Privacy Policy
Last updated: March 2026
SpudSuite is built with privacy at its core. This isn't marketing fluff — it's architecture. Here's exactly what we do and don't do with your data.
The Short Version
We don't collect your notes, todos, or any personal content. Your data syncs directly to your own cloud storage (Google Drive or Dropbox). We have no access to it. We don't track you. We don't sell anything.
What We DON'T Collect
- Your notes, todos, boards, or projects
- Your files or documents
- Your cloud storage credentials
- Your location
- Your contacts
- Personal analytics profiles or advertising data
- Cookies (beyond essential session cookies)
What We DO Collect
Minimal data required to operate:
For Pro Subscriptions
- Email address (for receipts and support)
- Payment info is handled by Stripe — we never see your card number
For Support
- If you email us, we have your email and conversation
For the Website and App
- Basic server logs (IP, user agent, timestamp) — standard for any website
- Anonymous analytics — we collect aggregate, anonymous usage data to understand how SpudSuite is used and to improve the experience. This includes page views, session duration, device type, and crash reports. This data is never linked to your notes, todos, or personal content.
- No advertising trackers, no data brokers
Analytics Data We Collect
Our analytics tools may automatically collect:
- Device information (model, OS version, screen size)
- App usage data (screens viewed, session duration, feature usage)
- Crash and performance reports
- Approximate location (country/region level, derived from IP)
This data is used solely to improve SpudSuite and is never used for advertising, sold to third parties, or linked to your notes, todos, or other content.
Your Data Architecture
SpudSuite is local-first:
- Your data lives on your device in browser/app storage (IndexedDB)
- If you enable sync, data goes to YOUR cloud storage (Google Drive or Dropbox)
- SpudSuite has no central database of user data
- We literally cannot read your notes because we don't have them
OAuth and Cloud Access
When you connect Google Drive or Dropbox:
- You authorize SpudSuite for app-folder-only access
- We cannot see your other files
- Access tokens are stored locally on your device, not our servers
- You can revoke access anytime in your Google/Dropbox settings
Third Parties
Services we use:
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, payment method (we don't see card details) |
| Cloudflare | CDN / DDoS protection | IP addresses (standard web traffic) |
| Analytics provider | Anonymous usage analytics | Device info, page views, session data, crash reports (no note content) |
| Google/Dropbox | YOUR cloud storage | Your data goes directly to your account |
We do NOT use:
- Advertising trackers or pixels
- Advertising networks
- Data brokers
Data Retention
- Your notes: Stored on your device and your cloud. We don't have them.
- Pro subscription data: Kept while your subscription is active, deleted on request.
- Support emails: Kept for support purposes, deleted on request.
- Server logs: Automatically deleted after 30 days.
Your Rights
You can:
- Export your data — Pro users can export notes as .md files; cloud sync data is plain JSON you own
- Delete your data — Delete from your cloud storage directly
- Disconnect sync — Settings then disconnect your cloud provider
- Delete Pro account — Email support@spudsuite.com
For GDPR/CCPA requests, email privacy@spudsuite.com.
Security
- All connections use HTTPS/TLS
- OAuth tokens stored locally, not transmitted to us
- No password storage (we don't have accounts)
- Pro payments handled by Stripe (PCI compliant)
Children
SpudSuite is not directed at children under 13. We don't knowingly collect data from children.
Changes
If we update this policy, we'll post the new version here with an updated date. Major changes will be announced in the app.
Contact
Questions about privacy?
- Email: privacy@spudsuite.com
We're real humans who care about this stuff. We'll actually respond.