tuido logotui:do

~/privacy

Last updated: January 4, 2025

Introduction

Tuido is a terminal-based task management application with optional cloud sync. We built Tuido with privacy as a core principle. Your data is yours, and we've designed our systems so we can never see it.

Information We Collect

When you use Tuido cloud sync, we collect:

  • Account information: Your email address, name, and profile picture from Google OAuth, used solely for authentication and account management.
  • Anonymous analytics: We use Vercel Analytics to collect anonymous, aggregated data about page views and feature usage. This data contains no personally identifiable information and uses no cookies.

Information We Don't Collect

This is the important part:

  • Your task data: All your tasks, projects, notes, and snippets are encrypted on your device before being uploaded. We only store encrypted blobs that we cannot decrypt.
  • Your encryption password: Your encryption password never leaves your device. We use it locally to derive encryption keys using Argon2id.
  • Decryption keys: We have no way to decrypt your data. This is by design.

How We Use Your Information

  • Authentication: Your Google account info lets us identify you and manage your account.
  • Service improvement: Anonymous analytics help us understand which features are used and improve the service.

Data Storage & Security

  • Local-first: Your data is stored on your device by default. Cloud sync is optional.
  • End-to-end encryption: When you enable cloud sync, your data is encrypted with AES-256-GCM before leaving your device.
  • Zero-knowledge: We cannot read, access, or decrypt your synced data. Only you have the key.
  • Secure infrastructure: We use industry-standard security practices for our servers and databases.

Your Rights

  • Access your data: Your data lives on your device. You always have full access to it.
  • Delete your account: You can delete your account and all associated cloud data at any time from the profile dialog in the dashboard. This action is immediate and irreversible.
  • Export your data: Your local data can be exported from the Tuido terminal application.

Third-Party Services

  • Google OAuth: We use Google for authentication. Google's privacy policy applies to the authentication process.
  • Vercel Analytics: We use Vercel Analytics for anonymous usage statistics. It's privacy-friendly, uses no cookies, and is GDPR compliant.

Contact

If you have questions about this privacy policy, contact us at dave.mostoller.dev@gmail.com.