Privacy

What duetpad knows about you.

Plain English version: we collect what we need to keep your projects on the screen, plus a little to keep the product working and getting better. No ads, ever. We never sell your work, and we never read what’s inside your projects to measure you. Product analytics only run if you say yes.

Last updated: 30 June 2026 — the version of our privacy practices currently in effect.

Who runs duetpad. duetpad is a service operated as duetpad, a sole trader based in the United Kingdom, contactable at hello@duetpad.com. We are the data controller for the information described here. You can reach us about anything in this policy at privacy@duetpad.com. The UK GDPR and Data Protection Act 2018 are the framework we orient to; if you’re in the EU, the EU GDPR gives you the equivalent rights.

What does duetpad collect?

Here’s the full list — all of it tied to making the product work:

  • Your sign-in details. Email address, and a one-way scrambled version of your password (we never see the password itself). If you sign in with Google instead, we get the email and a stable identifier from Google.

  • Your profile. The name and avatar you put on your settings page. Optional — leave them blank and duetpad still works.

  • Your projects and cards. Everything you type into the canvas: project names, folder names, personas, jobs, journeys, problem statements, briefs. This is the work itself. We store it so you can come back to it.

  • Pairing keys. When you connect an AI to duetpad, we generate a long, random key that lets it talk to your projects. We store the key so we can tell it’s really you, and nothing else. You can revoke it from your settings page at any time.

  • Connection records. Light, technical breadcrumbs about your Claude Code connection — when it last connected, whether it’s online — so the canvas can show “paired” or “not paired” correctly.

  • Semantic-search embeddings. When you save a card, duetpad sends its text — the title, summary, and body (up to the first 8,000 characters) — through OpenRouter to an OpenAI embedding model, which returns a short numeric fingerprint (an embedding) so Cmd-K search can find the card. We store that fingerprint against your card and keep no separate copy of the request.

  • Product-analytics events — only if you say yes. If you accept the analytics banner, we count which actions you take — “created a project”, “paired Claude Code” — so we can see what’s working. Never the words inside your cards. Decline and none of this is collected. This is handled by PostHog.

  • Error reports. When something breaks, we collect a diagnostic report — what went wrong and roughly where — so we can fix it. We keep your project content out of these. This is handled by Sentry, and runs regardless of your analytics choice — it’s how we keep duetpad stable and secure, not how we measure you.

When you connect an AI, any AI writing runs inside your own AI’s session — duetpad never sees the prompt or the model output. The canvas only stores what your AI writes back to your project.

Why we’re allowed to hold it.

Under UK and EU GDPR, every purpose above needs a lawful basis. Here’s ours, purpose by purpose:

  • Running your account and canvas. Your sign-in details, profile, projects and cards, and pairing keys. Lawful basis: performance of our contractwith you (Article 6(1)(b)) — we can’t give you the service you signed up for without them.

  • Semantic-search embeddings. The numeric fingerprint behind Cmd-K search. Lawful basis: performance of our contract(Article 6(1)(b)) — it’s part of the product you’re using.

  • Keeping duetpad working and secure. Connection records, and the error reports that keep the product stable. Lawful basis: our legitimate interests(Article 6(1)(f)) in a product that stays working, stable, and secure — weighed against your privacy, and never used to measure you.

  • Product analytics. The action counts described above. Lawful basis: your consent (Article 6(1)(a)), given through the analytics banner and withdrawable at any time. Say no and none of it is collected.

  • Billing. Your plan status and customer reference, when you start a paid plan. Lawful basis: performance of our contract (Article 6(1)(b)), plus our legal obligations (Article 6(1)(c)) to keep tax and payment records for as long as the law requires.

What does duetpad not collect?

  • We don’t sell or share your work. Your projects and cards are never sold, rented, or handed to advertisers.

  • We don’t read your project content to measure you. The product analytics described above count actions, never the words inside your cards. No ad networks, no affiliate links, no cross-site ad tracking.

  • We don’t collect your browsing history, location, contacts, calendar, or anything else outside duetpad’s own canvas.

  • We don’t see your payment card. When you start a paid plan, Stripe handles the card — duetpad only ever gets a customer reference and your plan status, never the card itself.

What about cookies?

A small set, all functional — none used to track you across the web:

  • Sign-in cookie. Keeps you signed in between visits. Essential — without it duetpad forgets who you are on every page load.

  • Theme cookie. Remembers whether you picked light or dark. Optional, easy to clear.

  • Sidebar cookie. Remembers whether your sidebar is open or collapsed. Optional.

  • Analytics-choice cookie. Remembers whether you said yes or no to product analytics, so we don’t ask again on every visit. If you never answer, analytics stay off.

Who else sees your data?

A small, named list of services duetpad pays to run the product. They process your data on duetpad’s instructions and they don’t use it for their own purposes.

  • Supabase hosts the database where your projects live and handles the sign-in machinery. Data sits in EU regions (Frankfurt and Paris).

  • Vercel runs the website itself — the page you’re reading right now. Vercel sees the standard request information any hosting service does (your address, the page you asked for, a timestamp).

  • OpenRouter routes the embedding requests duetpad generates for Cmd-K search. Your card’s text — its title, summary, and body (truncated to 8,000 characters) — travels through OpenRouter to reach the OpenAI embedding model, which returns the numeric fingerprint. AI writing happens inside your paired Claude Code session, never through OpenRouter.

  • Stripe handles payment when you start a paid plan. Stripe sees the bits payment processors need to see (your card, your country); duetpad only gets a customer reference back.

  • PostHog records the product-analytics events — but only if you accept the analytics banner. It sees which actions you take, never the words inside your cards. Decline and nothing is sent to it.

  • Sentry catches error reports when something breaks, so we can fix it. It sees the diagnostic detail of a crash, not your project content.

That’s the full list. Each one is paid to run a specific part of the product and only handles your data on duetpad’s instructions — never for its own purposes.

Does your data ever leave the UK or EU?

Your projects and sign-in live in EU regions — Supabase in Frankfurt and Paris. But some of the services above are run by companies based in the United States, so a slice of your data is processed there:

  • Vercel — the standard request information for serving the website.

  • OpenRouter and the OpenAI embedding model— your card’s text, to build the search fingerprint.

  • Stripe — payment details, when you start a paid plan.

  • PostHog — product-analytics events, and only if you opted in.

  • Sentry — the diagnostic detail of a crash, not your project content.

When data goes to these providers, we rely on the UK and EU’s standard safeguards for sending data abroad — chiefly the Standard Contractual Clauses (with the UK’s International Data Transfer Agreement / Addendum where it applies), backed by each provider’s own data-protection commitments, or an adequacy decision where one is in place. The aim is simple: your data carries the same protection abroad as it has at home.

How long do we keep it?

For as long as your account is open. The moment you delete your account, your projects, cards, profile, and pairing keys are removed from the database. Backups roll off on their normal schedule (typically thirty days) and after that the data is gone for good.

A couple of categories run on their own clock, separate from your account:

  • Product-analytics events (only if you turned them on) are kept by PostHog for up to 12 months and then deleted or rolled up into anonymous totals.

  • Error reports are kept by Sentry for 90 days and then purged.

Translation cache entries (only relevant on the unpaired path) are keyed to your project — they leave with the project.

How old do you need to be?

duetpad is built for people working on products, and it isn’t meant for children. You need to be at least 16 to use it. We don’t knowingly collect data from anyone under 16 — if you think a child has signed up, email us at privacy@duetpad.com and we’ll remove it.

What can you do about it?

Quite a lot. duetpad tries to make the obvious actions one click away rather than a support ticket.

  • Export everything. Settings → Account → Export your datadownloads everything you own — projects, cards (archived ones included), folders, canvas sections, and a download link for each uploaded image, plus your billing details, Claude Code connections, and activity log — as a single JSON file. No queue, no email-confirm, no waiting.

  • Delete everything. Settings → Account → Delete accountwipes your account and all the projects in it. There’s no recovery. We’d rather you keep that power than have to email us for it.

  • Edit anything wrong. Profile, projects, folders — all editable from inside the app. If something can’t be edited and you think it should be, tell us.

  • Revoke Claude Code. The pairing key you generated for Claude Code can be revoked from settings. New key, old one stops working.

UK and EU users: under GDPR you also have the right to ask for a copy of the data we hold about you, ask us to correct or delete it, ask us to restrict how we use it, and complain to your local data protection authority. The export and delete buttons cover most of that already; for anything else, email us at hello@duetpad.com.

Is it secure?

Best-effort, not enterprise-grade. Your traffic is encrypted in transit, your password is one-way scrambled, your database access is row-level scoped so one user can’t read another’s projects, and your pairing key is stored as a one-way hash so even we can’t read it back to you. If you’re storing legally sensitive material, please use a tool built for that.

What if this page changes?

If we change the way duetpad handles your data, we’ll update this page and email you about anything material before it takes effect. Cosmetic edits (clearer wording, fixed typo) won’t trigger an email.

Still got questions?

Email us and a real person on the team will get back to you: hello@duetpad.com (this becomes a support@ address on duetpad’s own domain once that’s set up). The companion document for “what counts as fair use” and “who’s responsible for the output” lives at Terms.