Legal

Privacy Policy

Last updated: April 8, 2026

GanttCraft("we", "our", "us") is a Gantt chart tool. This policy explains what information we collect when you use GanttCraft, how we use it, and the choices you have. We keep it short and plain.

1. Information we collect

Account information

When you sign in with Google we receive your name, email address, and profile picture from Google. We store your email and display name to identify your account and send collaboration invite emails on your behalf.

Chart data

Everything you create in the editor includingchart titles, sections, activities, dates, colors, and settings is stored in our database so you can access it across devices. Chart data is private by default. You choose if and with whom it is shared.

Download usage

To enforce the weekly download limit for free accounts, we log each download event alongside your user ID (if signed in) or a one-way SHA-256 hash of your IP address (if you are not signed in). The raw IP address is never stored.

Billing information

If you upgrade to Plus, your payment is processed by Dodo Payments. We do not store your card number or any raw payment credentials. We store the Dodo subscription ID, customer ID, and plan status so we know your account is active.

Usage and logs

Our hosting infrastructure may collect standard server logs (timestamps, HTTP method, URL path, status code, referrer) for debugging and security purposes. These logs are retained for a short period and are not sold or shared.

2. How we use your information

  • To operate the app and save your charts
  • To enforce free-plan limits (3 charts, 3 downloads per week)
  • To send chart collaboration invite emails when you choose to invite someone
  • To manage your Plus subscription and process renewals through Dodo Payments
  • To respond to support requests you send us
  • To detect and prevent abuse or fraudulent activity

We do not use your data to show you advertisements. We do not sell your personal information to any third party.

3. Sharing your information

We share your information only in the following limited circumstances:

Supabase

Our database and authentication provider. Your chart data and account information is stored in Supabase-managed PostgreSQL. Supabase is SOC 2 Type II certified.

Dodo Payments

Our payment processor for Plus subscriptions. When you upgrade, your payment details are handled directly by Dodo Payments under their privacy policy.

Resend

Our email delivery provider. When you send a collaboration invite, the recipient's email address is passed to Resend to deliver the message.

Legal requirements

We may disclose information if required to do so by law or in response to a valid legal request from a government authority.

4. Public charts

If you enable the "Public link" toggle on a chart, it becomes accessible to anyone with the URL, including people who are not signed in. Public charts are indexed by their slug, not by your name or email. You can disable public access at any time, which immediately removes access for anyone without a direct share invitation.

5. Data retention

Your charts and account data are kept for as long as your account exists. If you delete a chart, it is permanently removed from our database. If you would like to delete your entire account and all associated data, email us at support@ganttcraft.com and we will action the deletion within 30 days. Download log entries older than 90 days are automatically purged.

6. Cookies & local storage

We use a session cookie set by Supabase to keep you signed in. We also write your in-progress chart to browser localStorage so your work is not lost if you are not yet signed in. No third-party tracking cookies are placed on your device.

7. Security

All data in transit is encrypted via TLS. Data at rest is encrypted by Supabase. Access to chart data is controlled by Row Level Security policies at the database level, our application code cannot accidentally expose one user's charts to another. We review these policies whenever the schema changes.

8. Children

GanttCraft is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

9. Changes to this policy

We may update this policy from time to time. When we do, we will update the "last updated" date at the top of this page. Continued use of GanttCraft after a change constitutes acceptance of the updated policy.

10. Contact

Questions about this policy or your data? Email us at support@ganttcraft.com. We aim to respond within 5 business days.