Skip to content
P
Poncdash
PrivacyTermsLog in

Privacy Policy

Last updated: 18 March 2026

1. Who We Are

Poncdash is a product of Hughes Performance Technology Limited, a company registered in Ireland (Cranny House, Inver, Co. Donegal). “We”, “us”, and “our” refer to Hughes Performance Technology Limited. You can reach us at peter@hughes.team.

Poncdash is a dynamic contact management platform — the exchange layer across iCloud, Google, and Microsoft. We help you keep your contacts alive and in sync.

2. What Data We Collect

Account data

  • Email address and password (hashed by Supabase Auth)
  • Full name, organisation, role, location, and bio (My Card profile)
  • Contact methods you choose to share (phone, email, website)
  • Profile photo (stored in Supabase Storage)

Contact data

  • Names, phone numbers, email addresses, and other contact details synced from your providers (Google, Microsoft, iCloud) or imported via CSV/vCard
  • Enrichment data you add in Poncdash: tags, interaction logs, relationship strength, notes
  • Sync mappings that link your local contacts to their provider counterparts

Technical data

  • Authentication session tokens (cookies)
  • OAuth access and refresh tokens for connected providers (encrypted in Supabase Vault)
  • Consent records with timestamps and IP addresses
  • Audit log entries for security-relevant actions

3. How We Use Your Data

  • Bidirectional sync: we read contacts from your connected providers and write changes back to keep them in sync
  • Matching: we check if your contacts’ phone numbers or email addresses match other Poncdash users, to offer connection requests
  • Propagation: when a connected Poncdash user updates their profile, we update their contact record in your account (and optionally push to your providers)
  • Notifications: we send in-app and optional email notifications about connection requests and updates
  • Account security: we use session tokens, MFA codes, and rate limiting to protect your account

4. Legal Basis for Processing (GDPR)

  • Consent: you explicitly consent to contact data processing at signup
  • Contract: processing is necessary to provide the Poncdash service
  • Legitimate interest: security measures, fraud prevention, and service improvement

5. Third-Party Services

We use the following third-party services to operate Poncdash:

  • Supabase (database, authentication, encrypted secret storage) — EU region available
  • Google People API — to sync your Google Contacts (only when you connect Google)
  • Microsoft Graph API — to sync your Outlook/365 contacts (only when you connect Microsoft)
  • Apple iCloud CardDAV — to sync your iCloud contacts (only when you connect iCloud)

We do not sell, rent, or share your personal data with any third party for marketing or advertising purposes. We do not use your contact data for any purpose other than providing the Poncdash service.

6. Data Security

  • All data transmitted over HTTPS with TLS 1.3
  • OAuth tokens encrypted at rest in Supabase Vault (AES-256)
  • Row-Level Security on all database tables — you can only access your own data
  • Optional TOTP-based multi-factor authentication
  • Rate limiting on authentication endpoints
  • Security headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options
  • 30-minute session timeout on inactivity

7. Data Retention

Your data is retained for as long as your account is active. When you delete your account, all data is scheduled for permanent deletion after a 7-day cooling-off period. During this period you can cancel the deletion. After 7 days, all data is irreversibly deleted, including contacts, interactions, tags, profile data, OAuth tokens, and consent records.

8. Your Rights

Under GDPR, you have the right to:

  • Access: view all data we hold about you (Settings → Privacy → Export)
  • Portability: download your data as structured JSON
  • Rectification: edit your contacts and profile at any time
  • Erasure: delete your account and all data (Settings → Privacy → Delete Account)
  • Restriction: toggle consent preferences for optional data processing
  • Object: withdraw consent for marketing emails and analytics at any time

To exercise any of these rights, use the controls in your Poncdash settings or contact us at peter@hughes.team.

9. Cookies

Poncdash uses essential cookies for authentication (session management). We also offer optional analytics cookies which you can accept or decline via our cookie consent banner on first visit. We do not use advertising or tracking cookies.

10. Children

Poncdash is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it immediately.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users via email or in-app notification of any material changes. The “Last updated” date at the top of this page reflects the most recent revision.

12. Contact

If you have any questions about this privacy policy or how your data is handled, please contact Peter Hughes at peter@hughes.team.