← Back

Privacy Policy

Last updated: May 3, 2026

1. Overview

Etch ("we", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights. Etch is a local-first app — your todos and memos are stored on your device by default.

2. Data We Collect

Account information

When you sign in with Google, we receive your email address and Google account ID. This is used solely for authentication and subscription management.

App data

If you sign in and enable cloud sync, your todos, memos, and categories are stored in Supabase (our cloud database provider). This data is tied to your account and protected by Row Level Security — only you can access it.

Google Calendar data (Pro plan)

If you connect Google Calendar, we request read-only access to your primary calendar events. Event data (title, time, date) is fetched in real-time from Google's API and displayed in the app. We do not store, copy, or transmit your calendar data to our servers — it is only used locally on your device for display purposes. Google OAuth tokens are stored securely on your device using the operating system's encrypted storage. You can disconnect Google Calendar at any time from Settings.

Payment information

Payments are processed by Polar.sh. We do not store your credit card details. We receive confirmation of subscription status (plan, renewal date) via webhook.

3. How We Use Your Data

  • To authenticate you and manage your subscription
  • To sync your app data across devices (Pro plan)
  • To display your Google Calendar events in the app (Pro plan, read-only)
  • To enforce plan limits (Free plan)
  • To send transactional emails (billing receipts, account notices)

We do not sell your data, serve ads, or share your data with third parties except as described below.

4. Third-Party Services

Google OAuthUsed for sign-in and Google Calendar access (read-only, Pro plan). Subject to Google's Privacy Policy. Privacy Policy ↗
SupabaseAuth and cloud database provider. Data is stored in their infrastructure. Privacy Policy ↗
Polar.shPayment processor for Pro subscriptions. Privacy Policy ↗
AnthropicAI features (natural language task parsing) are powered by Anthropic's Claude API. Only plain text typed by the user is sent to Anthropic — Google account data and Calendar data are never transmitted to Anthropic. Anthropic does not use API data to train its models. Privacy Policy ↗

5. Google API Services User Data Policy

Etch's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We use Google Calendar data only to display your events within the Etch app. We do not store, sell, transfer, or use Google user data for advertising purposes, nor do we transmit Google user data to Anthropic or any other third party.

6. Data Storage & Security

Your app data on-device is stored in a local SQLite database. Authentication tokens are encrypted using the operating system's secure storage (Windows Credential Manager). Cloud data is protected by Supabase Row Level Security policies.

7. Data Retention

Your cloud data is retained as long as your account is active. If you delete your account, your cloud data will be permanently deleted within 30 days. Local data on your device is not affected by account deletion.

8. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us. You can also export your local data directly from the App.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notice. Continued use of the App after changes constitutes acceptance.

10. Contact

Privacy questions or data requests? Email us at support@etch.day.