GSD Task Manager is built privacy-first. Your tasks belong to you. By default, everything you create stays on your own device — there is no account to sign up for, no tracking of what you type, and nothing you create is sent to a server.

The sections below explain exactly what data exists, where it lives, and the few cases where it leaves your device — always because you chose to enable a feature.

We do not require an account, and we do not run advertising or analytics trackers. The tasks, tags, notes, and settings you create are stored only in your browser — we never collect or see them unless you choose to turn on cloud sync, described below.

As with any website, our hosting provider records standard technical logs (such as your IP address and request metadata) when your browser loads the app. See Third-Party Services below.

Your data is saved locally in your browser using IndexedDB. It stays on your device, works completely offline, and is never transmitted anywhere on its own.

You can export all of your data to a JSON file at any time from Settings, and import it back into another browser or device. Clearing your browser storage, or using the in-app delete option, permanently removes the local copy.

If you want your tasks available across multiple devices, you can choose to sign in and enable cloud sync. This is entirely optional and off by default. When sync is enabled:

• You sign in using a third-party provider (Google or GitHub). We never see or store your password.
• Your tasks are stored on our server (api.vinny.io) so they can be delivered to your other devices.
• Data is encrypted in transit using HTTPS, and access is protected by authentication and owner-scoped controls — your account can only read its own tasks.
• For full transparency: your tasks are not end-to-end encrypted. The content is stored in a readable form on the server, so our systems are technically capable of accessing it. We do not read, sell, or share your tasks — but unlike local-only mode, the server can technically access them.

You can disable sync or delete your synced data at any time.

We rely on a small number of third parties, only to the extent needed to provide the features above:

• Google and GitHub (OAuth sign-in) — used only to authenticate you when you enable sync. We receive a basic account identifier, not your password.
• Amazon Web Services (AWS) — hosts the application (via CloudFront and S3) and, when sync is enabled, the database that stores your synced tasks. As with any web host, standard server logs (such as IP address and request metadata) may be recorded.

To find and fix bugs, the app can report errors to Sentry, an error-monitoring service. This is only active when the app is configured with a Sentry key.

Error reports are limited to diagnostic details — such as the error type, a device or task identifier, and status codes. The app is designed to exclude your task content (titles, descriptions, notes, and tags) from these reports, and we never use error tracking to collect or profile what you write.

• Use the app without an account — full functionality works offline with no sign-in.
• Export your data to JSON at any time from Settings.
• Enable or disable cloud sync whenever you like.
• Delete your tasks, or clear your browser storage, to remove the local copy.
• If you enabled sync, you can delete your synced data and account.

If this policy changes, we will update the “Last updated” date at the top of this page. Significant changes will be reflected here.

Questions about privacy or this policy? Contact us at vscarpenter@gmail.com.