Privacy policy
Last updated: 2026-06-15. This page mirrors the actual implementation. If you find a discrepancy between this page and what the product does, the product is wrong — please email us.
Who we are
Caspian Tools is operated by the maintainers of the caspiantools repository. The website at caspiantools.com is the data controller for the personal data described on this page.
Contact: privacy@caspiantools.com.
What we collect
When you sign in:
- Your email address, display name, and avatar URL, as provided by your sign-in provider (Google, GitHub, or email-and-password).
- A Firebase user ID assigned to your account.
When you use the product:
- The tasks, notes, sprints, milestones, projects, and comments you create.
- Attachments you upload to tasks.
- Workspace and project membership records.
- Per-event in-app notifications addressed to your account.
When analytics is active for you (see Analytics below for when that is):
- Usage statistics via Google Analytics 4 — which pages you view, approximate location (country/region, derived from a truncated IP that GA does not store), and device and browser type. We never collect anything that identifies you personally through analytics, and never join it to your account. You can opt out at any time.
We do not collect:
- Any analytics that identifies you personally, or that we tie to your account. We never use Mixpanel, PostHog, Segment, Heap, Amplitude, or session-replay tools.
- Behavioural tracking across other sites.
- Advertising identifiers.
Where it lives
All data is stored in Firebase services (Firestore, Auth, Storage, Cloud Functions), hosted by Google Cloud in region europe-west4 (Eemshaven, Netherlands). Cloud Functions execute in the United States us-central1 region as a deployment constraint, but they do not persist data outside Firestore.
Google Cloud is the only processor for the data you create. When analytics is active for you, Google LLC additionally processes usage statistics through Google Analytics; this may involve transfer to and processing in the United States under Google's terms. We do not share your data with anyone else for any purpose.
GitHub integration
If you connect a GitHub account to push tasks to GitHub Issues, your GitHub OAuth token is issued by Firebase Auth's GitHub provider and held in browser memory during your session only. It is never persisted to our database or any server-side store. Closing the tab discards it.
We never receive or process the contents of any private GitHub repository beyond the specific issues that the product opens, edits, or closes on your behalf.
Analytics
We use Google Analytics 4 (measurement ID G-VMPE9NHWPJ) to understand which pages are used and roughly where visitors are. How we ask for it depends on where you are, so that we follow the consent rules that apply to you.
- EU/EEA, UK, and Switzerland — where prior consent is legally required, nothing analytics-related loads until you choose Acceptin the consent banner. No script, no cookie, no call to Google Analytics happens before that. Decline (or ignore the banner) and it never loads. We detect your region from your browser's time zone, not by sending your IP address to any location service.
- Everywhere else — Google Analytics loads by default. You can opt out at any time via Cookie settings in the footer.
Whichever applies, opting out (or withdrawing consent) stops further collection and clears the analytics cookies, and we never collect anything that identifies you personally or join analytics data to your account.
Cookies
We use functional storage always, and analytics cookies only if you opt in. None of it is for advertising.
- A
sessionHTTP-only cookie that holds your Firebase session, set when you sign in and cleared when you sign out. - Firebase Auth's own client-side storage (cookies and IndexedDB) used by the Firebase SDK to keep you signed in across tabs.
- Your analytics choice, stored locally in your browser (not a cookie sent to us) so we only ask once.
- Only while analytics is active(see Analytics above): Google Analytics'
_gaand_ga_*cookies. These are removed when you opt out.
No advertising or cross-site tracking cookies are ever set.
We send transactional email only — currently invite emails, when a workspace owner adds you. We use the Firebase Trigger Email extension; the underlying SMTP provider sees the recipient address and message body. We do not send marketing email.
Access, export, and deletion
You have the right to access, export, and delete your data. To exercise any of these, email privacy@caspiantools.com from the address on your account. We aim to respond within 14 days.
Account deletion removes your authentication record, your user profile document, and your membership in every workspace and project. Workspaces you solely own are deleted with all their contents. Workspaces you share with other members remain; your individual edits become attributed to your deleted-user record.
Children
Caspian Tools is not directed at children. If you are under 16, please do not create an account. If you believe a child has signed up, email us and we will delete the account.
Changes to this page
We log changes to this page in the repository's commit history and call them out in the changelog. The Last updated date at the top reflects the most recent change.