Privacy Policy

Buttle is a place to store project notes, decisions, todos, shopping lists, and questions, and to let AI assistants like Claude read and update them on your behalf. We try to collect as little as possible, we do not sell your data, we do not run advertising, and we use operational telemetry only to find errors, debug account-specific problems, and keep the app working.

“Buttle,” “we,” and “us” refer to the operator of buttle.app. You can reach us at privacy@buttle.app.

Account information (via Clerk)

We use Clerk to handle sign-in. When you create an account, Clerk stores your email address, name (if provided), profile image (if provided), and authentication credentials such as a password hash or links to your social sign-in provider (for example, Google). Buttle reads your Clerk user ID and your verified email so we can associate projects with your account. We do not see or store your password.

Content you create

When you (or an AI assistant acting on your behalf) create or update a project, we store the project's title, summary, status, and the items inside it (decisions, todos, shopping list entries, and open questions), along with notes, quantities, due dates, and completion times. We also keep a revision history of every change, including a short summary of the change, who made it (you, an agent, or the system), and which client made it (for example, the web app or Claude).

Connected MCP clients

When you authorize an AI assistant to connect to Buttle, we store an OAuth client registration and issue access and refresh tokens scoped to your account. Tokens are stored as one-way hashes; we cannot recover the original token if it is lost. You can revoke access at any time by disconnecting the client on its side or by emailing us to clear your tokens.

Operational logs

Our hosting provider (Vercel) and database provider (Supabase) record standard request and database logs that may include your IP address, user-agent, and timestamps. These are used to keep the service running and to investigate abuse, errors, and security issues. We do not use this data for advertising or profiling.

Operational telemetry

We use HyperDX to collect error reports, performance traces, page URLs, browser and device details, timestamps, and server-side workflow events. Workflow events may include action names, route names, client type, status, timing, counts, failure reasons, and a pseudonymous account identifier that lets us connect events for the same signed-in user. We avoid full request and response body capture. We use this data to debug errors, understand slow endpoints, investigate abuse, and keep the service reliable. We do not use it for advertising or profiling.

What we do not collect

Buttle does not run advertising, session replay, cross-site tracking, or tracking pixels. The only cookies we set are the ones Clerk needs to keep you signed in. We do not have a cookie banner because we do not use non-essential cookies.

We do not send HyperDX your project titles, summaries, answers, notes, email address, display name, handle, OAuth tokens, calendar event IDs, video room URLs, raw MCP payloads, or full request and response bodies through workflow events.

• To create your account and keep you signed in.
• To store your projects and the changes made to them.
• To let AI assistants you have authorized read and update your projects on your behalf.
• To keep the service secure, debug problems, and prevent abuse.
• To understand whether core workflows are working in aggregate.
• To respond to you when you contact us.

For users in the EU, UK, and other places with similar laws, we rely on performance of our agreement with you (to operate the service you signed up for) and our legitimate interests in keeping the service safe and functional. We do not process your content for any other purpose without asking you first.

We share data only with the providers that run the service:

• Clerk — authentication and account management.
• Supabase — Postgres database. Your projects, items, and history are stored here.
• Vercel — application hosting and request logging.
• HyperDX — error reports, performance traces, and server-side workflow events for debugging and reliability.
• AI assistants you connect (for example, Claude) — when you authorize a client, that client can read and update the projects in your account using its own access token. What that client does with the data after it receives it is governed by that company's terms and privacy policy.

We may also disclose information if required by law, to enforce our terms, or to protect the rights, safety, or property of users or the public. We will never sell your personal information, and we do not share it for cross-context behavioral advertising.

Our providers are based in the United States, and your data is stored and processed there. If you access Buttle from outside the United States, you are sending your information to the U.S. For users in the EU, UK, or Switzerland, our providers rely on Standard Contractual Clauses and the EU-US Data Privacy Framework, where applicable, to cover that transfer.

We keep your account and project data for as long as your account exists. When you delete a project, its items and change history are removed with it. When you delete your account, we delete the projects and content tied to it, and our providers (Clerk, Supabase, Vercel, HyperDX) remove the corresponding records on their normal schedules. Operational logs and telemetry are kept by our providers for a limited period and then rotate out.

You can sign in any time to view, edit, export by copy, or delete your projects. You can disconnect any AI assistant from its own settings, which stops it from reading or updating your data going forward.

Depending on where you live, you may also have the right to request a copy of your data, to correct it, to delete it, to restrict or object to processing, to data portability, and to lodge a complaint with your local data-protection authority. California residents have similar rights under the CCPA/CPRA, including the right to know, delete, and correct, and the right not to be discriminated against for exercising those rights. We honor Global Privacy Control signals as opt-out requests where applicable.

To make any of these requests, email privacy@buttle.app from the address tied to your account. We will not charge you for it and we will respond within the timeframe required by your local law.

Connections to Buttle use HTTPS. OAuth access and refresh tokens are stored as one-way hashes in our database. We use providers (Clerk, Supabase, Vercel, HyperDX) that maintain industry-standard security practices. No system is perfectly secure, so please use a strong password and notify us if you suspect your account has been compromised.

Buttle is not intended for children under 16, and we do not knowingly collect information from them. If you believe a child has created an account, contact us and we will delete it.

If we make a meaningful change to this policy, we will update the “last updated” date above and, where appropriate, notify you in the app or by email. Continued use of Buttle after the change means you accept the updated policy.

Questions, requests, or complaints: privacy@buttle.app.