Privacy Policy

Last updated: February 2026

1. Data Controller

The data controller for Fleeting (fleeting.brnrs.pl) is Barnaba Piotrowski. For any privacy-related enquiries, please contact: privacy@brnrs.pl.

2. What Data We Collect

Fleeting collects only the data you explicitly provide:

• Thoughts — user-entered text (up to 255 characters), timestamps, and recall metadata (recall delay, history).
• Email address — only in cloud mode, used to identify your account.
• Authentication credentials — only in cloud mode; passwords are managed securely by Supabase and never stored in plain text.

We do not collect analytics data, browsing behaviour, device fingerprints, or any other personal data beyond what is listed above.

3. How Data Is Stored

Local mode

When you use Fleeting without signing in, all your thoughts are stored exclusively in your browser's localStorage under keys prefixed with @fleeting/. Your data never leaves your device.

Cloud mode

When you sign in, your thoughts are stored in a Supabase Postgres database. Row Level Security (RLS) is enforced so that only you, the authenticated user, can read or modify your own data.

4. Cookies and Local Storage

Fleeting uses only strictly necessary cookies and browser storage. No tracking, analytics, or marketing cookies are used.

• sb-*-auth-token — Supabase authentication session cookies (access and refresh tokens). Set only when you sign in; strictly necessary for authentication. No consent required under GDPR.
• _vercel_jwt — May be set by the Vercel hosting platform for platform features.
• @fleeting/* (localStorage) — Stores your thoughts and app preferences locally in your browser. No data is transmitted to any server.
• @fleeting/theme-preference (localStorage) — Stores your dark/light theme preference locally. This is a functional preference, not tracking data.

5. Third-Party Processors

We use the following sub-processors to provide the service:

• Vercel — hosting and CDN. See Vercel Privacy Policy.
• Supabase — database and authentication. See Supabase Privacy Policy.

6. Data Retention

Your thoughts are stored until you choose to delete them (“Let go”) or until you delete your account. There are no automatic expiry periods. You may delete individual thoughts at any time from within the app. To delete your account and all associated data, contact privacy@brnrs.pl.

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) you have the following rights:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate data.
• Right to erasure — request deletion of your personal data.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to lodge a complaint — with the Polish supervisory authority (UODO) or your local EU data protection authority.

To exercise any of these rights, contact privacy@brnrs.pl.

8. No Sale of Data

We do not sell, rent, or trade your personal data to any third party, ever.

9. Children's Privacy

Fleeting is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us at privacy@brnrs.pl and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated “Last updated” date. Continued use of Fleeting after changes constitutes acceptance of the updated policy.

11. Contact

For any questions or requests regarding this Privacy Policy, please contact: privacy@brnrs.pl.