Privacy

Privacy, in plain English

No legalese. No dark patterns. Here's exactly what we collect, why, and where it lives.

Last updated: 2 May 2026

The short version

We collect what we need to run Tree Studios — your email, the strategy you build, and basic logs to keep things working. Your data lives in Europe. We don't sell it. We don't track you across the web. You can export it or delete it whenever you want.

What we collect

Account info. Your email address and your name. That's it for sign-up. If you sign in with Google or Apple later, we get the same — email and name.

The work you put in. The strategy tree you build — objectives, initiatives, teams, comments. This is your content. You own it.

Basic logs. When something breaks, we need to know. We keep short-lived server logs (timestamps, request paths, error messages) so we can fix bugs.

Where your data lives

Everything is stored in Supabase, a Postgres database hosted in Europe. Encryption in transit. Row-level security so one customer can't see another customer's data. Backups so we can recover if something goes wrong.

Transactional email (sign-up confirmations, invite links, password resets) goes through Brevo, an EU-based email provider. They see your email address so they can deliver the message. They don't see the content of your strategy.

Analytics, honestly

We use Umami for product analytics. Umami is cookie-free and privacy-friendly by design. It tells us things like "the pricing page got 200 views today" — not "this specific person visited the pricing page".

No personal information is sent to Umami. No cookies are set. No data is shared with ad networks. We don't use Google Analytics, Facebook Pixel, or any other cross-site tracker. We never have.

Cookies

We use one kind of cookie: the one that keeps you signed in. That's it. No marketing cookies. No analytics cookies. No banner asking you to accept tracking, because there's no tracking to accept.

Your rights (GDPR)

You can ask us, any time, to:

  • Show you everything we have about you
  • Correct anything that's wrong
  • Export your strategy data in a portable format
  • Delete your account and everything we hold

Message us on Telegram and we'll handle it within 30 days, usually much sooner.

Who we share with

Nobody, except the sub-processors we need to run the service: Supabase (database + auth), Brevo (email delivery), and Umami (anonymous analytics). We don't sell data to anyone. We don't share it with advertisers. If a government agency ever asked, we'd push back hard and tell you about it unless legally gagged.

Security

All connections use HTTPS. Database access is locked down with row-level security so a user can only ever read their own company's data. Passwords are hashed by Supabase (argon2 / bcrypt). We're a small team and we treat your data like it's our own — because for some of it, it literally is.

Children

Tree Studios is built for grown-ups doing grown-up product work. Don't sign up if you're under 16.

Changes to this policy

If we change anything that matters, we'll email you and update the "last updated" date at the top of this page. We won't sneak changes in.

Get in touch

Questions, complaints, or just want to talk privacy? Message us on Telegram. A real human will read it.

Ready to get started?

Start for free — no credit card required.

No credit card required