Privacy Policy

1. Introduction

Graspee is an offline-first, encrypted personal productivity application. You can use Graspee entirely on your device without creating an account. If you choose to enable cloud sync, your data is encrypted on your device before it reaches our servers. This means our servers cannot read your notes, tasks, schedules, or financial records, except where you choose to connect an external calendar app. Calendar app connections are a limited, documented plaintext exception that lets external calendar apps subscribe to read-only feeds and Quick Add events into your Calendar inbox; the calendar sections below explain what is staged, for how long, and what is scrubbed. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

Account data

When you create a cloud sync account, we collect your email address. This is used solely for authentication via one-time passcode (OTP) login.

Authentication and security data

To protect your account and prevent abuse, we process: one-time passcode (OTP) verification events, session cookies and session tokens, socket authentication tokens (short-lived, used for real-time sync connections), IP addresses and rate-limiting signals, and Google reCAPTCHA verification tokens with associated abuse-prevention metadata.

Synced application data

If you enable cloud sync, our server stores encrypted Yjs document blobs (which we cannot decrypt) and profile metadata required for the sync protocol. Content and finance data are encrypted client-side using AES-GCM-256 before transmission. Profile metadata (such as name and timezone) is stored as Yjs binary data that the server treats as opaque, but it is not independently encrypted. The data encryption key within the metadata remains protected by your password.

Connection-related data

If you choose to link a bank account through Plaid or Flinks, session metadata required to create or refresh links is processed. Provider credentials such as Plaid access tokens or Flinks login IDs are stored only in your encrypted local profile shard, not on our server. The server may briefly hold provider sync payloads in memory during active sync jobs but does not durably store provider credentials or transaction data. Our server stores non-reversible HMAC fingerprints of provider connection IDs in a connection link ledger. These fingerprints are used solely to enforce per-user link allowance limits and cannot be reversed to recover the original provider connection IDs.

Calendar app connection data

If you connect a calendar app to a synced profile, the server stores Calendar inbox metadata, a hash of your CalDAV password, subscription metadata, hashes of subscription bearer tokens, the staged plaintext of inbound Quick Add events while pending in your Calendar inbox, and the published artifacts of read-only subscription feeds. Live CalDAV passwords and subscription tokens are not stored on the server in reversible form.

Local-only data

The following data is stored only on your device and never sent to our server: IndexedDB profile data (all notes, tasks, schedules, financial records, and encryption keys), and session state in sessionStorage.

3. Data We Do Not Collect

Graspee does not collect advertising identifiers or tracking pixels, third-party analytics data, location, camera, microphone, contacts, or photo library data, or any plaintext notes, tasks, or financial data on the server. Calendar app connections are the only documented plaintext exception, scoped to Quick Add events staged for your Calendar inbox while pending and to the contents of read-only subscription feeds; the calendar sections below detail what is and is not stored. We do not sell or share personal information for advertising purposes.

4. How We Use Your Data

• Verify your identity via one-time passcode email login.
• Prevent abuse through rate limiting, IP-based controls, and reCAPTCHA verification.
• Maintain encrypted document synchronization between your devices.
• Facilitate optional bank account linking and transaction import through Plaid or Flinks.
• Run calendar endpoints, accept Quick Add events into your Calendar inbox, publish read-only subscriptions to your calendar app, and scrub staged plaintext after browser import, ignore, expiry, or tombstone.
• Send one-time passcodes and service-related notices to your email address.

5. Legal Bases for Processing

• Performance of contract: account access, encrypted sync, and bank-link features that you request.
• Legitimate interests: security, abuse prevention, and service integrity.
• Consent: optional bank-linking flows and any future non-essential processing.

6. Storage and Retention

Local data remains on your device until you clear it from Settings or uninstall the application. Your email and account metadata are retained as long as your account exists. Session tokens expire according to our session policy and are cleaned up automatically. Encrypted sync blobs are retained as long as the associated profile exists and are removed when you delete a synced profile. Connection link fingerprints in the ledger are retained permanently for enforcement purposes, even after a connection is removed, and cannot be reversed to recover provider connection IDs. Provider credentials are not durably stored on our server. IP addresses and request metadata may appear in application logs maintained by our hosting infrastructure, with retention dependent on the hosting provider's policies.

Pending Quick Add events in the Calendar inbox expire after 7 days. After import, ignore, expiry, or tombstone, staged plaintext is scrubbed; placeholder and tombstone records may be retained to deduplicate future imports. Subscription bearer tokens and CalDAV passwords are stored as hashes for verification and are removed when you disable the connection.

7. Sharing and Service Providers

We share data only with service providers necessary to operate Graspee. Each processor receives only the minimum data required for its function. We do not sell or share personal information for advertising or marketing purposes.

• Amazon Web Services Simple Email Service (AWS SES) receives your email address to deliver one-time passcodes.
• Google reCAPTCHA receives request metadata for abuse prevention during authentication.
• Plaid receives connection session data when you choose to link a bank account via Plaid, governed by Plaid's own privacy policy.
• Flinks receives connection session data when you choose to link a bank account via Flinks (when enabled), governed by Flinks' own privacy policy.
• Calendar apps you choose to connect (such as Apple Calendar, Google Calendar, or Outlook) read your read-only subscription URLs and may write Quick Add events through CalDAV. They are not Graspee subprocessors; you choose them and disclose subscription URLs and CalDAV credentials to them.
• Hosting and infrastructure providers store encrypted backend data and application logs.

8. International Transfers

Our service infrastructure and third-party processors may be located in or process data in countries outside your country of residence. Where required by applicable law, we rely on appropriate transfer mechanisms to protect your data.

9. Your Rights

Depending on your jurisdiction, you may have the right to access the personal data we hold about you, correct inaccurate personal data, delete your synced profiles and associated server-side data, object to or restrict certain processing activities, and request data portability where technically feasible.

For California residents (CCPA/CPRA): we do not sell or share your personal information as defined under California law. You have the right to know what data we collect, request deletion, and not be discriminated against for exercising your rights.

If you use Graspee without cloud sync, your data exists only on your device. We have no server-side copy to access, correct, or delete.

To exercise your rights, contact us at privacy@graspee.com. We will respond within the timeframe required by applicable law.

10. Security

All synced application data is encrypted client-side using AES-GCM-256 with keys derived via PBKDF2 (200,000 iterations). The server operates on a zero-access model for synced profile data: it stores and transmits encrypted blobs without the ability to decrypt them. Calendar app connections are a documented plaintext exception, scoped to Quick Add events staged for your Calendar inbox while pending and to read-only subscription feed artifacts; staged plaintext is scrubbed after browser import, ignore, expiry, or tombstone. Sessions are protected by secure cookies and anti-abuse controls. If you lose your profile password, we cannot recover your encrypted data. You are responsible for safeguarding your password and device access.

11. Cookies and Similar Technologies

Graspee uses only essential cookies required for authentication and session management. We do not use advertising, tracking, or third-party analytics cookies. The session cookie authenticates your requests to the server when cloud sync is enabled. Google reCAPTCHA may set cookies or use browser signals during the authentication flow for abuse prevention. Because we use only essential cookies, a cookie consent banner is not currently required under most jurisdictions. This will be revisited if non-essential cookies are added in the future.

12. Children

Graspee is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The effective date at the top of this page indicates when the policy was last revised. If we make material changes, we will notify users through the application or by other appropriate means.

14. Contact

For privacy-related questions or to exercise your rights, contact us at: privacy@graspee.com