Afrek

Privacy Policy

Last updated: January 2025

We collect only what we need to run Afrek and improve it. We never sell your data.

Who we are

Afrek is a task management application. This privacy policy applies to the web application at afrek.app.

Information we collect

Account data

When you sign up, we collect your email address and name through our authentication provider, WorkOS. This information is used to identify your account and communicate with you about your subscription.

Task data

We store the tasks you create, including titles, notes, tags, statuses, priorities, and dates. If you enable client-side encryption, your task titles, notes, and tags are encrypted in your browser before being sent to our servers—we cannot read this encrypted content.

Subscription and billing data

Payment processing is handled by Dodo Payments. We do not store your full credit card number. We receive information about your subscription status to provide you with the correct level of service.

Analytics data

We use PostHog to collect anonymized usage data such as page views and feature usage. We never log the content of your tasks in analytics. This helps us understand how people use Afrek so we can improve it.

Device and log data

Our servers automatically collect standard information like IP addresses, browser type, and timestamps for security and debugging purposes.

Client-side encryption

Afrek offers optional end-to-end encryption for your task content. When enabled:

  • Encrypted: Task titles, notes, and tags
  • Not encrypted: Task status, priority, scheduled date, and timestamps (so the server can filter and sort your tasks)

Your encryption key is derived from a passkey using the WebAuthn PRF extension. We never have access to your encryption key or decrypted content.

Important: If you lose access to your passkey, your encrypted data cannot be recovered—by you or by us.

Learn more about how encryption works →

How we use your information

  • To provide the service (authentication, storing tasks, syncing data)
  • To process payments and manage subscriptions
  • To understand feature usage and improve Afrek (analytics)
  • To communicate with you about account-related notices and important updates

Sharing of information

We use the following third-party services to operate Afrek:

  • WorkOS — Authentication
  • Convex — Database and real-time sync
  • PostHog — Analytics
  • Dodo Payments — Payment processing

We do not sell your data. We may disclose information if required by law or to protect against fraud or abuse.

Data retention

  • Active accounts: Your data is retained as long as your account is active.
  • Deleted tasks: When you delete a task, it is permanently removed from our database.
  • Account deletion: If you delete your account or request deletion, all your data will be permanently removed.

Your rights

You can:

  • Access, update, and delete your tasks through the app
  • Request deletion of your account by contacting us
  • Export your data (feature coming soon)

International users

If you are located in the EU, UK, or other regions with data protection laws, we process your data based on the contract we have with you (to provide the service) and our legitimate interests (to improve the service). You have rights under applicable data protection laws, including the right to access, correct, or delete your data.

Security

We take security seriously. All data is transmitted over HTTPS. Our infrastructure uses encryption at rest. Access to production systems is strictly controlled. Optional client-side encryption provides an additional layer of protection for your task content.

Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by updating the date at the top of this page. For major changes, we may also notify you via email.

Open source

Afrek is open source. You can review how we handle your data by viewing the source code on GitHub.

Contact

If you have questions about this privacy policy or your data, please contact us at privacy@afrek.app.