Privacy

downkeep is a minimalist markdown notebook. This policy explains what data we collect and why.

What we store

When you sign in with Google, we store your email address and Google profile picture URL in our authentication provider (Supabase). We use these solely to identify your account and display your avatar.

Notes you create are stored in a Postgres database hosted by Supabase. Private notes are visible only to you. Public notes are visible to anyone with the URL.

Anonymous visitors who don't sign in have their scratch content stored locally in their browser (IndexedDB). We never see it.

What we don't do

We don't sell your data. We don't run analytics trackers. We don't show ads. We don't read your notes for any purpose other than serving them back to you (or to anyone you've made them public to).

Cookies

We use cookies for authentication session management and theme preference. No third-party tracking cookies.

Data retention

Deleted notes are soft-deleted and permanently removed after 30 days. You can delete your entire account and all associated data from the settings page.

Hosting

The application is hosted on Vercel (serverless functions, CDN). The database and authentication are hosted on Supabase (AWS infrastructure, with data at rest encrypted).

Contact

Questions about this policy: joe@downkeep.com.

Last updated: 27 May 2026.