Legal

Privacy Policy

Written in plain language. Last updated June 2026.

This policy explains what data Weekest collects, how we use it, and what we don't do with it. We've written it to be readable. If something is unclear, ask us.

What we collect

When you sign in to Weekest with Google, we receive:

  • Your Google account email address
  • Your Google display name
  • A unique identifier from Google that ties your account to your Weekest data

We do not receive your Google password, your Google contacts, your Google Drive files, or anything else from your Google account. The OAuth grant is narrow and intentional.

When you use Weekest, we store:

  • The weeks and items you create — text, labels, dates, completion status, item scale, and whether items are private
  • Your preferences — date format, color mode, visual theme
  • If you subscribe, your Stripe customer ID and subscription status (not your payment card — Stripe handles that)

What we do with it

We use your data to run Weekest. That's it. Your weeks are stored so you can see them. Your email is used to identify your account. Your preferences are stored so they persist across devices.

We do not use your data for advertising. We do not build behavioral profiles. We do not run analytics services that track your movements through the product. We do not sell your data or share it with third parties for any purpose other than running the service.

Third parties we work with

Running Weekest requires two third-party services:

Supabase — our database and authentication infrastructure. Your data is stored in a Supabase-managed Postgres database. Supabase stores data in the European Union by default. You can read Supabase's privacy policy at supabase.com.

Stripe — payment processing for paid plans. If you subscribe, Stripe stores your payment information. We never see your card number. Stripe is PCI-DSS compliant. You can read Stripe's privacy policy at stripe.com.

We do not use Google Analytics, Mixpanel, Segment, Amplitude, or similar behavioral analytics services. We do not load any third-party tracking scripts.

Cookies and local storage

Weekest uses:

  • A session cookie to keep you signed in. This is authentication-only and contains no tracking information.
  • Browser localStorage to store your theme preference, color mode, and date format. This data never leaves your device.

We do not use third-party cookies. We do not use cookies for advertising or cross-site tracking.

Your rights

Export. You can export all your data as a CSV at any time from the configure page — every item, every field, every entry in your history. No lock-in.

Delete. You can delete your account from the configure page. This permanently and immediately deletes all your data from our systems — items, preferences, account record, everything. This action cannot be undone.

Access and correction. If you want to know what data we hold about you, or believe something is incorrect, contact us and we'll respond within 30 days.

Data retention

Your data is retained while your account is active. If you cancel a paid plan, your data stays accessible for 30 days, then is permanently deleted. If you delete your account, deletion is immediate.

We do not retain backups of deleted data beyond 30 days.

Enterprise (self-hosted)

If you use the Enterprise tier, your data never reaches our servers. Your Weekest installation runs on your own infrastructure and you are responsible for your own data handling. This policy doesn't apply to self-hosted deployments.

Children

Weekest is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

Changes to this policy

If we make material changes to this policy, we'll notify you by email at least 30 days before the changes take effect. The current version is always at this URL. The date at the top shows when it was last updated.

Contact

Questions about privacy: privacy@weekest.com.

General enquiries: hello@weekest.com.