How We Think About Your Data

If you're using Spaceduck to store your thoughts, notes, sketches, research or even sensitive work or personal information, we want you to know we take that seriously.

This isn't just about compliance or ticking boxes. It's about trust. And trust is earned.

So instead of hiding behind legal jargon, we want to tell you clearly how we think about your data, how we protect it, and what our principles are.

Why We Store Data on Servers

Spaceduck is built to work across your devices, to help you collaborate with others, and to support advanced features like search, backups, research and AI-assisted organization. To do that, we store your data securely on servers.

This means you're trusting us to store your data, and we take that responsibility seriously.

We only use your data to:

• Maintain our service;
• Provide customer support;
• Monitor usage of our service; and
• Detect, prevent, and address technical issues.

The People (and Systems) Involved

Let's get something straight before we go deeper, when we talk about data, we're referring to your content, your files, your inputs. And when it comes to who has access to that data, here's the breakdown:

• You -> the person who owns and creates the data
• Other users -> everyone else using Spaceduck within your workspace (but not you, but peoeple you have given access/invited)
• Us -> the people building Spaceduck
• Spaceduck (the system) -> our infrastructure, servers, algorithms
• Third parties -> any external services or systems we use, or threats we protect against

Our Principles

We organize our approach around a few principles that we think matter most. These aren't just technical decisions, they reflect what we believe.

Privacy by Default

Everything you add to Spaceduck is private by default. Nothing is shared unless you choose to share it. No one, not other users, not even our team, can see your content unless you explicitly give permission.

We are also mindful about the types of data we collect:

• We do not collect characteristic protected classifications unless explicitly required and consented to for a specific service.
• Our data collection is limited to what's necessary to provide and improve our services.
• We don't use analytics outside of our marketing website. Our web and mobile apps do not use any analytics. Instead, we use our Slack channel to gather feedback from the community and build new features.

For more information, please refer to our Privacy Policy.

Security That Stays Invisible

We encrypt all data at rest (on disk) and in transit (while being transferred). Files are only served through private, signed URLs that you provide access to.

We also run daily encrypted backups. Your data is safer with us than on a single device.

All user data is saved to multiple disks instantly, with daily backups performed:

• Your data is transmitted securely over HTTPS, ensuring encryption during transfer;
• We regularly update our software infrastructure to maintain the highest security standards; and
• We utilise state-of-the-art physical security through our use of Google Cloud Platform servers and infrastructure.

You Own Your Data

Your data belongs to you. You retain 100% ownership of everything you upload to our platform.

We don't claim ownership of your data, and we never use it for anything other than providing the service you signed up for.

You can export your content any time in standard formats. You don't need to ask. It's yours, we're just keeping it safe for you.

No Tracking, No Selling, No Ads

We don't sell data or private information to third parties. We don't run ads. We don't share personal info with ad networks.

Instead:

• We use our Slack community channel and email to gather feedback, understand how things are working, and improve the experience.
• We log errors so we can fix them as soon as possible.
• We never store personally identifiable information without your consent.
• We only earn money by offering a paid version of Spaceduck. That's it. No funny business.

We Don't Read Your Data

Technically, yes, we could access your data, it lives on our servers. But in practice, we've made it hard on purpose.

Our production environment is completely locked down. Our development tools can't touch it. We use isolated infrastructure, strict permissions, and encrypted keys. The only way we could access your data is by going out of our way to break the rules and that would break our own trust.

We'd have nothing to gain and everything to lose. Our business only works if you trust us.

Our default practice is not to access your information unless:

• It is necessary to provide you with our services, such as AI features;
• We are required to do so by applicable law; or
• We need to access account information to provide customer support, such as troubleshooting technical issues or responding to billing inquiries.

Data Retention

You can request deletion of your data via email and confirm the request through the same email address.

GDPR for Everyone

Even if you're not in the EU, we follow GDPR standards for everyone. That means:

• Data minimization (we only collect what we need)
• Clear consent before using any data
• The right to access, delete, and export your data
• No dark patterns or sneaky data use

It's not the easy route, but it's the right one.

Our Promise

We're a small team building Spaceduck with care, for ourselves and for you. We use it every day, just like you do. We know what it means to trust a tool with your private thoughts and important work.

So we built this the way we'd want it built — secure, respectful, and honest.

If anything in here feels unclear or if you ever have a concern, just reach out. We'll listen. We're not here to hide anything. We're here to build something that lasts. contact@spaceduck.com

Thanks for reading, and see you next time!