Privacy Policy

Last updated: April 11, 2026

1. Who we are

Desktopia ("we", "our", "us") is a desktop application that helps you organize your apps, websites, and notes. This Privacy Policy explains what information we collect when you use the Desktopia desktop application, mobile companion app, browser extension, marketing website, and related services (together, the "Services").

If you have questions about this policy, email us at support@desktopia.app.

2. Local-first by default

Desktopia stores your workspaces, folders, items, and notes in a SQLite database on your device. When you use the app without enabling cloud sync, none of this content ever leaves your computer. We do not have access to it and cannot read, recover, or share it.

3. Information we collect

Account information. When you create an account we collect your email address, a password hash (or a Google OAuth identifier), and your display name if you provide one. We need this to authenticate you across devices, enforce trial and subscription status, and send you account-related emails.

Subscription and payment information. We use Lemon Squeezy (lemonsqueezy.com) as our Merchant of Record for payments. When you subscribe, Lemon Squeezy collects your payment details directly and we receive a customer identifier, subscription status, and transaction metadata. We never see or store your card number or CVV.

Cloud-synced content (optional). If you enable cloud sync we upload your workspaces, folders, and items as an encrypted blob to our servers hosted on Google Cloud Run and Supabase. Note attachments are stored in Supabase Storage. Workspaces you mark as "local only" are excluded from this upload entirely.

Diagnostics. The app emits anonymous error reports through Sentry when something crashes. Reports include the error message, stack trace, and your app version. They do not include your items, folders, or any personal content.

Anonymous usage events. We record anonymous feature-use counters (e.g. "item added", "sync run") so we can understand which features people rely on. These events do not contain the content of your items.

4. How we use your information

  • To create and manage your account and enforce trial / subscription access.
  • To deliver the cloud sync feature and resolve conflicts between devices.
  • To send transactional emails: welcome, trial ending, payment receipts, failed payments, security alerts. We do not send marketing email without explicit opt-in.
  • To diagnose bugs and improve the product.
  • To respond to support requests you send us.
  • To comply with applicable laws, including tax reporting through our Merchant of Record.

5. Encryption

Cloud-synced content is encrypted client-side with AES-256-GCM before it leaves your device. The encryption key is stored on our server and delivered to your authenticated client when you sign in. This is "server-assisted encryption" rather than end-to-end encryption: it protects against storage breaches but does not protect against a legally compelled disclosure by our provider. If you need true end-to-end privacy, use local-only workspaces.

6. Service providers we share data with

  • Supabase — authentication and database hosting for cloud sync.
  • Google Cloud Run — API hosting.
  • Lemon Squeezy (lemonsqueezy.com) — Merchant of Record for payments.
  • Resend — transactional email delivery.
  • Sentry — crash and error reporting.
  • Cloudflare Pages — hosting for the marketing website and admin dashboard.

We do not sell your personal information. We do not share your content with advertisers or data brokers.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal information we hold about you. To exercise any of these rights, email support@desktopia.app from the address on your account. You can also export your local data at any time through Settings → Export Data, and delete your account from Settings → Account.

8. Data retention

We keep your account data while your account is active. If you delete your account, we remove your profile, workspaces, folders, items, attachments, and cached encryption key within 30 days. Payment records are retained for as long as tax law requires (typically 7 years).

9. Children

Desktopia is not directed at children under 13, and we do not knowingly collect personal information from children under 13.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced on this page and, where we have your email, by email. Continued use of the Services after an update constitutes acceptance of the revised policy.

11. Contact

Questions about this Privacy Policy? Email support@desktopia.app.