Privacy policy
This policy applies to web applications published by Andrew Mortensen (“we,” “us”) under the Mortensen Apps umbrella. Individual products may show additional in-product notices or app-specific details where they collect or use data differently.
What we build
We ship web apps hosted on third-party infrastructure (for example Vercel). Each product has its own deployment and may process the data you enter into that product for its stated purpose (for example scheduling, notes, or email to people you designate).
Google account and Gmail
Some apps optionally let you connect a Google account so you can sign in or so the app can send email through Gmail on your behalf. That connection uses Google OAuth. We request only the scopes shown to you on Google’s consent screen for that product. For email sending, we use the permission to compose and send messages you initiate—we do not use Gmail access to read, search, index, or delete your mailbox history unless a product explicitly says otherwise and you consent.
OAuth tokens and related credentials needed to maintain the connection are stored using the hosting provider and database practices documented for each app. You can typically disconnect Google from inside the app or from your Google Account security settings.
Data you provide
You may provide content such as names, email addresses, notes, or files so the app can function. We use that information to operate the product you signed up for—not for unrelated advertising profiles. If an app sends email, recipients and message content are determined by you or by workflows you configure.
Sharing, disclosure, and recipients
We do not sell Google user data or personal information to data brokers, advertising platforms, or cold callers. We share or disclose information only as needed to run the products you use, as described below.
- Google. When you connect a Google account or use Gmail through our apps, data needed for that feature is processed by Google under Google’s terms and your Google account settings (for example OAuth tokens, API calls to send mail you initiate, and metadata Google logs as part of those APIs). We do not control Google’s servers; we follow Google’s applicable API and limited-use requirements for data we receive from Google APIs.
- Infrastructure and service providers. Each app runs on hosted infrastructure (for example Vercel for application hosting and serverless functions) and may use subprocessors such as database, file storage, or email delivery vendors chosen for that product. Those providers process data only to provide the service (for example storing your account rows or uploaded files). A product-specific page or deployer documentation may list exact vendor names for that deployment.
- People you direct us to contact. When you send email or share content from an app (for example a session update to a parent’s address), the recipient receives the information you chose to send.
- Legal and safety. We may disclose information if required by law, regulation, legal process, or to protect the rights, safety, and security of users, the public, or our services.
- Business transfers. If we are involved in a merger, acquisition, or asset sale, user information may be transferred as part of that transaction; we will require the successor to honor commitments consistent with this policy or notify you as applicable law requires.
Security
We use commercially reasonable safeguards appropriate to the sensitivity of the data and the nature of our hosted software:
- Encryption in transit. Connections between your browser and our applications use HTTPS (TLS).
- Hosting and data stores. We rely on our vendors’ protections for servers, databases, and object storage (including access controls, network isolation, and encryption at rest where the vendor provides it by default for the tiers we use).
- Authentication and access. Products require sign-in (or equivalent) so that account data is scoped to the authorized user; application logic is designed to enforce access boundaries between accounts.
- Secrets and OAuth tokens. API keys, client secrets, and OAuth refresh tokens are kept in server-side configuration or secure storage—not embedded in web pages or public repositories.
- Limiting data use. Google user data obtained through Google APIs is used only to provide or improve the user-facing features you asked for (for example sending mail you trigger), consistent with this policy and Google’s applicable requirements.
No method of transmission or storage is 100% secure; if you have a specific security concern, contact us using the address below.
Analytics and logging
Hosting platforms may collect standard technical data (for example IP address, user agent, timestamps) for security and reliability. We do not sell your personal information.
Retention and deletion
We keep data as long as needed to provide the service and meet legal obligations. You may request deletion of personal data associated with your account where the product supports it; contact us if you need help.
Children
Our products are intended for adults or for use in contexts where a parent, school, or organization is responsible for consent. If you believe we have collected a child’s personal information inappropriately, contact us and we will address it.
Changes
We may update this policy from time to time. The “Last updated” date below will change when we do. Continued use of our apps after changes means you accept the updated policy.
Contact
Questions about this policy: arangarx@gmail.com. For help with a specific app, use the product address on the home page if one is listed.