Swashbuckler

Privacy Policy

Last updated: March 29, 2026

Overview

Swashbuckler is a personal knowledge-base and note-taking application. We are committed to protecting your privacy and being transparent about the data we collect.

The data controller responsible for your personal data is the operator of Swashbuckler, reachable at support@swashbuckler.quest.

Information We Collect

Account data

When you create an account, we collect your email address and an encrypted password. This information is managed by Supabase, our authentication and database provider.

Your content

Notes, entries, custom types, templates, and other content you create are stored in our Supabase-hosted database. This data belongs to you and is only accessible to you and anyone you explicitly share a space with.

Guest mode data

If you use Swashbuckler as a guest, your content is stored locally in your browser (IndexedDB). No content data is sent to our servers in guest mode. Anonymous analytics may still apply unless you decline during setup.

Analytics

We use Vercel Analytics to collect anonymous, aggregated usage data such as page views and performance metrics. This data does not identify individual users and contains no personal information.

Cookies & Local Storage

We use cookies for authentication sessions and a guest-mode preference cookie. We also use browser localStorage to remember your selected space and UI preferences such as theme settings. We do not use third-party tracking cookies.

How We Use Your Data

  • To provide and maintain the Swashbuckler service
  • To authenticate your identity and secure your account
  • To enable real-time collaboration in shared spaces
  • To improve the application based on aggregated usage patterns

Legal Basis for Processing

We process your personal data under the following legal bases as defined by the GDPR:

  • Contractual necessity — processing your account data and stored content is necessary to provide the Swashbuckler service you signed up for
  • Legitimate interest — we collect anonymous, aggregated analytics to understand usage patterns and improve the service
  • Consent — if we introduce optional cookies or features that require it, we will obtain your explicit consent before processing

Data Sharing

We do not sell, rent, or share your personal data with third parties. Your data is only processed by the following service providers that are essential to running the application:

  • Supabase — authentication, database, and real-time infrastructure
  • Vercel — hosting and anonymous analytics

Both providers are based in the United States. If you are located in the European Economic Area, your data may be transferred to and processed in the US. These transfers are made under Standard Contractual Clauses or other safeguards as provided by each processor. You can review Supabase's and Vercel's respective data processing agreements on their websites.

Data Retention & Deletion

Your data is retained for as long as you have an active account. You can delete your content at any time from within the application. You can also delete your account entirely through the account settings page. Upon deletion, your personal data will be permanently purged from our systems within 30 days.

Your Rights

Under the GDPR, the Oregon Consumer Privacy Act (OCPA), and similar data protection laws, you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete data
  • Right to erasure — request deletion of your personal data
  • Right to restrict processing — request that we limit how we use your data
  • Right to data portability — request your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interest

To exercise any of these rights, please contact us at support@swashbuckler.quest.

Security

We use industry-standard security measures including encrypted connections (HTTPS), row-level security policies on our database, and secure authentication flows. Passwords are hashed and never stored in plain text.

In the event of a data breach that affects your personal data, we will notify you without undue delay and take steps to mitigate any harm.

Changes to This Policy

We may update this privacy policy from time to time. For material changes, we will make reasonable efforts to notify you — such as via an in-app notice or email — before the changes take effect. Any changes will be reflected on this page with an updated date.

Contact

If you have questions about this privacy policy or wish to exercise your data rights, please contact us at support@swashbuckler.quest.