Privacy policy

Dendo is built on a single privacy commitment: your goals and tasks never touch our servers. What follows is the short version, plain English, no dark patterns.

What stays on your device

• Your goals, milestones, and tasks — stored in your browser's IndexedDB.
• Your AI provider API key — encrypted at rest with a non-extractable AES-GCM key. Even an attacker with read access to your local storage can't lift the bits.
• Your Lemon Squeezy license key — same encryption.

What we store on our servers

• License validation results — to confirm your Pro unlock when you paste a license key.
• Coarse-grained product analytics via PostHog — page views, gate triggers, AI-call success/failure. No goal text, no task titles, no keys, no PII. Configurable opt-out lands in Phase 2.
• Error reports via Sentry — JavaScript exceptions only, with PII scrubbing. No request bodies.

Third parties we send data to

• Anthropic — every "Break it down" / "Generate tasks" call goes from your browser straight to Anthropic using your API key. We don't proxy it. Your goal text is sent to Anthropic but never to us. Their privacy policy applies.
• Lemon Squeezy — when you buy a Pro license, your payment + email go to them. Their privacy policy applies.
• PostHog + Sentry — as above; only coarse analytics + error frames.

Your rights

• Export everything — Markdown / JSON / Plain text / PDF, in-product, any time.
• Delete everything — clear browser storage; nothing to retrieve from us.
• License refund — 30 days, no questions, email hello@dendo.ai.

Changes to this policy

We'll bump the "last updated" date and post a note on the waitlist / newsletter when this changes materially. No silent edits.

Contact

Questions, requests, or "wait, what does X mean?" → hello@dendo.ai.