Privacy Policy 🔒
Last updated: March 2026
SpudSuite is built with privacy at its core. This isn't marketing fluff — it's architecture. Here's exactly what we do and don't do with your data.
The Short Version
We don't collect your notes, todos, or any personal data. Your content syncs directly to your own cloud storage. We have no access to it. We don't track you. We don't sell anything.
What We DON'T Collect
- ❌ Your notes, todos, or boards
- ❌ Your files or documents
- ❌ Your cloud storage credentials
- ❌ Your location
- ❌ Your contacts
- ❌ Analytics or tracking data
- ❌ Cookies (beyond essential session cookies)
What We DO Collect
Minimal data required to operate:
For Pro Subscriptions
- Email address (for receipts and support)
- Payment info is handled by Stripe — we never see your card number
For Support
- If you email us, we have your email and conversation
For the Website
- Basic server logs (IP, user agent, timestamp) — standard for any website
- No Google Analytics, no tracking pixels, no third-party trackers
Your Data Architecture
SpudSuite is local-first:
- Your data lives on your device in browser/app storage
- If you enable sync, data goes to YOUR cloud storage (Google Drive, Dropbox, iCloud)
- SpudSuite has no central database of user data
- We literally cannot read your notes because we don't have them
OAuth & Cloud Access
When you connect Google Drive or Dropbox:
- You authorize SpudSuite for app-folder-only access
- We cannot see your other files
- Access tokens are stored locally on your device, not our servers
- You can revoke access anytime in your Google/Dropbox settings
Third Parties
Services we use:
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, payment method (we don't see card details) |
| Cloudflare | CDN / DDoS protection | IP addresses (standard web traffic) |
| Google/Dropbox/iCloud | YOUR cloud storage | Your data goes directly to your account |
We do NOT use:
- Google Analytics
- Facebook Pixel
- Mixpanel, Amplitude, or any analytics service
- Advertising networks
- Data brokers
Data Retention
- Your notes: Stored on your device and your cloud. We don't have them.
- Pro subscription data: Kept while your subscription is active, deleted on request.
- Support emails: Kept for support purposes, deleted on request.
- Server logs: Automatically deleted after 30 days.
Your Rights
You can:
- Export your data — Settings → Export (it's yours, take it)
- Delete your data — Delete from your cloud storage directly
- Disconnect sync — Settings → Cloud Sync → Disconnect
- Delete Pro account — Email support@spudsuite.com
For GDPR/CCPA requests, email privacy@spudsuite.com.
Security
- All connections use HTTPS/TLS
- OAuth tokens stored locally, not transmitted to us
- No password storage (we don't have accounts)
- Pro payments handled by Stripe (PCI compliant)
Children
SpudSuite is not directed at children under 13. We don't knowingly collect data from children.
Changes
If we update this policy, we'll post the new version here with an updated date. Major changes will be announced in the app.
Contact
Questions about privacy?
- Email: privacy@spudsuite.com
We're real humans who care about this stuff. We'll actually respond.