Privacy Policy

Last updated: February 2025

RadarAgent (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have when you use our focus management application and related services (“Service”).

1. Data We Collect

1.1 Account and authentication

When you sign up or log in, we collect and store:

• Email address
• Password (stored in hashed form by our auth provider)
• If you use Google sign-in: profile information provided by Google (e.g. email, display name, avatar URL) as configured in our authentication provider

Authentication is handled by Supabase. We do not receive or store your Google password.

1.2 Content you create (“bits”)

To provide the Service, we store the content you create, such as:

• Tasks, notes, links, events, images, social posts, habits
• Titles, descriptions, rich text, URLs, dates, tags, and type-specific data (e.g. checklists, previews, recurrence)
• Organization data (orbit placement, links between bits, custom fields)

This data is stored in our database (Supabase/PostgreSQL) and is associated with your account.

1.3 Usage and product analytics

When analytics are enabled (e.g. PostHog), we collect usage events to improve the product. We deliberately do not send personally identifiable information in these events. Examples of what we may collect:

• Anonymous or pseudonymous identifiers (e.g. a user ID that does not reveal email or name)
• Event types (e.g. “bit_created,” “mode_switched,” “search_performed”) and non-PII properties (e.g. bit type, orbit, result count)
• Session and page-view data (e.g. which pages or flows are used)

We strip known PII fields (email, name, password, etc.) from analytics payloads before sending. Our analytics implementation is designed to support compliance with privacy regulations (e.g. GDPR) by avoiding PII in product analytics.

1.4 Error and performance monitoring

If error tracking (e.g. Sentry) is enabled, we may collect:

• Error messages, stack traces, and environment information (e.g. browser, OS) to diagnose and fix issues
• Performance and stability data related to the app

We configure these tools to avoid logging sensitive user content where possible.

1.5 Integrations and API

If you use integrations or our API:

• Inbox API / webhooks: we process payloads you send (e.g. to create bits) and store data necessary to fulfill the request
• Connected accounts (e.g. Google, Slack, Notion): we store tokens and metadata required for syncing; we do not sell this data

Data received from third-party services is used only to provide the integration and in accordance with this policy and the third party’s terms.

2. How We Use Your Data

• To provide, operate, and improve the Service (e.g. storing bits, running AI features, sync)
• To authenticate you and manage your account
• To send you service-related communications (e.g. password reset, important product updates)
• To analyze usage (in non-PII form) and fix errors, in line with Section 1.3 and 1.4
• To enforce our Terms and Conditions and protect the security of the Service
• To comply with applicable law

3. AI and Processing

AI features (e.g. smart reminders, pattern recognition, proactive suggestions) may use your bits and interaction history to generate suggestions. This processing is done to provide the functionality you use. We do not use your content to train third-party models for purposes unrelated to providing your Service. Details of data used for AI are consistent with the “Data we collect” and “How we use your data” sections above.

4. Third-Party Services and Sharing

We use the following categories of third-party services:

• Supabase — Authentication, database, and backend infrastructure. Your account and bits data is stored and processed by Supabase in accordance with their privacy and data processing terms.
• Google — When you use Google sign-in, Google provides us with the profile data you consent to share.
• PostHog (optional) — Product analytics. We send only non-PII events and a user ID as described in Section 1.3.
• Sentry (optional) — Error and performance monitoring. Data sent is limited to what is needed to diagnose errors and improve stability.

We do not sell your personal data. We may share data with service providers who process it on our behalf under contractual obligations to protect your data and use it only for the purposes we specify. We may also disclose data if required by law or to protect our rights, safety, or the rights and safety of others.

5. Data Retention

We retain your account and bits data for as long as your account is active and as needed to provide the Service. If you delete your account or request deletion, we will delete or anonymize your data in line with our internal procedures and applicable law, except where we must retain it for legal or legitimate operational reasons (e.g. backups, dispute resolution). Analytics and error data may be retained in aggregated or anonymized form.

6. Your Rights

Depending on your location, you may have the right to:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate data
• Deletion — Request deletion of your personal data, subject to legal and operational requirements
• Export — Export your bits and related data (e.g. as JSON or via in-app export if available)
• Object or restrict processing — In certain jurisdictions, object to or request restriction of certain processing
• Withdraw consent — Where we rely on consent, withdraw it at any time

To exercise these rights, use the in-app settings (e.g. account, export, delete account) or contact us using the method provided in the application or on our website. We will respond in accordance with applicable law. If you are in the EEA/UK, you also have the right to lodge a complaint with your local data protection authority.

7. Security

We use industry-standard measures to protect your data, including encryption in transit and at rest where applicable, access controls, and secure authentication. Our database and auth use Row Level Security so that users can access only their own data. You are responsible for keeping your password and API keys confidential.

8. Cookies and Similar Technologies

We and our providers (e.g. Supabase, PostHog) may use cookies, local storage, or similar technologies for authentication, session management, security, and analytics. You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

9. Children

The Service is not directed at children under 13 (or the applicable minimum age). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

10. International Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards (e.g. standard contractual clauses or equivalent mechanisms) where required by law for such transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the “Last updated” date. Material changes may be communicated via the Service or email where appropriate. We encourage you to review this policy periodically.

12. Contact

For privacy-related questions, to exercise your rights, or to report a concern, please contact us at kfiratoffice@gmail.com.

← Back to RadarAgent