Privacy Policy & Terms of Service

Your Data Stays on Your Device

Still is a local-first application. All of your personal data — journal entries, financial records, habits, contacts, reading lists, and everything else you create — is stored in a SQLite database inside your browser. No data leaves your device unless you explicitly use a feature described below.

Future versions may offer optional encrypted sync and accounts. These will always be opt-in — local-first remains the default.

Error Tracking

Still is configured to use GlitchTip (a self-hosted, open-source error tracker) for crash reports. When active, a scrubbing layer removes personally identifiable information before any error data leaves your device: user context is stripped entirely, UI interactions are anonymized, request bodies are removed, cookies are deleted, and financial amounts are redacted to "[AMOUNT]".

Performance traces are sampled at 20% in production and contain no personal content. Error tracking is only active when the application is configured with a reporting endpoint — it can be disabled entirely.

AI & Language Model Features

Some features (Counsel chat, Compass search, Discovery exploration) can optionally connect to external language model providers. You choose the provider and supply your own API key — Still never stores or proxies your API key through its servers.

Before sending financial data to any language model, Still applies the "Masked Prophet" pattern: specific amounts are replaced with tokens like [AMOUNT_1] and labels with [LABEL_1]. The model never sees your real numbers or account names.

Supported providers include Anthropic (Claude), OpenAI, Google (Gemini), Mistral, Groq, and OpenRouter. Each provider has its own privacy policy governing how they handle your prompts. Still does not control or have access to data once it reaches your chosen provider.

Web Search

When you use the search feature in Discovery, your query is sent to DuckDuckGo (by default) or Brave Search (if you provide your own API key). Search queries are proxied through a server-side function to avoid CORS restrictions but are not logged or stored.

RSS & Feed Fetching

When you subscribe to an RSS feed in Vellum, the feed URL is requested through a server-side proxy to bypass browser restrictions. Feed URLs and content are not stored server-side. All fetched articles are saved locally in your browser database.

Analytics

Still plans to use Plausible Analytics, a privacy-respecting analytics service that does not use cookies, does not track individuals, and is fully GDPR-compliant by design. When enabled, Plausible will collect aggregate, anonymous usage data (page views, referral sources, browser/OS type) with no personal identifiers. It respects the "Do Not Track" browser setting.

Still does not use tracking pixels, fingerprinting, advertising networks, or any other form of individual user tracking.

On-Device Processing

Article summarization runs entirely in your browser using Transformers.js (via WebGPU or WebAssembly). No article content is sent to external servers for summarization.

The service worker caches content for offline access only and does not transmit telemetry.

Cookies & Tracking

Still does not set HTTP cookies or use third-party tracking scripts. App settings and preferences are stored locally via your browser's built-in storage (localStorage). There is no cross-site tracking of any kind.

Waitlist & Contact

If you sign up for the waitlist, your email is collected via Netlify Forms and stored on Netlify’s infrastructure. This is the only personal information Still collects server-side. Netlify acts as a data processor on our behalf; their privacy practices are governed by their own Data Processing Agreement.

Waitlist emails are used solely to notify you when Still launches. We will send one launch announcement — no other marketing. Emails are retained for up to 12 months from collection or 30 days after public launch, whichever is sooner, then permanently deleted.

To request early deletion, email privacy@stillapp.life. We will process removal requests within 7 business days.

Data Retention

Your hub data: stored locally in your browser, retained until you clear site data or uninstall.

Error reports: retained for 90 days, then automatically purged.

Waitlist emails: retained for up to 12 months or 30 days after public launch, whichever is sooner, then permanently deleted.

Analytics: when enabled, Plausible retains aggregate data indefinitely; no individual records exist to delete.

Your Rights (GDPR / CCPA)

Because Still is local-first, you already control your data. You can export everything via Settings at any time. To delete your local data, clear your browser's site data for Still.

For waitlist email removal, email privacy@stillapp.life and we will delete your entry within 7 business days.

You have the right to: access your data (it's on your device), rectify it (edit it directly), erase it (clear site data), port it (use the export feature), and object to processing (disable any optional feature).

Children's Privacy

Still is not directed at children under 13. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this policy as features evolve. Material changes will be noted with an updated effective date at the top of this page. Since Still does not collect email addresses (outside the waitlist), checking this page periodically is the best way to stay informed. Questions? Email privacy@stillapp.life.

Acceptance of Terms

By using Still, you agree to these Terms of Service. If you do not agree, do not use the application.

Description of Service

Still is a local-first progressive web application for personal life management. It runs in your browser and stores data locally using SQLite. Still does not guarantee data persistence — browser storage can be cleared by the browser, operating system, or user action. You are responsible for backing up your data using the built-in export feature.

Your Responsibilities

You are responsible for maintaining backups of your data. Still provides an export feature in Settings for this purpose.

If you use AI features, you provide your own API keys and are responsible for any costs incurred with third-party providers. Still does not manage, store, or have access to your API keys beyond the current browser session.

You agree not to use Still for any unlawful purpose or in violation of any applicable laws.

Intellectual Property

Still and its original content, features, and functionality are owned by Still and protected by applicable intellectual property laws. Your personal data within Still belongs to you.

Limitation of Liability

Still is provided "as is" without warranties of any kind, express or implied. We do not warrant that the application will be uninterrupted, error-free, or that data stored in your browser will persist indefinitely.

In no event shall Still be liable for any indirect, incidental, special, or consequential damages arising from your use of the application, including but not limited to loss of data, loss of profits, or interruption of service.

Termination

Still is a local-first application. You can stop using it at any time by closing the application or clearing your browser data.

Changes to These Terms

We reserve the right to modify these terms at any time. Changes will be reflected with an updated effective date. Continued use of Still after changes constitutes acceptance of the new terms.

Governing Law & Jurisdiction

These terms are governed by and construed in accordance with the laws of the State of Israel, without regard to conflict-of-law principles.

Any disputes arising from or relating to these terms or your use of Still shall be resolved exclusively in the courts of Tel Aviv-Yafo, Israel.

Contact

For questions about this Privacy Policy or Terms of Service, reach us at privacy@stillapp.life.