← Back to Retain

Privacy Policy

Effective Date: [Launch Date] · Last Updated: [Launch Date]

Retain ("the App") is operated by Retain App LLC ("we," "us," "our"). This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

By using Retain, you agree to the collection and use of information as described in this policy.

1. Information We Collect

Information You Provide

• Account credentials — Email address and password when you create an account. Your password is cryptographically hashed before storage; we never store or have access to your plaintext password.
• Task content — Todos, projects, categories, subtasks, notes, due dates, priorities, and other data you create within the App. This is the core content you choose to store.
• API keys — If you generate an API key for third-party integrations (e.g., Claude AI), we store a one-way SHA-256 hash of the key. The plaintext key is shown once at creation and cannot be recovered.

Information Collected Automatically

• Audit logs — When you interact with our API or MCP server, we log the endpoint accessed, HTTP method, response status, your IP address, and a timestamp. These logs are used for rate limiting, security monitoring, and debugging. Audit logs are automatically deleted after 90 days.
• Device cache — The App caches your task data locally on your device using encrypted storage (MMKV with AES encryption). The encryption key is stored in your device's secure enclave (iOS Keychain or Android Keystore). This cache is cleared when you sign out.
• Subscription data — If you subscribe to Retain Pro, we store your subscription tier, status, and billing period dates. Payment processing is handled entirely by RevenueCat and the platform app store (Google Play or Apple App Store); we never receive or store your payment card details.

Crash Reporting & Analytics (Opt-In Only)

The App includes Sentry (crash reporting) and PostHog (usage analytics), both disabled by default. No crash data or usage analytics leave your device unless you explicitly enable them in Settings. When disabled, the App communicates with exactly two servers:

1. Supabase (*.supabase.co) — your database and authentication
2. Our MCP server (mcp.retainapp.dev) — your AI integration endpoint

If you enable crash reporting, Sentry receives stack traces, device model, and OS version to help us fix bugs. If you enable analytics, PostHog receives anonymized usage patterns. Both can be toggled off at any time, and data collection stops immediately.

Information We Do Not Collect

• We do not serve ads or share data with advertising networks.
• We do not collect location data, contacts, photos, or device identifiers.
• We do not use your task content to train AI models or any machine learning system.

Server-Side Operational Data

Our servers (Supabase and Cloudflare Workers) produce standard operational logs: request volume, response status codes, latency, and rate-limiter events. This is infrastructure telemetry used for performance monitoring, rate limiting, and security. It does not include your task content and is not used for behavioral profiling or marketing.

2. How We Use Your Information

We use your information solely to:

• Provide and maintain the App (storing and syncing your tasks)
• Authenticate your identity and secure your account
• Process subscription purchases via RevenueCat
• Send transactional emails (e.g., password reset, API key setup guide) via Resend
• Enforce rate limits and detect abuse via audit logs
• Analyze aggregate usage patterns from server-side logs to improve the service

We do not sell, rent, or trade your personal information to third parties.

3. Third-Party Services

We use the following third-party services to operate Retain. Each receives only the minimum data necessary for its function:

Service	Purpose	Data Shared
Supabase (AWS-hosted)	Authentication, database, serverless functions	Email, hashed password, all task content, subscription status, audit logs
Cloudflare Workers	MCP server (AI integration endpoint)	API requests with bearer token; stateless, no data stored
RevenueCat	Subscription management	User ID, subscription events, platform
Resend	Transactional email delivery	Email address, email content
Sentry (opt-in)	Crash reporting	Stack traces, device model, OS version — only if enabled by user
PostHog (opt-in)	Usage analytics	Anonymized interaction events — only if enabled by user
Google Play / Apple App Store	App distribution, in-app purchases	Payment and subscription data per their respective policies

Each third-party service operates under its own privacy policy:

• Supabase Privacy Policy
• Cloudflare Privacy Policy
• RevenueCat Privacy Policy
• Resend Privacy Policy
• Sentry Privacy Policy
• PostHog Privacy Policy

4. MCP Integration (AI Access)

Retain offers an MCP (Model Context Protocol) server that allows AI assistants like Claude to read and manage your tasks with your explicit authorization:

• You control access. MCP access requires an API key that you generate and can revoke at any time.
• Scoped to your data. The MCP server can only access data belonging to the authenticated user. Row-Level Security (RLS) policies enforce this at the database level.
• Stateless. The MCP server does not store any data. All requests are passed through to the database and responses are returned directly.
• Logged. All MCP requests are recorded in your audit log and auto-purged after 90 days.

5. Data Retention

Data	Retention
Account and task data	Stored until you delete your account
Audit logs	Automatically deleted after 90 days
Device cache	Cleared on sign-out; tied to device lifecycle
Subscription history	Retained by RevenueCat and the app store per their policies
Transactional email logs	Retained by Resend per their policy

6. Account Deletion

You can delete your account at any time from the App's Settings screen. Deletion is immediate and irreversible. When you delete your account:

• All projects, categories, todos, subtasks, notes, and API keys are permanently deleted via cascading database deletion.
• Your subscription record is deleted from our database.
• Your authentication record is deleted from Supabase.
• Local device cache is cleared.
• Audit log entries are deleted on the next scheduled purge (within 24 hours) or when they reach 90 days, whichever comes first.

What we cannot delete: Transaction records held by RevenueCat, Google Play, Apple, or Resend, as these are maintained by those services under their own retention policies.

7. Data Security

We implement the following security measures:

• All data in transit is encrypted via TLS (HTTPS).
• Database access is governed by Row-Level Security (RLS) policies — each user can only access their own data.
• API keys are stored as irreversible SHA-256 hashes.
• JWTs are signed with ES256 (ECDSA) keys.
• Local device cache is encrypted with AES, with keys stored in the OS secure enclave.
• Security-sensitive functions are locked to the authenticated user.
• Rate limiting is enforced on all API endpoints.

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure.

8. Children's Privacy

Retain is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at privacy@retainapp.dev and we will promptly delete it.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access your personal data (available via the App and MCP tools)
• Delete your account and all associated data (via Settings)
• Correct inaccurate data (by editing your tasks and account information in the App)
• Object to processing or request restriction of processing
• Data portability — request a copy of your data in a structured format

To exercise any of these rights, contact us at privacy@retainapp.dev.

For California residents (CCPA): We do not sell personal information. You have the right to know what data we collect, request deletion, and opt out of any sale (none occurs).

For EU/EEA residents (GDPR): Our legal basis for processing your data is contract performance (providing the service you signed up for) and legitimate interest (security monitoring via audit logs). You may contact your local data protection authority if you have concerns.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: privacy@retainapp.dev
Developer: Retain App LLC

This policy was last reviewed on [Launch Date].