legal claims; or
- where you have objected to us processing your personal data based on our legitimate interests and we are considering your objection.
Right to Object
To the extent that Todo Master’s processing of your personal data is subject to the General Data Protection Regulation, we rely on its legitimate interests, described above, to process your data. You can object to our processing of your personal data based on our legitimate interests and we will no longer process your personal data unless we can demonstrate an overriding legitimate ground.
Right to Withdraw Consent
You have the right to withdraw your consent to our processing of data about you for marketing purposes at any time, and we will stop processing data about you for that purpose.
To exercise any of these rights above, please contact us at email@example.com. In addition, you have the right to complain to the applicable data protection supervisory authority.
You also may access, correct or request deletion of personal data We have about you by logging into your account. You may also request cancellation of your account by contacting us at firstname.lastname@example.org. We’ll take steps to delete your information within a reasonable timeframe, but some information may remain in archived/backup copies for our records or as otherwise required by law.
Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interest reasons or where we are required by law to retain your personal data.
In the event of that you wish to make a complaint about how we process your Information, please contact us in the first instance at email@example.com and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a complaint with the data protection authority in the country in which you live or work where you consider we have infringed data protection laws.
If you are using our services in Singapore, we will collect, use, disclose and/or process your personal data in accordance with our obligations under the Singapore Personal Data Protection Act 2012 (“PDPA”). For the purpose of this Policy, “personal data” shall have the same definition as under the PDPA, meaning data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access.
Data access and correction
You may request to access and/or correct the personal data currently in our possession at any time by submitting your request to firstname.lastname@example.org.
We will retain your personal data for the length of time needed to fulfil the purposes outlined in this Policy unless a longer retention period is required, for example, to comply with legal obligations or requests or for the establishment, exercise or defence of legal claims, or for legitimate businesses purposes, or as provided by law. After such time, we will take commercially reasonable efforts to ensure that your personal data in our possession or under our control is securely destroyed and/or anonymized.
Should you or we terminate your account for any reason, we will take steps to ensure that your personal data is no longer available through the Services, or otherwise used or processed by us, within a reasonable period of time (subject to technical limitations) after such account termination.
Transfer of Personal Data Outside of Singapore
In circumstances where we may need to transfer your personal data to third parties outside of Singapore, we will ensure that such transfers are compliant with the requirements under the PDPA. In this regard, we will take such necessary measures to ensure that such overseas recipients are bound by legally enforceable obligations (such as data transfer agreements or binding corporate rules where applicable) to ensure that these overseas recipients will provide a standard of protection to your personal data so transferred that is at least comparable to the protection to your personal data under the PDPA.
Disclosure of Personal Data Without Your Consent
Save as permitted under this Policy, we will not disclose any of your personal data to any third parties without first obtaining your express consent. However, please note that we may disclose your personal data to third parties without first obtaining your consent in certain situations as set out in the PDPA, including, without limitation, the following:
- cases in which the disclosure is required based on the applicable laws and/or regulations;
- cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;
- cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
- cases in which there are reasonable grounds to believe that the health or safety of yourself or another individual will be seriously affected and consent for the disclosure of the personal data cannot be obtained in a timely way, provided that we shall, as soon as may be practicable, notify you of the disclosure and the purposes of the disclosure;
- cases in which the disclosure is necessary for any investigation or proceedings;
- cases in which the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorization signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer;
- the disclosure is for the purpose of contacting the next‑of‑kin or a friend of any injured, ill or deceased individual; or
- cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest.
If you are using our services in Indonesia, the following additional terms apply. In the event of any conflict between the following additional terms and the provisions of the main body of this policy, the following terms shall apply.
- Age, Parental and Guardian Consent. By accessing and/or using this Services, you represent that you are at least 21 years of age or married or not under guardianship. If you are below 21 years old and you are not married, or under guardianship:
- you must obtain approval from your parent(s) or legal guardian(s); and
- your parent(s) or legal guardian(s) are responsible for: (i) all your actions in connection with your access to and use of the Services; (ii) your compliance with this policy; and (iv) ensuring that any of your participation in the Services will not, in any event, result in any violation of applicable laws and regulations relating to child protections.
If you do not have consent from your parent(s) or legal guardian(s) and your parent(s) or guardian(s) is not willing to open the account under their name, you must cease accessing the Services.
- Your Choices. You may withdraw your consent to Todo Master’s disclosure of personal data to third parties. Upon your request, we will ease to display, publish, transmit, disseminate, and/or open the access to your personal data to third parties. Please note that by withdrawing your consent to the disclosure and/or collection of your personal data, we may not be able to fulfill your requests and you may not be able to use some of Todo Master features and functionality.
You may request Todo Master to (i) disclose history of personal data that we have collected; and/or (ii) erase and dispose your personal data that we have collected on our server. Please note that by requesting us to erase and dispose your personal data, you may not be able to use some of Todo Master features and functionality.
To exercise any of your rights, please contact email@example.com.
- Notification. In the event of any breach of personal data, we will notify you and provide you with information regarding such breach of personal data.
- Data retention. We retain your information for as long as it is necessary to provide you with the Services. Where we do not need your information in order to provide the Services to you, we retain it only for so long as we have a legitimate business purpose in keeping such data. However, there are occasions where we are likely to keep this data for five (5) years (or longer if required) in accordance with our legal obligations or where it is necessary for the establishment, exercise or defense of legal claims.
After you have terminated your use of our Services and the five (5) years retention period has lapsed, we store your information in an aggregated and anonymized format. Non-personally identifiable information may be retained indefinitely for analytics.
E. South Korea.
If you are using our services in South Korea, the following additional terms apply. In the event of any conflict between the following additional terms and the provisions of the main body of this policy, the following terms shall prevail.
- Data rights. You have the right to access personal data we hold about you, to rectify any personal data held about you that is inaccurate, to request the deletion of personal data held about you, and the right to request the suspension of the processing of your personal data. You can exercise your rights by contacting us at firstname.lastname@example.org.
- Information Relating to Children. Todo Master is not directed at children under the age of 14.
- Entrustment and/or Overseas Transfer of Personal Data. We entrust your data to our affiliates, cloud storage providers, IT service providers, and data centers, some of whom are located abroad, subject to your consents or notifications to you, if applicable. The entities receiving and processing your data are committed to using and storing personal data in compliance with domestic and international regulations and to taking all available physical and technical measures to protect personal data. You may opt-out of such transfer so long as the transfer is not necessary to provide you with the Service, by contacting email@example.com .
If you wish to talk with us about how we process your personal data, please contact us at firstname.lastname@example.org and we will endeavor to deal with your request as soon as possible.
This Policy may be updated by us from time to time to reflect changes to applicable laws, regulations, standards, industry codes or other instruments of a similar nature, or to reflect changes, updates or new features to the Services.We will use commercially reasonable efforts to generally notify all users of any material changes to this Policy, such as through a notice on our Services, however, you should look at this Policy regularly to check for such changes. We will also update the “Last Updated” and “Effective “date at the top of this Policy, which reflects the effective date of such Policy. Your continued access to or use of the Services after the date of the updated Policy constitutes your acknowledgment and agreement that you have read, understood and accepted the terms of the updated Policy. If you do not agree to the updated Policy, you must stop accessing or using the Platform and/or the Services.