Last updated: April 16, 2026
Privdo does not collect, transmit, or share any personal data. All your tasks and settings are encrypted with AES-256 and stored locally on your device.
All data is stored locally using your browser's storage APIs (localStorage for the Chrome extension, IndexedDB for the web app). Your data is encrypted at rest using AES-256 with PBKDF2 key derivation (600,000 iterations). Your PIN never leaves your device.
If you choose to enable cross-device sync, your data is encrypted end-to-end before leaving your device. The sync server (Supabase) only stores opaque encrypted blobs and a random channel ID. The server never sees your plaintext tasks, PIN, passphrase, email, or password.
| Data | Visible to server? |
|---|---|
| Task text, list names, deadlines | No |
| Your PIN | No |
| Your sync passphrase or email/password | No |
| Encrypted blob (opaque ciphertext) | Yes |
| Channel ID (random hash) | Yes |
| Timestamp of last sync | Yes |
The Chrome extension requests only the storage permission, which is used to persist your encrypted task vault locally so data survives between browser sessions. No other permissions are requested.
Privdo does not use any analytics, tracking, advertising, or third-party data collection services. If sync is enabled, the only external service contacted is the Supabase sync endpoint, which receives only encrypted data.
We do not collect, sell, transfer, or share user data with any third parties for any purpose.
If this policy is updated, the changes will be posted on this page with an updated date.
If you have questions about this privacy policy, you can open an issue on the GitHub repository.