DARD

Privacy Policy

Last updated: March 4, 2026

DARD ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our project management application.

1. Information We Collect

Account Information

  • Email address (used for authentication and account recovery)
  • Display name (optional, set by you)
  • Authentication tokens managed by Supabase

Project Content

  • Project names, descriptions, and context you provide
  • Workspace notes, decisions, actions, risks, and dependencies you create
  • Status reports generated through the application
  • Review approvals and edit history

Usage Data

  • Page views and feature usage (collected via PostHog only with your explicit consent)
  • Error reports (collected via Sentry to improve reliability)

2. How We Use Your Information

  • Authentication: To verify your identity and manage your account.
  • AI Processing: Your workspace content is sent to OpenAI to classify decisions, actions, risks, and dependencies. AI proposals are always shown for your review before becoming records. Your data is not used to train AI models.
  • Service Improvement: Anonymized usage analytics (with your consent) help us understand how features are used.
  • Billing: If you subscribe to a paid plan, Stripe processes your payment information. We do not store credit card details.

3. Third-Party Processors

We use the following third-party services to operate DARD:

  • Supabase — Database hosting, authentication, and row-level security
  • OpenAI — AI classification and analysis of workspace content (your data is not used for model training)
  • Stripe — Payment processing for subscriptions
  • Sentry — Error monitoring and performance tracking
  • PostHog — Product analytics (only with your consent)
  • Vercel — Application hosting and deployment

4. Data Retention

Your data is retained for as long as your account is active. When you delete your account, all associated data (projects, items, notes, reports) is permanently removed. Data sent to OpenAI for AI processing may be retained by OpenAI for up to 30 days for abuse monitoring, after which it is automatically deleted. Your data is not used to train OpenAI's models.

5. Your Rights

Under applicable data protection laws (including GDPR), you have the right to:

  • Access: Request a copy of all your personal data. Use the Export Data feature in your account settings.
  • Rectification: Update your profile information at any time through the settings page.
  • Erasure: Delete your account and all associated data through the settings page.
  • Data Portability: Export your data in JSON format via the account settings.
  • Withdraw Consent: Revoke analytics consent at any time by clearing your browser's local storage for this site.

6. Cookies & Local Storage

We use essential cookies for authentication (managed by Supabase). These are necessary for the application to function and do not require consent.

We use local storage for analytics consent preferences and PostHog session data. PostHog analytics are only activated after you explicitly grant consent via the cookie banner.

7. Security

We implement industry-standard security measures including HTTPS/TLS encryption, row-level security in our database, Content Security Policy headers, rate limiting on all endpoints, and nonce-based script execution.

8. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of DARD after changes constitutes acceptance of the updated policy.

9. Contact

For privacy-related questions or to exercise your data rights, please contact us at privacy@dard.app.