Privacy

Analytics and service reliability

• We use self-hosted Plausible Analytics to understand aggregate usage trends. We do not run ads and do not sell personal data.
• Analytics records page paths (with sensitive links redacted), referrer origin, coarse country-level location, and technical performance signals.
• We do not intentionally collect passwords, payment card data, or private workspace content for analytics.

Security and access logs

• Our reverse proxy and backend services keep short-lived access/security logs for abuse prevention, incident response, and service integrity.
• Authentication and share-token endpoints are excluded or redacted to reduce risk of leaking sensitive credentials.
• Logs are rotated and deleted under strict retention schedules.

Accounts, identity, and storage

• Authentication is handled through Authentik SSO. Account metadata and app data are stored in isolated systems with row-level security controls.
• We keep the minimum account data needed for sign-in, legal-consent version tracking, security alerts, and account recovery.

Contact

If you need help, want account data deleted, or have privacy questions, use Support.