Privacy Policy

Information we collect

We collect only the information needed to run DoneSprint:

• Your email address, for login and reminder emails
• The goals and definitions of done you create
• Completion activity and deadline-related metadata

How we use your data

• Authenticate your account using magic links
• Show your active and completed sprints
• Send reminders related to your current goal and deadline
• Maintain streaks, completion history, and other product signals

Email

DoneSprint sends emails only for product functionality:

• Magic login links
• Goal reminder emails
• Completion links for active goals

DoneSprint does not send marketing emails.

Storage and infrastructure

Your data is stored using third-party infrastructure providers that support authentication, storage, and email delivery.

Your control

You can stop using DoneSprint at any time. If you have questions about your data, contact us directly.

You can request a copy of your data at any time by contacting privacy@donesprint.com.

Data controller

DoneSprint is responsible for the personal data processed through this service. You can contact us about privacy at privacy@donesprint.com.

Legal bases

We process data to provide the service you request, to run and secure the product, to communicate about your account and sprints, and to comply with legal obligations. We do not use your data for marketing unless we ask for separate consent.

Data categories

We may process account email, sprint content, deadlines, progress and stuck states, reminder metadata, accountability contact details when you provide them, public share/profile data, contact messages, billing entitlement data, and product/security events.

Service providers

We use trusted providers to operate DoneSprint, including Supabase for authentication and database services, Vercel for hosting, Resend for transactional email, and Paddle for payments once subscriptions are enabled.

International transfers

Our providers may process data in countries outside your own. When that happens, we rely on their contractual, security, and transfer safeguards where required by applicable law.

Retention

We keep account and sprint data while your account is active. Public shares remain until removed. Contact messages and product events are kept only as long as needed for support, security, product operation, or legal obligations.

Public sharing

If you create or share a public win page or public profile, the information shown on that page is publicly accessible to anyone with the link. You can ask us to remove public pages.

Accountability contacts

If you add an accountability contact, we process that person's name and email only to send the accountability email described in the product. Only add someone who expects or agrees to that contact.

Payments

When paid subscriptions are enabled, payment details are handled by our payment provider. DoneSprint stores billing status and provider identifiers, but not full card details.

Security

We use technical and organizational safeguards such as server-side access controls, protected secrets, restricted database access, and transactional email providers. No system can be guaranteed completely secure.

Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to processing of your personal data. Contact privacy@donesprint.com to make a request.

Complaints

If you are in the EU or UK, you may have the right to complain to your local data protection authority. We ask that you contact us first so we can try to help.

Privacy contact