Your data, your device
Graspee is designed so that your data stays private by default. Here's what we collect, store, and don't.
Local-only by default
All your data (tasks, notes, schedules, transactions, and encryption keys) is stored locally in your browser's IndexedDB. No account is required. Without cloud sync, nothing leaves your device.
What the server stores when you sync
If you enable cloud sync, the server stores: your email address (for authentication), encrypted Yjs document blobs (which it cannot decrypt), and session tokens. It does not store your password, encryption keys, or any plaintext content.
Bank connections
Plaid access tokens are stored only in your encrypted local shard. The server relays Plaid API calls and may hold sync payloads briefly in memory for job recovery, but does not durably store tokens or transaction data.
No tracking, no ads
Graspee does not use analytics trackers, advertising pixels, or third-party scripts that collect user data. There are no cookies for advertising or tracking purposes.
Data deletion
You can clear all local data from Settings at any time. If you use cloud sync, you can delete your cloud data independently. Deleting your cloud profile removes all encrypted blobs from the server.