Privacy Policy

1. Introduction

PocketLeave ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our leave optimization service.

By using PocketLeave, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

When you use PocketLeave, we may collect:

• Account Information: Email address (only if you create an account)
• Leave Planning Data: Annual leave balance, country and state/region preferences
• Saved Plans: Leave dates, hack selections, and planning year

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, interaction patterns
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, error logs

2.3 Information We Do NOT Collect

• Employer name or workplace information
• Financial or payment information (Service is free)
• Government ID or social security numbers
• Personal contacts or address book data
• Location tracking beyond selected country/region

3. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Generate leave optimization recommendations based on your inputs
• Data Storage: Save your leave plans across sessions (authenticated users only)
• Service Improvement: Analyze usage patterns to enhance features and user experience
• Communication: Send important Service updates and security notices
• Security: Detect and prevent fraud, abuse, or security incidents
• Legal Compliance: Comply with legal obligations and enforce our Terms

4. Third-Party Services

PocketLeave relies on the following third-party services:

4.1 Nager.Date API

• Purpose: Retrieve public holiday data for the majority of supported countries and regions
• Data Shared: Country code and state/region code (no personal information)
• Privacy Policy: https://date.nager.at
• Note: India, Israel, and Saudi Arabia do not use this API — they use locally sourced datasets described below

4.2 date-holidays (npm package)

• Purpose: Provide public holiday data for Israel and Saudi Arabia
• Data Shared: No data is transmitted externally — holidays are computed locally within the application from calendar rules bundled in the package
• Note: Dates that depend on the lunar calendar (such as Eid holidays and certain Jewish holidays) are calculated estimates. They may shift by 1–2 days based on official moon-sighting announcements and must be independently verified

4.3 India — Hardcoded Static Dataset

• Purpose: Provide public holiday data for India
• Data Shared: No data is transmitted externally — the holiday list is a manually maintained static dataset built into the application
• Note: This dataset may not reflect newly declared, amended, or cancelled holidays. Always verify against official Indian government sources

4.4 Supabase

• Purpose: Authentication services and database hosting
• Data Shared: Email, user ID, saved leave plans
• Privacy Policy: https://supabase.com/privacy

4.5 Google Fonts

• Purpose: Load Inter and Plus Jakarta Sans typefaces for the user interface
• Data Shared: When your browser requests these fonts, your IP address may be transmitted to Google's servers
• Privacy Policy: https://policies.google.com/privacy

4.6 Notion

• Purpose: Serve published blog articles on the /blog pages of the Service
• Data Shared: Server-side database and page queries only; no personal user data is transmitted to Notion
• Privacy Policy: https://www.notion.so/Privacy-Policy

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

5. Holiday Data Accuracy Notice

Official government holiday sources can typically be found on your national government's official website, the relevant ministry of labour or employment portal, or published government gazettes.

6. Cookies and Tracking Technologies

We use minimal cookies and similar tracking technologies:

6.1 Essential Cookies

• Authentication: Session cookies to maintain login state (authenticated users only)
• Security: CSRF protection tokens

6.2 Non-Essential Cookies

We do NOT use:

• Advertising or marketing cookies
• Third-party tracking pixels
• Social media cookies
• Analytics cookies (currently; may change with notice)

6.3 Browser Local Storage

For users who do not create an account, we store certain preferences in your browser's local storage:

• Country Selection: Your selected country for public holiday data
• State/Region: Your selected state or region (if applicable)
• Annual Leave Balance: Your entered leave balance for calculations

This data is stored entirely on your device and is never transmitted to our servers unless you explicitly choose to create an account and save a leave plan. You can clear this data at any time through your browser settings.

7. Data Storage and Security

7.1 Storage Location

Your data is stored on Supabase servers, which may be located in various regions. Supabase employs industry-standard security measures including encryption at rest and in transit.

7.2 Security Measures

• SSL/TLS encryption for data transmission
• Password hashing using industry-standard algorithms
• Regular security updates and vulnerability patching
• Access controls and authentication mechanisms
• Row Level Security (RLS) policies on database tables

7.3 Data Retention

• Account Data: Retained until account deletion
• Leave Plans: Retained until manually deleted by user
• Log Data: Retained for 90 days for security and debugging purposes

8. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal information. We may share data only in the following circumstances:

• Service Providers: Third-party services (Supabase) necessary for Service operation
• Legal Requirements: When required by law, court order, or legal process
• Safety and Security: To protect rights, property, or safety of users or others
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• With Consent: When you explicitly authorize disclosure

9. Your Privacy Rights

9.1 General Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Export: Download your saved leave plans
• Opt-Out: Decline non-essential communications

9.2 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

• Data Portability: Receive your data in a structured, machine-readable format
• Restriction: Request restriction of data processing
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for data processing at any time
• Lodge Complaint: File complaints with data protection authorities

9.3 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Know: Know what personal information is collected
• Delete: Request deletion of personal information
• Opt-Out: Opt-out of sale of personal information (Note: We do NOT sell data)
• Non-Discrimination: Exercise rights without discriminatory treatment

9.4 Exercising Your Rights

To exercise any of these rights, contact us at: privacy@pocketleave.com
We will respond to valid requests within 30 days.

10. Children's Privacy

PocketLeave is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it immediately. If you believe we have collected information from a child under 13, please contact us at: privacy@pocketleave.com

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using PocketLeave, you consent to the transfer of your information to such countries.

We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws, including standard contractual clauses for transfers from the EEA.

12. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of discovery, as required by applicable laws. Notifications will include:

• Nature of the breach and data affected
• Steps we are taking to address the breach
• Recommended actions you should take
• Contact information for further inquiries

13. Account Deletion

You may delete your account at any time by emailing us at privacy@pocketleave.com. Upon account deletion:

• Your personal information will be permanently deleted within 30 days
• All saved leave plans will be removed
• We may retain anonymized usage data for analytics
• We may retain data as required for legal compliance

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date indicates when the policy was last revised.

Material changes will be communicated via:

• Email notification to registered users
• Prominent notice on the Service
• 30-day advance notice for significant changes

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact: