Privacy Policy

Version 1.0 · Last Updated: March 27, 2026

Introduction

CacheTank respects your privacy. This Privacy Policy explains what data we collect, how we use it, how we protect it, and your rights regarding your data.

Core Principle: Your context belongs to you. We do not sell, share, or monetize your data.

What Data We Collect

Account & Authentication Data

  • Name, email address, profile picture (via Google OAuth)
  • Unique user ID, account creation timestamp
  • Securely stored OAuth tokens for accessing your account

Context & Content Data

  • All documents, preferences, workflows, settings, and professional context you save to CacheTank
  • Timestamps, titles, tags, organizational categories you assign
  • Your saved groupings, hierarchies, and organizational structures

Usage Analytics

  • Features you use, frequency of saves, saves per week
  • Subscription tier, billing status, payment history (last 4 digits of card, expiration month/year only)
  • Chrome extension version, browser version, operating system (general category only)
  • Exception reports for debugging (no personal context included)

Derived Data

  • Number of saves, storage usage, organizational system utilization
  • Login frequency, feature usage statistics

What We Don't Collect

  • Full credit card details (payment processor handles this)
  • Browsing history outside CacheTank
  • Location data
  • Biometric data
  • Marketing cookies or tracking pixels

How We Use Your Data

Primary Uses

  • Store, organize, and serve your context via your personal URL
  • Verify your identity and maintain account security
  • Process payments and manage subscription status
  • Troubleshoot issues and provide customer support

Secondary Uses

  • Analyze usage patterns to improve CacheTank features
  • Understand adoption, retention, and user engagement
  • Detect and prevent unauthorized access, abuse, and fraud
  • Respond to legal requests and comply with regulations

What We Don't Do

  • We do not train AI models on your saved contexts
  • We do not use your data to build user profiles for advertising
  • We do not sell your data to third parties
  • We do not share your email with marketing partners
  • We do not create behavioral profiles based on your content

Data Sharing & Third Parties

Services We Use (Data Processors)

  • Google Cloud/Firestore: Stores your encrypted data. Google is bound by data processing agreements and GDPR compliance terms.
  • Stripe/Payment Processor: Processes subscription payments. Payment processor only receives non-context data (email, subscription tier, card details). Stripe is PCI-DSS compliant.
  • Google OAuth: Authenticates your account. We do not request unnecessary permissions. Google profile data is used only for account creation.

Legal Requirements

We may disclose your data if required by law: court orders, subpoenas, government requests, legally required reporting, or protection of legal rights. In such cases, we will provide notice unless legally prohibited.

Business Transfers

If CacheTank is acquired or merged, your data may be transferred as part of the transaction. We will notify you of material changes to this Privacy Policy.

No Third-Party Sharing for Marketing

We do not share your email, usage data, or context with marketing platforms, data brokers, advertising networks, social media platforms, or analytics companies beyond our internal analytics.

Cookie Policy

What We Use

  • Session Cookies: Maintain your login state (essential, expires when you close browser)
  • Analytics Cookies: Track feature usage and engagement (first-party only, optional)
  • Security Cookies: Prevent CSRF attacks and unauthorized access (essential)

What We Don't Use

  • Third-party tracking cookies
  • Retargeting cookies
  • Cross-site cookies
  • Marketing cookies

Managing Cookies

You can control cookies via your browser settings: disable cookies (may limit CacheTank functionality), clear cookies on exit, or use private/incognito mode.

GDPR & Data Subject Rights (EU Users)

If you are located in the EU or a jurisdiction with similar laws, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you. Receive data in a portable, machine-readable format. Email: ethansilver613@gmail.com

Right to Rectification

Correct inaccurate personal data. Update your profile information directly in your CacheTank dashboard or email us.

Right to Erasure

Request deletion of your personal data (with exceptions for data we must retain for legal/contractual reasons). Timeline: 30 days.

Right to Data Portability

Receive your personal data in a structured, commonly-used, machine-readable format. Use the "Export Data" feature in your dashboard or email us.

Right to Restrict Processing

Request we limit how we use your data. We will retain data but minimize processing.

Right to Object

Object to processing of your data for marketing, profiling, or other purposes. Use preference settings in your dashboard or email us.

Right to Withdraw Consent

Withdraw consent for data processing at any time. No penalty for withdrawal.

CCPA & California Privacy Rights

If you are a California resident, you have additional rights under the CCPA:

  • Right to Know: Request information about what personal data is collected, used, shared
  • Right to Delete: Request deletion of personal data we collected (with exceptions)
  • Right to Opt-Out: Opt out of any data sales (we do not sell data, but you can still opt out)
  • Right to Non-Discrimination: We will not discriminate if you exercise your rights

Timeline: We respond within 45 days. Email: ethansilver613@gmail.com with your request and proof of residency.

Data Retention

While You're Active

  • Account data retained for duration of account
  • Saved contexts retained indefinitely (your property)
  • Usage analytics retained for 12 months

After Subscription Pause

  • Files retained indefinitely
  • Account metadata retained
  • No automatic deletion

After Cancellation

  • Files retained for 90 days (accessible if you reactivate)
  • After 90 days: files archived (not deleted)
  • Archived files may be deleted upon explicit request

Account Deletion

  • Upon deletion request: personal data deleted within 30 days
  • Backups deleted within 180 days
  • Legal/compliance records retained as required

Data Export & Portability

Use the "Export Data" feature in your CacheTank dashboard to receive all your saved contexts as raw files (JSON, Markdown, or text). Export completes within 24 hours.

You will receive: raw, unstructured files without CacheTank's organizational schemas; your original content, unmodified; and metadata (timestamps, tags) in JSON format.

When you export, you lose access to CacheTank's organizational system. Your raw files are portable but unorganized. This is intentional—you own your content, and we own the way we organize it.

Security Measures

Encryption

  • AES-256 encryption for all saved contexts at rest
  • TLS 1.2+ encryption for all data transmission
  • Encryption keys managed via Google Cloud KMS

Access Controls

  • Role-based access controls (RBAC)
  • Multi-factor authentication (MFA) available
  • Principle of least privilege for employees
  • Regular access audits

Infrastructure Security

  • Google Cloud infrastructure with DDoS protection
  • Regular security patching and updates
  • Firewall rules and network isolation
  • Intrusion detection and monitoring

Incident Response

  • Security incident response plan
  • 24/7 monitoring for suspicious activity
  • Immediate notification to affected users of breaches
  • Cooperation with law enforcement as required

We implement reasonable security measures, but no system is 100% secure. We are not liable for unauthorized access that occurs despite our reasonable efforts.

International Data Transfers

CacheTank stores data in Google Cloud datacenters (default: US region). Google Cloud has adequate safeguards per GDPR Article 45.

Team plan users may request EU data residency: Data stored in Zurich, Switzerland (europe-west6), never leaving Europe. Switzerland operates under the revDSG (Swiss Federal Act on Data Protection, in force September 2023), meeting or exceeding GDPR standards.

Contact: hello.cachetank@gmail.com to request EU/Swiss data residency for your team. Individual/Solo plan data is stored in the default US region.

Children's Privacy

CacheTank is not intended for users under 18. We do not knowingly collect data from children. If we discover we have collected data from a child, we will delete it immediately.

Privacy by Design

CacheTank embeds privacy principles into our systems:

  • Data Minimization: Collect only necessary data
  • Purpose Limitation: Use data only for stated purposes
  • Transparency: Clear communication about data practices
  • User Control: Tools to access, correct, and delete data
  • Accountability: Regular audits and compliance reviews

Do Not Track (DNT)

If your browser sends a DNT signal, CacheTank respects it: we disable non-essential analytics cookies. Essential cookies (security, authentication) remain active. Your CacheTank account still functions normally.

Changes to Privacy Policy

We may update this policy to reflect regulatory changes, new security practices, service improvements, or clarifications.

Material changes will be communicated via: email notification to registered address, in-app notification, and website update with effective date.

Continued use constitutes acceptance of updated policies.

Contact & Data Protection

Questions About Privacy

Email: ethansilver613@gmail.com

Data Access/Deletion Requests

  • Method: Email ethansilver613@gmail.com
  • Timeline: 30 days for standard requests, 45 days for CCPA/GDPR requests
  • Format: Include relevant details and proof of identity

Data Protection Authority (EU Users)

If you believe we've violated your privacy rights, you may file a complaint with your local data protection authority.