Privacy Policy

Last updated: March 20, 2026

Introduction

Apsu (“we”, “us”, or “our”) operates this web application. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service. We are committed to data minimization and only collect information strictly necessary to provide our service.

Information We Collect

We collect the following personal information when you create an account:

  • Name — provided during sign-up to identify your account.
  • Email address — used as your login credential and for account-related communications such as password resets.
  • Password — stored only in hashed form using industry-standard cryptographic algorithms. We never store or have access to your plaintext password.

We do not collect any additional personal information beyond what is listed above. We do not collect financial information, government identifiers, or biometric data.

How We Use Your Information

Your personal information is used solely for the following purposes:

  • Creating and maintaining your user account.
  • Authenticating you when you sign in.
  • Sending account-related communications (e.g., password reset emails).
  • Maintaining the security and integrity of our service.

We do not use your information for marketing, advertising, profiling, or automated decision-making. We do not sell, rent, or trade your personal information.

Cookies and Tracking

We use the following types of cookies:

  • Essential cookies — session cookies required for authentication and keeping you signed in. These are strictly necessary for the service to function and cannot be disabled.
  • Analytics cookies — optional cookies that help us understand how visitors interact with the application. For users in the European Union, these are only set with your explicit consent via our cookie consent banner.

You can manage your cookie preferences at any time through the cookie preferences option available in the consent banner. We do not use fingerprinting, pixel tracking, or any other non-cookie tracking technologies.

Data Storage and Security

Your data is stored in a LibSQL database hosted by Turso, an edge-database provider that replicates data across multiple locations for low-latency access. The application itself runs on Cloudflare Workers, a globally distributed serverless compute platform.

We implement appropriate technical measures to protect your personal information, including: encrypted connections (HTTPS/TLS) for all data in transit, cryptographic hashing of passwords, and access controls that limit data access to authenticated users viewing only their own information.

Data Sharing and Third Parties

We rely on the following third-party service providers to operate our application:

  • Cloudflare — hosting, content delivery, DDoS protection, and DNS. Cloudflare may process request metadata (IP addresses, request headers) as part of its infrastructure services.
  • Turso — database hosting and replication. Turso stores your account data (name, email, hashed password) in encrypted databases.

We do not share your personal information with any other third parties. We do not sell data to data brokers. We may disclose information only if required by law, such as in response to a valid court order or subpoena.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access — you may request a copy of the personal information we hold about you.
  • Correction — you may request that we correct any inaccurate or incomplete personal information.
  • Deletion — you may request that we delete your personal information and close your account.
  • Data portability — you may request your data in a structured, commonly used format.
  • Objection — you may object to the processing of your personal information in certain circumstances.

To exercise any of these rights, please contact us at the email address listed below. We will respond to your request within 30 days.

Data Retention

We retain your personal information for as long as your account remains active. If you request account deletion, we will permanently remove your personal information from our systems within 30 days of your request. Session cookies expire when you sign out or after a period of inactivity. Analytics cookie preferences are retained for up to 365 days.

Children's Privacy

Our service is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Your continued use of the service after any changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: privacy@apsu.io