Overview
Searose is a personal productivity app. We take your privacy seriously. This policy explains what data we collect, how we use it, and what controls you have over it.
What we collect
When you create an account, we collect:
- Your name and email address
- A hashed password (if you register with email) — we never store your password in plain text
- If you sign in with Google: your name, email, and Google profile ID provided by Google OAuth
When you use the app, we store the content you create:
- Daily notes and note folders
- Tasks, subtasks, priorities, and dates
- Goals and habit records
- Financial entries and budgets
This content is stored on secure servers and is only accessible to your account.
What we do not collect
- We do not sell your data to third parties
- We do not use your content to train AI models
- We do not run advertising or share your data with advertisers
- We do not track you across other websites
Third-party services
Searose uses the following third-party services to operate:
- Anthropic (Claude AI) — when you use AI features (task extraction, focus timer sorting), the text of your current note or task list is sent to Anthropic's API. This data is used only to process your request and is not stored by us beyond the scope of that request. Anthropic's API does not use your data for model training. See Anthropic's privacy policy.
- Google OAuth — if you sign in with Google, we receive your name and email address. We do not receive access to your Google Drive, Gmail, Calendar, or any other Google services beyond basic profile information.
- Resend — we use Resend to send transactional emails (password reset links). Your email address is shared with Resend solely for email delivery. See Resend's privacy policy.
- Railway — our application is hosted on Railway's infrastructure.
- Cloudflare — we use Cloudflare for DNS, CDN, and automated backups of your data every 24 hours.
Data storage and backups
Your data is stored on Railway's infrastructure using a persistent volume. Automated backups are performed every 24 hours via Cloudflare to ensure your data is protected against loss.
Data retention
We retain your data for as long as your account is active. When you delete your account, all associated data (notes, tasks, goals, financial entries, and profile information) is permanently removed from our servers. This action cannot be undone.
Email communications
We only send you emails that you explicitly request, such as password reset links. We do not send marketing emails, newsletters, or promotional content.
Your rights
You have full control over your data:
- Export — download all your data as a ZIP file at any time from Settings
- Delete — permanently delete your account and all associated data from Settings. This action cannot be undone.
Cookies
We use a single session cookie to keep you logged in. We do not use tracking or analytics cookies. Your dark/light mode preference is stored in your browser's localStorage and never sent to our servers.
Security
We take reasonable measures to protect your data:
- Passwords are hashed using bcrypt — we never store them in plain text
- All connections are encrypted via HTTPS
- Session tokens are server-side and expire automatically
- Password reset links are single-use and expire after 1 hour
Children
Searose is not directed at children under 13. We do not knowingly collect data from anyone under 13.
Changes to this policy
We may update this policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. Continued use of Searose after changes constitutes acceptance of the updated policy.
Contact
Questions about privacy? Reach out at [email protected].