Privacy Policy

We collect the minimum we need to make the scoreboard work: your email, the social handles you choose to track, and the daily counts you log (or that the extension counts in your own browser). We don't sell your data. We don't read your DMs. We don't scrape other users.

Account data.Your email address and, if you sign in with Google, a few profile fields Google sends us (name, picture). We don't store your Google password.

Account profiles. The platform (Reddit / X / LinkedIn / Instagram), the public handle, and the label you give each tracked account.

Activity counts. The daily totals of posts, comments, and likes per tracked account, plus any goals or notes you set.

Browser extension data. If you use our optional extension, it observes the actions you take on supported platforms inside your own browser session and writes the counts to your account. The extension does notread DMs, friend lists, or content from other users. For Reddit, it reads your own profile's public listings (your posts, comments, upvoted items) using your existing logged-in session in your browser.

Operational data. Standard server logs and analytics on the marketing site (page views, anonymized referrer) so we can tell what works.

• Your private messages or DMs on any platform.
• Lists of other users you interact with.
• Content from other people's accounts.
• Your passwords for third-party platforms. We never see them.

• To show you your dashboard, heatmap, and goals.
• To process your subscription via Stripe.
• To send transactional emails (sign-in confirmations, billing receipts, important account notices).
• To improve the product. We may look at aggregated, anonymized usage to decide what to build next.

We use a small number of trusted vendors to run the Service:

• Supabase: database, authentication, file storage.
• Vercel: hosting and request logs.
• Stripe: payments and billing.
• Google: only if you choose “Continue with Google.”
• Resend (or our equivalent transactional email provider): account emails.

Each of these has its own privacy practices. We share only what they need to do their job.

We use a small number of cookies for things that are required to make the app work, like keeping you logged in and remembering your last tab. We don't use third-party advertising cookies.

You can:

• Export or delete your data anytime from Settings.
• Email us at hi@controloutput.com to request a copy of your data, correct it, or delete your account.
• Withdraw consent or object to processing where required by your local laws (e.g., GDPR/UK GDPR/CCPA).

When you delete your account, we delete your accounts and daily logs immediately and remove backups within 30 days, except where retention is required by law (e.g., billing records).

The Service isn't intended for children under 13. If you believe a child is using the Service, contact us and we'll delete the account.

We use industry-standard practices: encrypted connections, hashed credentials, scoped access. No system is perfectly secure, so if we're ever aware of a breach affecting your data, we'll notify you promptly.

Our vendors operate globally; your data may be stored or processed in the United States or the European Union. By using the Service, you consent to those transfers.

We'll update this page when our practices change. Material changes will trigger an email or an in-app notice. The date at the top of this page tells you when it was last updated.

Privacy questions? Email hi@controloutput.com.