Last updated: 8 May 2026
Effective date: 8 May 2026
This Privacy Policy explains how Rodot (“we”, “us”, “our”) collects, uses, shares and protects personal data when you use Modo (the “App”), available on iOS and Android, and any related websites or services (together, the “Service”).
We act as the data controller of your personal data. This Policy is written to comply with the Brazilian General Data Protection Law (LGPD — Law No. 13,709/2018), the EU/UK General Data Protection Regulation (GDPR), and other applicable privacy laws.
1. Who we are
- Legal name: Rodot
- Registration number (CNPJ): 27.210.349/0001-04
- Registered address: SAUS Quadra 4 Bloco A Sala 513 — 70070-938 — Brasília, DF, Brazil
- General contact: hello@rodot.app
- Data Protection Officer (DPO / Encarregado): Darlan Rod — legal@rodot.app
2. Personal data we collect
Modo is designed to work without user accounts or login. We collect the minimum data needed to operate and improve the App:
2.1 Data you provide directly:
Profile preferences (timer durations for focus, short break and long break; app language; theme; daily focus-cycle goal; weekly reminder schedule; auto-start, keep-screen-on and notification toggles); optional in-app feedback (a free-text message and, at the user’s discretion, screenshot annotations and a contact email).
2.2 Data collected automatically:
Device and technical data (device model, OS version, app version, language, country, IP address, and a randomly generated installation identifier); usage data (in-app actions such as completing a focus interval, starting or skipping a break, finishing a cycle, navigating statistics or changing preferences, used for product analytics); diagnostic data (crash reports, breadcrumb logs and performance metrics, used to detect and fix bugs).
2.3 Data from third parties:
None. Modo does not import data from third-party accounts or services. We do not collect sensitive personal data (such as racial or ethnic origin, political opinions, religious beliefs, health or biometric data).
3. Why we use your personal data and legal bases
We process your personal data for the following purposes, relying on the legal bases set out in Article 7 of the LGPD and Article 6 of the GDPR:
| Purpose | Legal basis (LGPD / GDPR) |
|---|---|
| To provide and operate the App and its features | Legitimate interest |
| To improve the Service through analytics and bug fixing | Legitimate interest |
| To handle in-app feedback and respond to user requests | Legitimate interest / your request |
| To comply with legal and regulatory obligations | Legal obligation |
| To prevent fraud, abuse and ensure security | Legitimate interest / legal obligation |
4. Sharing of personal data
We do not sell your personal data. We may share it with:
- Service providers (operators / processors) who help us run the Service: Google LLC / Google Ireland Limited (Firebase Analytics, Firebase Crashlytics and Firebase Performance Monitoring — usage analytics, crash reporting and performance metrics); Wiredash GmbH (in-app user feedback and NPS, including the underlying usage events sent to support feedback features).
- Public authorities, courts and regulators, where required by law or to protect our rights.
- Business transfers, in the event of a merger, acquisition, restructuring or sale of assets.
All third parties are bound by appropriate confidentiality and data protection obligations.
5. International data transfers
Because we operate internationally, your personal data may be transferred to and processed in countries other than your own, including: Brazil (data subject’s device); United States and other regions where Google operates Firebase services (analytics and diagnostics); Germany (Wiredash feedback platform).
When we transfer personal data outside Brazil, the EU or the UK, we rely on safeguards permitted by the LGPD (Art. 33) and the GDPR (Chapter V), including: adequacy decisions, Standard Contractual Clauses (SCCs), the international transfer clauses approved by the Brazilian National Data Protection Authority (ANPD), or your explicit consent.
6. Data retention
We keep personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by law.
- Analytics data: up to 14 months (Firebase Analytics default user-data retention).
- Crash data: up to 90 days (Firebase Crashlytics default).
- Feedback data: retained by Wiredash for as long as needed to handle the request, then deleted on request.
- Local data on your device (preferences and Pomodoro session history): kept until you tap Preferences > Reset all or uninstall the App.
After these periods, data is deleted or anonymised.
7. Your rights
Under the LGPD, the GDPR and other applicable laws, you have the following rights in relation to your personal data:
- Confirmation and access to your data
- Correction of inaccurate, incomplete or outdated data
- Anonymisation, blocking or deletion of unnecessary or excessive data
- Data portability to another service provider
- Deletion of data processed on the basis of consent
- Information about entities with whom we have shared your data
- Withdrawal of consent at any time
- Objection to processing based on legitimate interests
- Restriction of processing in certain circumstances
- Right to lodge a complaint with a supervisory authority
To exercise any of these rights, contact us at legal@rodot.app. We will respond within 15 days. Because the App does not require an account we do not associate data with an identifiable user.
8. Cookies and similar technologies
The mobile App does not use cookies. It uses the following SDKs: Firebase Analytics (usage analytics), Firebase Crashlytics (crash reporting), Firebase Performance Monitoring (performance metrics) and Wiredash (in-app feedback and NPS).
On our website (https://modo.rodot.app), only essential cookies are used by default; any additional categories require your opt-in via a cookie banner shown on first visit, where you may accept, reject or customise non-essential categories. For more details, see our Cookie Policy at https://modo.rodot.app/cookie-policy.
9. Children’s privacy
The Service is not directed at children under 16 years old, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact legal@rodot.app so we can delete it.
Where Modo processes data of minors, we do so only with verifiable parental consent and in their best interest, in line with Article 14 of the LGPD and Article 8 of the GDPR.
10. Security
We implement technical and administrative measures appropriate to the risks of processing, including: encryption in transit (TLS) for all communications between the App and our sub-processors; pseudonymous installation identifier (no name, email or other directly identifying data is collected by the App); minimum-permissions principle on iOS and Android (the App only requests permissions strictly necessary to operate, such as local notifications); reliance on Google Cloud / Firebase and Wiredash infrastructure security for the data they process on our behalf, both of which provide industry-standard physical, technical and organisational safeguards (encryption at rest, access controls, audit logging); periodic review of SDKs and dependencies.
In the event of a security incident that may pose risk or relevant harm to data subjects, we will notify the ANPD and affected users in accordance with Article 48 of the LGPD and Articles 33–34 of the GDPR.
11. Changes to this Policy
We may update this Policy from time to time. When we make material changes, we will notify you through the App, on our website, or by another reasonable means at least 30 days before the changes take effect. The “Last updated” date at the top reflects the most recent version.
12. Contact us
If you have any questions, concerns or complaints about this Policy or our processing of your personal data, please contact:
- Data Protection Officer (DPO): Darlan Rod — legal@rodot.app
- Postal address: SAUS Quadra 4 Bloco A Sala 513 — 70070-938 — Brasília, DF, Brazil
You may also contact the relevant supervisory authority — the ANPD in Brazil (gov.br/anpd) or your local Data Protection Authority.