Privacy Policy

Last updated: 25 March 2026

This document is available in English only.

1. Who we are

WillBeDone is operated by OneDeux. For the purposes of the EU General Data Protection Regulation (GDPR), we are the data controller for personal data processed through WillBeDone.

Contact: privacy@onedeux.com

2. What data we collect and why

Account data

When you register, we collect your email address and a hashed password. This is used solely to authenticate you and identify your account. We do not collect your name unless you choose to provide it.

Commitment and activity data

The commitments you create — including their titles, resolution notes, dates, and outcomes — are stored to provide the core service. This data belongs to you and is not shared with third parties.

Preferences and settings

We store your timezone (IANA format), day start hour preference, and language preference. These are used to correctly calculate day boundaries and display the app in your preferred language.

Usage and diagnostic data

If enabled, we use Microsoft Azure Application Insights to collect anonymised usage telemetry (page loads, errors, response times). This data does not contain your commitments or personal content. It is used solely to improve the reliability and performance of the service.

3. Legal basis for processing (GDPR)

  • Contract performance (Art. 6(1)(b)): Processing your account data and commitment data is necessary to provide the service you have registered for.
  • Legitimate interests (Art. 6(1)(f)): Anonymised diagnostic telemetry is processed to maintain and improve the service.

4. How long we keep your data

  • Account and commitment data: Retained for as long as your account is active. If you delete your account, all personal data is permanently deleted within 30 days.
  • Diagnostic telemetry: Retained for 90 days by Azure Application Insights, after which it is automatically deleted.

5. Where your data is stored

Your data is stored on Microsoft Azure infrastructure located in West Europe. Microsoft acts as a data processor under a Data Processing Agreement. For more information, see Microsoft's Privacy Statement .

International transfers: We do not transfer your personal data outside the European Economic Area (EEA). All data remains within the Azure region specified above.

Security: Data is encrypted in transit (TLS) and at rest using Azure's default encryption. We apply access controls to limit who can access production systems.

6. Sharing your data

We do not sell your personal data. We do not share your commitment content with any third party. The only subprocessors we use are:

  • Microsoft Azure — hosting, database, and diagnostics

If you choose to use the sharing features (v2), content you explicitly choose to share is made publicly accessible via a unique link. Sharing is always an explicit opt-in action.

7. Data breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, as required under GDPR Art. 33. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

8. Children's data

WillBeDone is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has registered without parental consent, please contact us at privacy@onedeux.com and we will delete the account promptly.

9. Your rights under GDPR

If you are located in the European Economic Area (EEA), you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate data.
  • Erasure: Ask us to delete your account and all associated data.
  • Restriction: Ask us to limit processing of your data.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Complaint: Lodge a complaint with your national data protection authority. A list of EEA authorities is available at edpb.europa.eu .

To exercise any of these rights, contact us at privacy@onedeux.com. We will respond within 30 days.

10. Cookies

WillBeDone uses session cookies to maintain your authenticated session. These are strictly necessary for the service to function and do not require your consent under the GDPR ePrivacy framework. No third-party tracking or advertising cookies are set. No consent banner is required.

11. Changes to this policy

We may update this policy from time to time. For material changes, we will notify registered users by email at least 30 days before the changes take effect. The date at the top of this page always reflects the most recent revision.

12. Contact

Questions about this policy or your data: privacy@onedeux.com