your email address, the contents of any page you fill in (daily, triage, captures, reset), and a session cookie so we can recognise you on the next visit.

that’s it. no behavioural tracking, no third-party ad pixels.

all of it sits on a single sqlite file on a fly.io machine in london (lhr). the machine is encrypted at rest by fly. backups, if and when we add them, will be encrypted too.

you can see it through the prompt ui or the api at /api/v1/planner/docs.

ash ganatra (the operator) can technically read the file because it’s on his server — but only does so if you ask for help debugging something. no automated mining, no sharing with third parties.

prompt_session — set when you sign in via magic-link. 60-day lifetime. lets your browser stay signed in. delete it any time from your browser’s cookie settings.

sign-in emails are sent via resend. they see your email address so they can deliver the message. they don’t see anything else.

email ash@ganatra.uk from the address on your account. your row and everything attached to it gets removed within 7 days. self-serve delete is on the backlog — we’ll get there.

if anything material changes, the “last updated” date at the top gets bumped. anything bigger than a wording tweak gets emailed to everyone who has a session.