Privacy Policy
Effective Date: November 11, 2025
Contact: jon@devclose.app
Overview
DevClose is a daily logbook for developers. Your privacy matters. This policy explains what data we collect, how we use it, and your rights.
TL;DR:
- We collect only what's needed to run the service (your logs, email, payment info)
- We DON'T sell your data, train AI on your logs, or share with third parties (except payment processing)
- You can export or delete your data anytime
- Your logs are encrypted and private (only you can read them)
1. What Data We Collect
Account Information
- Email address: For account creation, login, and communication
- Password: Stored securely (hashed, never plaintext)
- Name (optional): If you provide it
Log Data (Your Daily Entries)
- Log content: Your daily entries (Accomplishments, Blockers, Learnings)
- Timestamps: When logs were created/edited
- Tags (if you add them): Project names, tech stack labels
Usage Data
- Page views: What pages you visit (via Google Analytics)
- Feature usage: Which features you use (markdown editor, search, export)
- Browser info: Browser type, device type (for bug fixing and optimization)
Payment Information
- Payment details: Processed by Stripe (we never see your full credit card number)
- Billing email: For receipts and invoices
- Subscription status: Free trial, Pro, or Founding Member
2. How We Use Your Data
To Provide the Service
- Store your logs securely (encrypted at rest)
- Enable search (full-text indexing)
- Sync across devices
- Send email notifications (if you opt in)
To Improve the Product
- Analyze usage patterns (which features are used most)
- Fix bugs (error logs, crash reports)
- Prioritize feature development
To Communicate With You
- Send transactional emails (password reset, billing updates)
- Send product updates (new features, roadmap) - you can opt out
- Respond to your support requests
What We DON'T Do
- ❌ Sell your data (revenue comes from subscriptions, not data)
- ❌ Train AI on your logs (your logs are private, not training data)
- ❌ Share with third parties (except Stripe for payments, Supabase for hosting)
- ❌ Serve ads (no ad network tracking)
3. How We Protect Your Data
Encryption
- At rest: AES-256 encryption (industry standard)
- In transit: TLS 1.3 (all connections HTTPS)
- Database: Supabase (SOC 2 Type II compliant, encrypted by default)
Authentication
- Supabase Auth: JWT tokens, OAuth 2.0 flow
- Password security: Hashed with bcrypt (never stored in plaintext)
- Session management: Secure, httpOnly cookies
Access Control
- Your logs are private: Only you can read them (not even we can access without your permission)
- Role-based access: If we add team features, only invited members can see shared logs
Data Backups
- Daily backups: Supabase automatic backups (encrypted)
- Retention: 30-day backup retention (can restore if data loss)
4. Third-Party Services
We use these trusted services to run DevClose:
Supabase (Database & Auth)
- What they do: Host your logs, handle authentication
- Data shared: Your email, logs, account info
- Privacy policy: https://supabase.com/privacy
- Compliance: SOC 2 Type II, GDPR-compliant
Stripe (Payment Processing)
- What they do: Process payments, manage subscriptions
- Data shared: Email, payment info (credit card details go directly to Stripe, we never see them)
- Privacy policy: https://stripe.com/privacy
- Compliance: PCI DSS Level 1 (highest payment security standard)
Google Analytics (Usage Analytics)
- What they do: Track page views, feature usage (anonymized)
- Data shared: Page URLs, browser info, device type (no log content)
- Privacy policy: https://policies.google.com/privacy
- Opt-out: Use browser extensions like uBlock Origin or Privacy Badger
Vercel (Hosting)
- What they do: Host the DevClose website
- Data shared: HTTP requests (IP address, browser info)
- Privacy policy: https://vercel.com/legal/privacy-policy
5. Your Rights (GDPR & CCPA Compliance)
You have the right to:
Access Your Data
- Export your logs: Anytime, as plain markdown files (Settings → Export)
- Download account data: Request a copy of all your data (email us)
Delete Your Data
- Delete account: Settings → Delete Account (permanent, cannot be undone)
- Right to be forgotten: We'll delete all your data within 30 days (except legal/billing records)
Correct Your Data
- Update email: Settings → Account Settings
- Edit logs: Anytime (no history tracking, your current version is what we store)
Opt-Out
- Marketing emails: Unsubscribe link in every email
- Analytics: Use browser extensions (uBlock Origin, Privacy Badger)
Data Portability
- Export format: Plain markdown (.md files)
- No lock-in: Your data is yours, portable to any markdown app
6. Data Retention
Active Accounts
- Free tier: 7 days of log history (older logs automatically deleted)
- Pro tier: Unlimited history (we keep your logs as long as you're subscribed)
- Founding Member: Unlimited history (lifetime)
Deleted Accounts
- Immediate: Account disabled, cannot log in
- 30 days: All data permanently deleted from backups
- Exceptions: Billing records (required by law, 7 years), abuse reports (if applicable)
Inactive Accounts
- Free tier: If no login for 180 days, we may delete your account (30-day warning email)
- Paid tier: As long as subscription is active, account remains (even if unused)
7. Cookies
We use cookies to:
- Authentication: Keep you logged in (session cookie, required)
- Analytics: Google Analytics (optional, can be blocked)
Types of cookies:
- Strictly necessary: Session cookies (required for login)
- Analytics: Google Analytics (can be blocked via browser settings)
- No advertising cookies: We don't serve ads
8. Children's Privacy
DevClose is not intended for users under 13. We do not knowingly collect data from children under 13. If you're a parent and believe your child provided us with personal information, contact us and we'll delete it.
9. International Users
DevClose is operated from the United States. If you're outside the US:
- Your data is stored in US data centers (Supabase US region)
- We comply with GDPR (EU users have full data rights above)
- We comply with CCPA (California users have full data rights above)
Data transfers: By using DevClose, you consent to your data being transferred to the US.
10. Changes to This Policy
We may update this policy as DevClose evolves. Changes will be:
- Posted here: This page will be updated
- Emailed to you: If changes are significant (e.g., new third-party services)
- Effective date updated: Check the top of this page
11. Contact Us
Questions about privacy? Contact Jon:
- Email: jon@devclose.app
- Response time: Within 48 hours (usually faster)
Data requests (export, delete, correct):
- Email jon@devclose.app with "Data Request" in subject
- We'll respond within 30 days (usually within 7 days)
12. Legal Stuff
- Jurisdiction: This policy is governed by US law (Alaska)
- Data Controller: Jon Gerton (sole proprietor, DevClose)
Summary (Plain English)
What we do:
- Store your logs securely (encrypted)
- Use Supabase for database, Stripe for payments
- Track basic usage with Google Analytics (page views, not log content)
What we DON'T do:
- Sell your data
- Train AI on your logs
- Share with anyone (except payment processing)
- Serve ads
Your rights:
- Export your logs anytime (markdown files)
- Delete your account anytime (permanent)
- Opt-out of marketing emails
Questions? Email jon@devclose.app
Version: 1.0
Last Updated: November 11, 2025