Privacy Policy
Floating Todos is built local-first: your tasks are your business, and we designed the app so we couldn't read them even if we wanted to. Last updated: July 17, 2026.
This policy covers the Floating Todos macOS app and the f-todo.com website, both operated by Floating Todos ("we"). Questions go to [email protected].
The app
The short version: the app collects nothing about you.
- No accounts. There is nothing to sign up for and no profile of you on our side.
- No telemetry, no analytics, no crash reports. The app does not phone home about how you use it, and it does not send crash dumps anywhere.
- Your data stays on your device. Tasks, time blocks, notes, and time sessions live in a database on your Mac. You can additionally encrypt it at rest with a passphrase-derived key (Settings → Security).
- Sync is end-to-end encrypted. Devices you pair sync with each other over an end-to-end encrypted channel, and only devices on your explicit trust list can connect. Your data is encrypted on your device before it goes anywhere — nothing readable ever leaves it, even if traffic passes through a relay.
- Integration tokens live in the macOS Keychain. Credentials for Linear, Jira, YouTrack, Google Calendar, and Toggl are stored in your Keychain, never leave your machine, and are not synced between devices.
- Integrations talk directly to your services. When you connect a tracker, the app calls that service's API from your Mac using your credentials. That traffic goes straight to the provider under its own privacy policy — it never passes through us.
- Update checks. The app periodically fetches an update feed from f-todo.com (Sparkle). Like any web request, this exposes your IP address and app version to our server; we don't use it to identify or track you.
The website
f-todo.com is a static site served through Cloudflare in front of our own server.
- Server logs. Cloudflare and our server keep standard access logs (IP address, user agent, requested page) for security and operations. They are not used to build profiles and are rotated routinely.
- Analytics. We may use privacy-friendly, aggregate site analytics to count visits and see which pages matter. It uses no cookies, does not fingerprint your browser, and does not follow you across the web — we see page counts, not people.
- No ad trackers. There are no third-party advertising or social-media trackers on the site.
Payments
The app is free while in beta. When paid plans launch, purchases will be handled by Paddle as Merchant of Record. Paddle processes your payment details and billing information under its own privacy policy; we receive what's needed to deliver your purchase (such as your email and license status), and we never see your card number.
What we don't do
- We don't sell or share your data with anyone.
- We can't read your tasks, notes, or synced data — the design doesn't give us that access.
- We don't run ads and don't work with data brokers.
Changes
If this policy changes, we'll update this page and the date at the top. Material changes will be called out in release notes.
Contact
Anything unclear, or a request about your data: [email protected].