This Privacy Policy explains how Squirreld (“Squirreld,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects information when you use the Squirreld application and website at squirreld.com (together, the “Service”). By using the Service, you agree to the practices described here.
Squirreld is a personal record-keeping tool: you choose what to store, and you can delete it at any time.
1. Information we collect
Account information
You sign in with Google. Through Google’s sign-in, we receive your name, email address, profile photo, and Google account identifier. We do not receive your Google password.
Information you choose to store
The Service exists to store information you enter, which may include gift cards, warranties, memberships, pet and vaccine records, recipes, vehicle records, web links, contacts (an address book), and—depending on the categories you use—sensitive information such as:
- Vault entries (lock combinations, codes, passwords, PINs);
- Finance entries (financial institution, account numbers, and login details);
- Health & Wellness entries (for example, vision prescriptions, medications, allergies, and other family health details you enter).
You may also upload files (such as photos of receipts, records, or prescriptions). You decide what to store; please don’t store anything you don’t want kept in the Service.
Household sharing
If you create or join a household, other members of that household can see items you share with the household. Items you mark private are visible only to you.
Payment information
Paid plans are processed by our payment provider, Stripe. Stripe collects and processes your payment-card details directly; we do not receive or store full card numbers. We retain limited billing data such as your subscription status and identifiers.
Information collected automatically
When you use the Service we and our infrastructure providers may automatically collect technical data such as your IP address, device and browser type, and request timestamps, primarily for security, debugging, and reliability. We use browser storage to keep you signed in and to remember small preferences (for example, whether you dismissed the “add to home screen” prompt). We do not use third-party advertising or cross-site tracking.
2. How we use information
- To provide, maintain, and improve the Service;
- To send the reminders you set up (by email) and account-related messages such as household invitations;
- To process payments and manage subscriptions;
- To secure the Service, prevent abuse, and troubleshoot problems;
- To respond to your requests and provide support;
- To comply with legal obligations.
We do not sell your personal information, and we do not sell or share health information for advertising or other unrelated purposes.
3. How your information is stored and protected
Your data is stored in our database and file storage hosted by Supabase (which runs on cloud infrastructure). Information is encrypted in transit using TLS.
Particularly sensitive fields—your Vault secrets and Finance account numbers and login passwords—are encrypted at rest using AWS Key Management Service (KMS). These values are decrypted only momentarily, on the server, when you explicitly choose to reveal them, and are masked everywhere else.
No method of transmission or storage is completely secure, so we cannot guarantee absolute security. You can strengthen your own security by protecting the Google account you sign in with (for example, enabling two-factor authentication).
4. How we share information
We share information only as needed to run the Service, and with service providers (“processors”) acting on our behalf:
- Supabase — database, authentication, and file storage;
- Amazon Web Services (AWS KMS) — encryption of sensitive fields;
- Stripe — payment processing;
- Resend — sending reminder and account emails;
- Vercel — application hosting;
- Google — sign-in (OAuth) and web fonts;
- NHTSA vPIC — if you use the optional VIN lookup, the VIN you enter is sent to this U.S. government vehicle database.
We may also disclose information if required by law, to protect rights and safety, or in connection with a merger, acquisition, or sale of assets (in which case we will notify you of any change in how your information is handled).
5. Data retention & deletion
We keep your information for as long as your account is active or as needed to provide the Service. You can delete individual items at any time inside the app.
Deleting your account: to delete your account and associated personal data, email us at privacy@squirreld.com from your account email. We will delete your account and personal data within 30 days, except where we are required to retain certain records (for example, limited billing records) to meet legal or accounting obligations.
6. Your rights & choices
Depending on where you live, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise these rights, contact privacy@squirreld.com. You can turn off reminders for any item in the app at any time.
California (CCPA/CPRA): we do not sell or “share” personal information as those terms are defined under California law, and we do not discriminate against you for exercising your rights.
EEA/UK (GDPR): where applicable, we process your information to perform our contract with you, to comply with legal obligations, and based on our legitimate interests in operating and securing the Service; where required, we rely on your consent.
Washington “My Health My Data” and similar state laws: some health information you enter may be considered “consumer health data.” We collect it only to provide the Service to you, do not sell it, and will honor verified deletion requests.
7. A note on health information
8. Children’s privacy
The Service is intended for adults and is not directed to children under 13, and we do not knowingly create accounts for them. Adults may choose to store information about their family, including children (for example, a child’s pet, health, or contact details); that information is entered and controlled by the adult account holder. If you believe a child has created an account, contact us and we will remove it.
9. International data transfers
We and our service providers may process and store information in the United States and other countries. Where required, we take steps to ensure appropriate safeguards for international transfers.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Your continued use of the Service after an update means you accept the revised policy.
11. Contact us
Questions, requests, or concerns about your privacy? Email us at privacy@squirreld.com.