Privacy Policy
How Tandio collects, uses, and protects your information.
Last updated: 2 April 2026
1. Who we are
HOT SPOT SpA is the company that operates the Tandio task management and productivity app and related website. HOT SPOT SpA is the data controller for personal data processed in connection with those services. In this policy, “we”, “our”, and “us” mean HOT SPOT SpA. References to the “Tandio” app, website, or services describe the offerings provided by HOT SPOT SpA.
Tandio helps individuals and teams organise work, track projects, and get things done. This Privacy Policy works together with our Terms of Service.
We do not knowingly collect personal data from individuals under 18 years of age (or the age of majority in their jurisdiction). If you believe we have collected data from a minor, please contact us.
2. What data we collect
We collect information in the following ways:
- Information you provide directly when you create a workspace, register, fill out our contact form, or communicate with us by email (name, email, organisation, timezone).
- Usage data from our website and app, including pages visited, time on site, and interactions.
- Workspace data you create when using our app, including tasks, comments, projects, team member information, and preferences. Where you add links or URLs to external resources, we collect only the URLs themselves, not the content of the pages they point to.
- Payment data for Pro plan subscriptions: when you subscribe through Paddle, we receive limited billing and subscription information such as customer identifiers, subscription identifiers, transaction status, plan information, and payment amounts. Paddle processes payment method details directly according to its own privacy terms.
3. How we use your data
We use the information we collect to:
- Respond to enquiries and provide support for our app and services.
- Operate, maintain, and improve our task management app and website.
- Improve our user experience using usage patterns and aggregated, anonymised insights.
- Process, verify, and manage Pro plan subscriptions and billing events handled through Paddle.
- Comply with legal, regulatory, or contractual obligations.
4. Legal bases for processing (EU/UK)
Where applicable, we process personal data under the following legal bases:
- Consent – for optional cookies, marketing subscriptions, and similar activities.
- Contract – to deliver our services when you use our app or create a workspace.
- Legitimate interests – to operate, secure, and improve our services in a way that does not override your rights.
- Legal obligation – where we are required to retain certain records.
5. Cookies and tracking
We use a cookie consent banner that stores your preference in local storage. We do not use third-party analytics or advertising cookies. We may load strictly necessary third-party checkout scripts or related storage technologies when you start or manage a paid subscription, including Paddle. You can control cookies through your browser settings and via the consent banner we make available.
6. How we share information
We do not sell your personal data. We may share information with:
- Cloud infrastructure providers – we store and host your data.
- Email service providers – transactional emails.
- Payment processor – Paddle for recurring subscription checkout, billing, and related payment operations. Paddle’s own privacy terms apply to payment method details it collects directly.
- Professional advisers (legal or accounting partners) where necessary.
- Authorities or third parties when required by law or to protect our rights.
7. Where we store data and international transfers
Your data is stored on secure cloud infrastructure. Some of our service providers may be located outside your country. When we transfer personal data internationally, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms, where required by law.
8. Data retention
We retain personal data only for as long as necessary for the purposes described in this policy, or as required by applicable law, contracts, or platform policies. When data is no longer needed, we take reasonable steps to delete or anonymise it.
When you request deletion of your workspace (via support@tandio.work), we permanently delete all data associated with that workspace, including tasks, projects, team member information, and any other content.
9. Your rights
Depending on your location, you may have rights over your personal data, including:
- Accessing a copy of the personal data we hold about you, including a full copy of all your workspace data (tasks, projects, comments, etc.). If your Pro subscription ends or remains unpaid and workspace access is suspended, you can always request a copy of all workspace data before closing your account.
- Receiving your data in a structured, commonly used, machine-readable format (data portability), and, where technically feasible, having it transferred to another provider.
- Requesting correction of inaccurate or incomplete data.
- Requesting deletion of your data, in certain circumstances.
- Objecting to or restricting certain types of processing.
- Withdrawing consent where processing is based on consent.
To exercise these rights, contact us at contact@tandio.work. For workspace deletion and account closure, contact support@tandio.work. We may need to verify your identity before completing your request.
10. Security and data breaches
We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration. No system is completely secure, but we aim to apply practices that align with industry standards for web and app services.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required by law, affected individuals without undue delay.
11. Third-party sites
Our website and app may link to third-party sites or platforms. We are not responsible for the privacy practices or content of those third parties. We recommend reviewing their privacy policies separately.
12. Contact
If you have any questions about this Privacy Policy or how we handle personal data, you can reach us at:
General enquiries: contact@tandio.work
Workspace deletion and support: support@tandio.work