← Back to Retain

Privacy Policy

Effective Date: [Launch Date] · Last Updated: [Launch Date]

Retain ("the App") is operated by Retain App LLC ("we," "us," "our"). This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

By using Retain, you agree to the collection and use of information as described in this policy.

1. Information We Collect

Information You Provide

• Account credentials — Email address and password when you create an account. Your password is cryptographically hashed before storage; we never store or have access to your plaintext password.
• Task content — Todos, projects, categories, subtasks, notes, due dates, priorities, and other data you create within the App. This is the core content you choose to store.
• API keys — If you generate an API key for third-party integrations (e.g., Claude AI), we store a one-way SHA-256 hash of the key. The plaintext key is shown once at creation and cannot be recovered.

Information Collected Automatically

• Audit logs — When you interact with our API or MCP server, we log the endpoint accessed, HTTP method, response status, your IP address, and a timestamp. These logs are used for rate limiting, security monitoring, and debugging. Audit logs are automatically deleted after 90 days.
• Device cache — The App caches your task data locally on your device using encrypted storage (MMKV with AES encryption). The encryption key is stored in your device's secure enclave (iOS Keychain or Android Keystore). This cache is cleared when you sign out.
• Subscription data — If you subscribe to Retain Pro, we store your subscription tier, status, and billing period dates. Payment processing is handled entirely by RevenueCat and the platform app store (Google Play or Apple App Store); we never receive or store your payment card details.

Information We Do Not Collect

• The App does not include analytics, crash reporting, or tracking SDKs on your device.
• We do not serve ads or share data with advertising networks.
• We do not collect location data, contacts, photos, or device identifiers.
• We do not send push notification tokens to any server. All reminders are scheduled locally on your device.

Server-Side Analytics

We analyze server-side data (API request logs, connection sources, session patterns) in aggregate to understand how the service is used, monitor performance, and improve reliability. This analysis is based on the audit log data described above and does not involve additional data collection.

2. How We Use Your Information

We use your information solely to:

• Provide and maintain the App (storing and syncing your tasks)
• Authenticate your identity and secure your account
• Process subscription purchases via RevenueCat
• Send transactional emails (e.g., password reset, API key setup guide) via Resend
• Enforce rate limits and detect abuse via audit logs
• Analyze aggregate usage patterns from server-side logs to improve the service

We do not sell, rent, or trade your personal information to third parties.

3. Third-Party Services

We use the following third-party services to operate Retain. Each receives only the minimum data necessary for its function:

Service	Purpose	Data Shared
Supabase (AWS-hosted)	Authentication, database, serverless functions	Email, hashed password, all task content, subscription status, audit logs
Cloudflare Workers	MCP server (AI integration endpoint)	API requests with bearer token; stateless, no data stored
RevenueCat	Subscription management	User ID, subscription events, platform
Resend	Transactional email delivery	Email address, email content
Google Play / Apple App Store	App distribution, in-app purchases	Payment and subscription data per their respective policies

Each third-party service operates under its own privacy policy:

• Supabase Privacy Policy
• Cloudflare Privacy Policy
• RevenueCat Privacy Policy
• Resend Privacy Policy

4. MCP Integration (AI Access)

Retain offers an MCP (Model Context Protocol) server that allows AI assistants like Claude to read and manage your tasks with your explicit authorization:

• You control access. MCP access requires an API key that you generate and can revoke at any time.
• Scoped to your data. The MCP server can only access data belonging to the authenticated user. Row-Level Security (RLS) policies enforce this at the database level.
• Stateless. The MCP server does not store any data. All requests are passed through to the database and responses are returned directly.
• Logged. All MCP requests are recorded in your audit log and auto-purged after 90 days.

5. Data Retention

Data	Retention
Account and task data	Stored until you delete your account
Audit logs	Automatically deleted after 90 days
Device cache	Cleared on sign-out; tied to device lifecycle
Subscription history	Retained by RevenueCat and the app store per their policies
Transactional email logs	Retained by Resend per their policy

6. Account Deletion

You can delete your account at any time from the App's Settings screen. Deletion is immediate and irreversible. When you delete your account:

• All projects, categories, todos, subtasks, notes, and API keys are permanently deleted via cascading database deletion.
• Your subscription record is deleted from our database.
• Your authentication record is deleted from Supabase.
• Local device cache is cleared.
• Audit log entries are deleted on the next scheduled purge (within 24 hours) or when they reach 90 days, whichever comes first.

What we cannot delete: Transaction records held by RevenueCat, Google Play, Apple, or Resend, as these are maintained by those services under their own retention policies.

7. Data Security

We implement the following security measures:

• All data in transit is encrypted via TLS (HTTPS).
• Database access is governed by Row-Level Security (RLS) policies — each user can only access their own data.
• API keys are stored as irreversible SHA-256 hashes.
• JWTs are signed with ES256 (ECDSA) keys.
• Local device cache is encrypted with AES, with keys stored in the OS secure enclave.
• Security-sensitive functions are locked to the authenticated user.
• Rate limiting is enforced on all API endpoints.

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure.

8. Children's Privacy

Retain is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at [email protected] and we will promptly delete it.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access your personal data (available via the App and MCP tools)
• Delete your account and all associated data (via Settings)
• Correct inaccurate data (by editing your tasks and account information in the App)
• Object to processing or request restriction of processing
• Data portability — request a copy of your data in a structured format

To exercise any of these rights, contact us at [email protected].

For California residents (CCPA): We do not sell personal information. You have the right to know what data we collect, request deletion, and opt out of any sale (none occurs).

For EU/EEA residents (GDPR): Our legal basis for processing your data is contract performance (providing the service you signed up for) and legitimate interest (security monitoring via audit logs). You may contact your local data protection authority if you have concerns.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: [email protected]
Developer: Retain App LLC

This policy was last reviewed on [Launch Date].