Privacy Policy
Last updated: February 26, 2026
Shallow is built on a simple principle: your data is yours. The app is offline-first by design, and we collect as little as possible. This policy explains what we collect, why, and how you stay in control.
1. What Shallow is
Shallow is a macOS desktop application for task management. It stores your tasks, plans, and notes locally on your device in a SQLite database. Cloud features (sync, managed AI, integrations) are optional and require a Shallow account.
2. Data that stays on your device
By default, all of your data lives exclusively on your Mac:
- Tasks, subtasks, and plans — stored in a local SQLite database
- Chat history — conversations with the AI assistant
- Screenshots — images you capture within Shallow are stored locally on your device
- App settings and preferences — stored locally
- API keys (BYOK mode) — your Anthropic API key is stored in macOS Keychain, never transmitted to Shallow servers
If you use Shallow without creating an account (BYOK mode), none of this data ever leaves your computer. We have no access to it.
3. Data we collect when you create an account
If you sign up for a Shallow account, we collect:
- Email address — for authentication, password resets, and essential product communications
- Authentication tokens — managed by Supabase (our auth provider), stored in macOS Keychain on your device
- Subscription status — your current plan and billing period (managed by Stripe)
4. Cloud sync
Cloud sync is an optional Pro feature. When enabled:
- Your tasks are synced to Supabase (our cloud database) so they're available across devices
- End-to-end encryption: Sensitive fields (task titles, descriptions, subtask titles, chat content) are encrypted on your device before upload. We cannot read this data on our servers
- Non-sensitive metadata (dates, priority levels, status, tags) is stored unencrypted to enable server-side features
- Cloud data is stored in the United States via Supabase. If you are located in the EU/EEA and have concerns about data residency, please contact us
- You can disable cloud sync at any time. Your local data remains intact
5. Integrations
Shallow connects to third-party services when you choose to enable them:
- Google Calendar — reads your calendar events to show them alongside tasks. Uses OAuth; we request read-only access unless you enable write access
- Asana — two-way sync of tasks. Uses a Personal Access Token stored in macOS Keychain
- Slack and Gmail (coming soon) — for external task capture
Integration credentials are stored in macOS Keychain on your device. We do not store your third-party passwords or tokens on our servers.
6. AI features
Screenshots and sensitive data
Shallow's screenshot feature (Pro tier) lets you capture portions of your screen to provide visual context to the AI assistant. Screenshots may contain sensitive information — medical records, financial data, personal messages, or other private content visible on your screen at the time of capture.
Screenshots are stored locally on your device by default. They are only sent to Anthropic's Claude API when you explicitly trigger an AI action (such as asking Claude to analyze a screenshot or extract tasks from it). Screenshots are never uploaded to Shallow's servers or included in cloud sync.
You are responsible for reviewing what is visible on your screen before capturing a screenshot. We recommend against capturing screenshots containing passwords, financial account numbers, or other highly sensitive credentials.
Anthropic's data handling
Shallow uses Anthropic's Claude API for all AI features. As of the current API terms, Anthropic does not use API inputs to train its models. For the most current information, see Anthropic's API data policy.
BYOK mode (free tier)
Your API key is stored in macOS Keychain. AI requests go directly from your device to Anthropic's API. Shallow never sees your key or your conversations. Anthropic's privacy policy applies to those requests.
Managed AI (Pro tier)
AI requests are routed through Shallow's proxy server. We include your user ID for rate limiting and usage tracking. We do not log or store the content of your AI conversations on our servers. Requests are forwarded to Anthropic's API and responses are streamed back to your device.
Encryption and AI processing
If you have end-to-end encryption enabled, your task content is decrypted on your device before being sent to Claude for AI processing. Encryption protects your data at rest in Supabase and in transit between Supabase and the app — it does not protect data sent to Claude for processing. This is an inherent tradeoff: AI features require access to your plaintext content.
7. Who we share data with
Shallow shares your data only with the service providers necessary to operate the product:
| Provider | What they receive | Why |
|---|---|---|
| Anthropic | Task content, chat messages, screenshots (only when you trigger an AI action) | AI processing via Claude API |
| Supabase | Encrypted task data, email, auth tokens (only if you enable cloud sync) | Cloud storage and authentication |
| Stripe | Email, payment method, billing address | Subscription billing |
What we do not do:
- We do not sell your personal information to anyone
- We do not use your data for advertising
- We do not share your data with third parties beyond the services listed above
- We do not use your task content, chat messages, or screenshots for any purpose other than providing the service to you
8. Analytics
Shallow includes optional, opt-in analytics powered by PostHog. Analytics are off by default and respect macOS's "Ask App Not to Track" setting. If you choose to enable them:
- We collect anonymous usage events (app launched, task created, feature used)
- We never collect task content, titles, descriptions, or any personal information
- You can disable analytics at any time in Settings
9. Error tracking
We use Sentry to capture JavaScript exceptions and crashes. Error reports may include:
- Stack traces and error messages
- App version, OS version
- Anonymous session identifiers
Error reports never include task content or personal data.
10. Payment processing
Payments are processed by Stripe. We never see or store your credit card number. Stripe provides us with:
- Subscription status and billing period
- A Stripe customer ID (linked to your account)
- Payment failure notifications
11. Data retention
- Local data — persists until you delete it or uninstall the app
- Cloud data — retained while your account is active. Deleted within 30 days of account deletion
- Analytics — anonymous event data is retained for 12 months
- Error reports — retained for 90 days
12. Account deletion
You can delete your account from Settings within the app. This will:
- Purge all cloud-synced data from Supabase
- Cancel any active subscription via Stripe
- Revoke all OAuth tokens for connected integrations
- Remove your authentication credentials from macOS Keychain
Your local SQLite database is not affected — your tasks remain on your device.
13. Your rights (EU/EEA — GDPR)
If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation:
- Right to access — You can export all of your data at any time from Settings → Export Data (JSON format)
- Right to rectification — You can edit or correct your data directly within the app
- Right to erasure — You can delete your account and all associated cloud data from Settings
- Right to data portability — The JSON export includes all of your tasks, subtasks, plans, and metadata in a portable format
- Right to restrict processing — You can disable cloud sync and use Shallow in fully offline mode at any time
- Right to object — You can opt out of analytics (off by default) and disable any integration
- Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing
Legal basis for processing: We process your data based on contractual necessity (to provide the service you signed up for), legitimate interest (error tracking to maintain service quality), and consent (opt-in analytics).
Sub-processors: We use the following sub-processors to deliver the service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Cloud storage, authentication | United States |
| Anthropic | AI processing (Claude API) | United States |
| Stripe | Payment processing | United States |
| PostHog | Analytics (opt-in only) | United States |
| Sentry | Error tracking | United States |
Data Processing Agreements are in place with each sub-processor.
Supervisory authority: You have the right to lodge a complaint with your local data protection authority if you believe your data is being processed unlawfully.
To exercise any of these rights, contact us at privacy@tryshallow.com.
14. Your rights (California — CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act provides you with the following rights:
- Right to know — You can request details about the personal information we collect, use, and disclose. See sections 2–7 of this policy for a complete breakdown.
- Right to delete — You can delete your account and all associated data from Settings, or by contacting us at privacy@tryshallow.com
- Right to opt out of sale — We do not sell your personal information. We have never sold personal information and have no plans to do so.
- Right to non-discrimination — We will not treat you differently for exercising your privacy rights
Categories of personal information collected: Identifiers (email address), commercial information (subscription status), internet or electronic network activity (anonymous analytics events, if opted in).
Categories of personal information sold: None. We do not sell personal information.
Categories of personal information disclosed for a business purpose: Email and payment information to Stripe (billing), task content to Anthropic (AI processing, only when you trigger an AI action), encrypted task data to Supabase (cloud sync, only if enabled).
15. Children's privacy
Shallow is not directed at children under 13 (or under 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@tryshallow.com and we will promptly delete it.
16. Changes to this policy
We may update this policy as Shallow evolves. Material changes will be communicated via the app or email at least 30 days before taking effect. The "last updated" date at the top reflects the most recent revision.
17. Contact
Questions about your privacy? Reach us at privacy@tryshallow.com.