Privacy Policy

Roadmark is a personal project operated by Aleksandr Tretiakov. There is currently no company behind it. You can reach us at support@yourroadmark.com.

To run the service we collect the following:

• Account info — your email and a password hash (Supabase Auth handles hashing; we never see the plaintext).
• Board content — the boards, branches, milestones and decision logs you write.
• AI provider keys, only if you choose to use the AI milestone generator. Keys are encrypted at rest with AES-256-GCM using a server-side key; we use the key in memory to call the chosen provider, then discard it.
• Operational data — the URL you were on if you submit through the feedback widget, and IP-level metadata your browser sends with every HTTPS request.
• Shared-board view analytics — when someone opens a public board link, we record a coarse, anonymous visit so the board's owner can see interest: a count, an approximate time-on-page, the referring website's domain, a device type (mobile/tablet/desktop), and a country (derived from your IP, which we do not store). To tell unique from returning visitors we keep a random, non-identifying id in your browser's local storage — it isn't a name, email, or anything tied to an account, and it's never shared with third parties. The board owner's own visits aren't counted. Set your browser's “Do Not Track” (or Global Privacy Control) and we record nothing.
• Error reports — when something throws server-side or client-side, the stack trace and the URL go to Sentry so we can fix it. No bodies, no form contents.

• To provide the service — render your boards, sync edits, share public links.
• To send transactional emails — signup confirmation, password reset, "your email/password was changed" security notifications.
• To debug and improve — error reports, feedback messages.

We do not sell your data and we don't use it to train any AI model.

The service runs on top of a few third parties. Each one only sees the data it needs:

• Supabase (Germany, EU) — database, authentication, file storage.
• Cloudflare R2 (EU, Western Europe) — encrypted off-site database backups.
• Vercel (US-headquartered, EU edge for European traffic) — hosting and CDN.
• Resend (EU/US) — outbound transactional email.
• ImprovMX (Netherlands) — inbound email forwarding for support@yourroadmark.com.
• Sentry (Germany, EU) — error monitoring.
• Upstash Redis (Germany, EU) — short-lived rate-limit counters.
• Anthropic, OpenAI, Google AI — only when you connect a key for that provider. We forward your prompt and the board context you're generating against; the provider's own privacy policy applies to that traffic.

We use cookies only for things the service can't work without:

• Auth session — Supabase sets HttpOnly cookies that keep you signed in.
• PKCE verifier — short-lived, set during password reset / email change to prove the same browser started the flow that ended it.
• pending_email_change_from — short-lived HttpOnly cookie that remembers your previous email so we can send the security notification to the right address after a successful email change.

We also keep one item in your browser's local storage on public board pages: a random, non-identifying id used only to tell unique from returning visitors for the board owner's view analytics (above). It is first-party, holds no personal data, is never sent to a third party, and is suppressed entirely if your browser signals “Do Not Track” or Global Privacy Control, or if you choose Decline on the cookie notice shown on public board pages.

Beyond that we don't use third-party analytics cookies, tracking pixels, or advertising trackers.

If you're in the EU/EEA or another GDPR-aligned jurisdiction, the lawful bases under Article 6 we rely on are:

• Contract (Article 6(1)(b)) — for everything we need to do to provide the service to you: storing your account, serving your boards, sending transactional emails like password reset and security notifications.
• Legitimate interests (Article 6(1)(f)) — for limited operational uses: error monitoring, debugging via the feedback widget, abuse prevention via rate limits. You can object at any time by writing to support; we'll weigh your objection against the legitimate interest.
• Consent (Article 6(1)(a)) — for anything optional you opt into in the future (e.g., a newsletter, if we ever add one). You can withdraw consent at any time, with no effect on prior processing.
• Legal obligation (Article 6(1)(c)) — if we're ever compelled to retain or disclose data by valid legal process.

Some of our sub-processors are headquartered in the US (Vercel, Anthropic, OpenAI, Google) even though we've picked EU regions where available. When your data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) and the providers' own GDPR programmes. You can ask for copies of the relevant safeguards at support.

• Account and content — kept as long as your account exists. When you delete your account (self-serve from Account → Delete account), it's removed from the live service immediately; residual copies in routine backups age out on the cycles below.
• Error events in Sentry — 90 days (their default).
• Supabase backups — daily for 7 days (their default).
• Off-site backups (Cloudflare R2) — weekly database snapshots, automatically deleted after 90 days.
• Rate-limit counters — minutes; they auto-expire.

Whether or not you live in the EU, you can ask us to:

• Show you what we have on you.
• Fix something that's wrong.
• Delete your account and everything tied to it — self-serve from Account → Delete account, effective immediately.
• Get a portable copy of your boards — use Account → Your data → Export my data to download everything as JSON, any time.
• Opt out of any of the optional things above (e.g. stop sending feedback through the widget — just stop using it).

Account deletion and data export are both self-serve from your account settings — deletion is immediate and irreversible, and removes boards you solely own that have no other members. If you're the only owner of a board shared with others, we ask you to hand it off (promote another owner) or delete it first, so shared work isn't destroyed under its members. For corrections or any other request, write to support@yourroadmark.com and we'll get back to you within a few days.

If you're in the EU/EEA and unhappy with how we've handled your data, you also have the right to lodge a complaint with your national data-protection authority. We'd rather you write to us first so we can fix it directly, but the right is yours either way.

Roadmark isn't directed at children under 16. If you're under 16, please don't sign up. If you're a parent and find your child has an account, write to support and we'll remove it.

Cookies are HttpOnly + Secure in production. AI provider keys are encrypted at rest. Passwords are hashed by Supabase Auth (bcrypt). HTTPS is enforced everywhere by Vercel. Rate limits protect public endpoints from spam and brute force.

That said: we're a small project, not a security-audited enterprise vendor. Don't put state secrets in your roadmap.

If we change something material — a new sub-processor, a different retention window — we'll bump the "Last updated" date at the top and, where possible, email account holders before the change takes effect.