Privacy Policy

Effective date: February 7, 2026

Tycana is operated by Mark Hudson. We collect minimal data and don’t sell, share, or monetize your information.

Tycana is not intended for users under the age of 16.

What We Collect

When you use cloud sync, we store:

  • Email address — for authentication and account communication
  • Tasks — titles, due dates, projects, tags, time estimates, completion status
  • Space memberships — which spaces you belong to and your role
  • Device info — device name and type for multi-device sync
  • Calendar feed tokens — unique URLs for calendar subscriptions
  • MCP tokens — device tokens for AI assistant access

Anonymous usage metrics (opt-in): If you opt in, the CLI sends anonymous command usage data — which commands you run, success/failure, CLI version, and operating system. This never includes task content, project names, file paths, or personal information. You can disable this anytime with tycana config telemetry off.

If you only use the free tier without telemetry, everything stays on your machine. We collect nothing.

We do not collect passwords, analytics, location data, contacts, or use third-party tracking scripts. The dashboard uses a session cookie for authentication — no tracking cookies.

How We Use Your Data

Your data is used to provide the service:

  • Tasks are synced across your devices
  • Email is used for magic link authentication
  • Calendar feeds generate ICS data from your scheduled tasks

That’s it. We don’t analyze your tasks, build profiles, or serve ads.

MCP & AI Assistants

When you connect an AI assistant via MCP, that assistant can read and modify your tasks using a token you generate. The connection is initiated and controlled by you. We do not send your data to AI providers — MCP requests come from your assistant to our API, authenticated with your token.

Calendar Feeds

Treat your calendar feed URL like a password — anyone with it can view your scheduled task titles, times, and projects. Feed URLs do not contain your email address. You can regenerate your feed URL at any time to revoke previous access.

Data Storage

  • Location: Cloud data is stored on servers in the United States (hosted on Render)
  • Encryption: All data is encrypted in transit (HTTPS/TLS)
  • Isolation: Each user’s data is isolated; you cannot access another user’s tasks

Data Retention

  • Your data is retained as long as your account is active
  • When you delete your account, your data is removed immediately. Some data may persist in encrypted backups for up to 30 days
  • Local YAML files are always yours and are never affected by account changes

Your Rights

You can:

  • Access your data at any time — tasks are plain YAML files already on your machine
  • Delete your account and all cloud data from the dashboard account page
  • Regenerate calendar feed URLs to revoke access

Third Parties

  • Render — hosting infrastructure
  • Resend — transactional email delivery (magic links only)
  • Cloudflare — website hosting and CDN
  • Paddle — payment processing (we do not store payment details)

We do not share your task data with any third party.

Changes

We may update this policy. Material changes will be communicated via the email on your account.

Contact

Privacy questions: [email protected]