Privacy Policy

Shallow is built on a simple principle: your data is yours. The app is offline-first by design, and we collect as little as possible. This policy explains what we collect, why, and how you stay in control.

1. What Shallow is

Shallow is a macOS desktop application for task management. It stores your tasks, plans, and notes locally on your device in a SQLite database. Cloud features (sync, managed AI, integrations) are optional and require a Shallow account.

2. Data that stays on your device

By default, all of your data lives exclusively on your Mac:

• Tasks, subtasks, and plans — stored in a local SQLite database
• Chat history — conversations with the AI assistant
• App settings and preferences — stored locally
• API keys (BYOK mode) — your Anthropic API key is stored in macOS Keychain, never transmitted to Shallow servers

If you use Shallow without creating an account (BYOK mode), none of this data ever leaves your computer. We have no access to it.

3. Data we collect when you create an account

If you sign up for a Shallow account, we collect:

• Email address — for authentication, password resets, and essential product communications
• Authentication tokens — managed by Supabase (our auth provider), stored in macOS Keychain on your device
• Subscription status — your current plan and billing period (managed by Stripe)

4. Cloud sync

Cloud sync is an optional Pro feature. When enabled:

• Your tasks are synced to Supabase (our cloud database) so they're available across devices
• End-to-end encryption: Sensitive fields (task titles, descriptions, subtask titles, chat content) are encrypted on your device before upload. We cannot read this data on our servers
• Non-sensitive metadata (dates, priority levels, status, tags) is stored unencrypted to enable server-side features
• You can disable cloud sync at any time. Your local data remains intact

5. Integrations

Shallow connects to third-party services when you choose to enable them:

• Google Calendar — reads your calendar events to show them alongside tasks. Uses OAuth; we request read-only access unless you enable write access
• Asana — two-way sync of tasks. Uses a Personal Access Token stored in macOS Keychain
• Slack and Gmail (coming soon) — for external task capture

Integration credentials are stored in macOS Keychain on your device. We do not store your third-party passwords or tokens on our servers.

6. AI features

BYOK mode (free tier)

Your API key is stored in macOS Keychain. AI requests go directly from your device to Anthropic's API. Shallow never sees your key or your conversations. Anthropic's privacy policy applies to those requests.

Managed AI (Pro tier)

AI requests are routed through Shallow's proxy server. We include your user ID for rate limiting and usage tracking. We do not log or store the content of your AI conversations on our servers. Requests are forwarded to Anthropic's API and responses are streamed back to your device.

7. Analytics

Shallow includes optional, opt-in analytics powered by PostHog. Analytics are off by default. If you choose to enable them:

• We collect anonymous usage events (app launched, task created, feature used)
• We never collect task content, titles, descriptions, or any personal information
• You can disable analytics at any time in Settings

8. Error tracking

We use Sentry to capture JavaScript exceptions and crashes. Error reports may include:

• Stack traces and error messages
• App version, OS version
• Anonymous session identifiers

Error reports never include task content or personal data.

9. Payment processing

Payments are processed by Stripe. We never see or store your credit card number. Stripe provides us with:

• Subscription status and billing period
• A Stripe customer ID (linked to your account)
• Payment failure notifications

10. Data retention

• Local data — persists until you delete it or uninstall the app
• Cloud data — retained while your account is active. Deleted within 30 days of account deletion
• Analytics — anonymous event data is retained for 12 months
• Error reports — retained for 90 days

11. Account deletion

You can delete your account from Settings within the app. This will:

• Purge all cloud-synced data from our servers
• Cancel any active subscription
• Revoke all OAuth tokens for connected integrations
• Remove your authentication credentials from macOS Keychain

Your local SQLite database is not affected — your tasks remain on your device.

12. Children's privacy

Shallow is not directed at children under 13. We do not knowingly collect personal information from children.

13. Changes to this policy

We may update this policy as Shallow evolves. Material changes will be communicated via the app or email. The "last updated" date at the top reflects the most recent revision.

14. Contact

Questions about your privacy? Reach us at privacy@tryshallow.com.