Privacy Policy

Your data is yours.

Last updated: April 19, 2026

The short version

Shipfolio is a project tracker for indie developers. We collect the bare minimum needed to make the app work: your Apple ID email when you sign in, and the content you put into the app (projects, tasks, feedback, build log entries, notes). We don't track you, we don't share your data with advertisers, and we don't sell anything to anyone.

What we collect

  • Account info. When you sign in with Apple, we receive your Apple user identifier and, if you choose to share it, your email address. Nothing else. We never ask for your password. Apple handles authentication.
  • App content. The projects, tasks, feedback items, build log entries, dock items, notes, and milestones you create in the app. This is stored so the app can sync across your devices.
  • Sync metadata. Timestamps (created, updated, deleted) and a revision counter on each row. Used to resolve conflicts between devices.
  • Feedback submissions. If you use the "Give feedback" form in Settings, the text you send plus your user ID, category (bug/feature/general), platform, and app version.

What we don't collect

  • No analytics, no tracking pixels, no behavioral events.
  • No advertising identifiers.
  • No location data.
  • No contact lists, photos, or files outside of what you manually add to the app.
  • No third-party SDKs for tracking, analytics, or advertising. We do use Sentry for crash and error diagnostics (see Third parties below) — configured to send no personal data.

Where your data lives

Your content syncs to Supabase, a Postgres-based backend provider (EU West region, Ireland). Supabase stores data at rest and in transit using industry-standard encryption. Access is restricted using Row Level Security, which means you can only read and write your own data, enforced at the database level.

Data on your iOS device is stored in SwiftData (Apple's local database framework). In the web app, your projects, tasks, and other content live in memory only while you have the tab open. Nothing is written to your browser's disk. The only things persisted in your browser's localStorage are (a) your sign-in session so you don't have to log in on every visit and (b) your theme preference (light/dark/system). We don't use cookies and we don't use any tracking or advertising storage.

Third parties

We use the following third-party services, each essential to making the app work:

  • Apple (Sign in with Apple). Handles authentication on iOS, watchOS, and the web. See Apple's privacy policy.
  • Google (Sign in with Google). Handles authentication on the web when you choose Google sign-in. We receive your Google user identifier and email address. See Google's privacy policy.
  • Supabase. Hosts the database and authentication service. Region: EU (Ireland). See Supabase's privacy policy.
  • Stripe. Processes web subscription payments when you upgrade to Pro on the website. We never see or store your card details — Stripe handles billing end-to-end. You can manage or cancel your subscription through the Stripe-hosted billing portal linked from Settings. iOS purchases go through Apple's in-app purchase instead and do not involve Stripe. See Stripe's privacy policy.
  • Sentry. Receives crash reports and performance diagnostics when the app hits an error. Region: EU (Germany). We do not attach your name, email, IP address, or account identifier — only the error itself, device type, and app version. Used solely to fix bugs. See Sentry's privacy policy.
  • Resend. Delivers the account-merge verification email if you ever choose to combine two Shipfolio accounts into one. Resend sees the target email address and the one-time 6-digit code. No other transactional mail is sent through Resend. See Resend's privacy policy.
  • Railway. Hosts the web app. Railway receives standard HTTP access logs (request URLs, timestamps, IP addresses) as part of normal web hosting, but does not see the contents of your account. See Railway's privacy policy.

These are the only third-party services that receive any data about you or your use of the app.

Legal basis for processing

We process your personal data on the basis of Article 6(1)(b) of the GDPR: processing is necessary for the performance of the contract between you and Shipfolio (providing the app service you signed up for). Specifically, storing your projects, tasks, and other content is required to deliver the sync functionality you expect from the app. We do not process your data for any purpose beyond providing the service.

Your rights

You can, at any time:

  • Export your data. Go to Settings in the iOS app or web dashboard and tap "Export my data" to download a full JSON export of everything we hold on you. Alternatively, email support@shipfolio.app.
  • Delete your account. Go to Settings → "Delete account" in the iOS app or web dashboard. This permanently deletes your account and all associated content immediately. This is irreversible. Alternatively, email support@shipfolio.app.
  • Ask us anything. If you're unsure what we have on you or how we handle it, just ask at support@shipfolio.app.

Data retention

When you delete items in the app, we use a soft-delete pattern: rows are marked with a deletion flag and hidden from you, but remain in the database temporarily. This is how the app propagates deletions across your devices (iOS, web, Apple Watch) without losing them in a sync race. Soft-deleted rows are never shown to you again once marked and are permanently purged after 90 days.

If you delete your entire account, all of your content (live and soft-deleted) is permanently removed immediately. Audit records of account actions (such as "account deleted" or "data exported") are retained without your personal identifier attached, solely for compliance purposes.

Children

Shipfolio is not directed at children under 13. We don't knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we'll delete it.

Changes to this policy

If we change how we handle your data, we'll update this page and bump the "Last updated" date at the top. Check back here occasionally if you want to stay up to date.

Recent updates

  • April 2026. Added in-app feedback form (feedback_submissions table, write-only for authenticated users). Added ship streak tracking (user_streaks table, tracks qualifying actions). Added journey view (milestone history per project). Added soft lockout for free-plan projects beyond the 3-project limit. Added in-app purchase pipeline: iap_subscriptions and iap_transactions tables managed exclusively by server-side Edge Functions. Updated RLS to enforce the project limit at the database level.

Contact

Questions, concerns, or feedback on this policy? Email support@shipfolio.app.