Create A ThingLegal and privacy information.
Sign in

Policies

Privacy Policy

Effective July 13, 2026. This policy explains how Create A Thing handles account data, workspace data, uploads, secure Things, public Things, and optional encrypted secure text labels.

Privacy NoticeDo not place secrets in searchable or public-facing text.

In This Policy

1. Scope2. Data We Collect3. Workspace and Secure Label Data4. How We Use Data5. Sensitive Data Handling6. Files and Uploads7. Sharing and Providers8. Security9. Public Sharing10. Retention and Deletion11. Your Choices

Plain-language summary

We store the information needed to run your account and workspace. Sensitive values should be stored only in secure encrypted text labels. Files and backgrounds are account protected but are not end-to-end encrypted. We do not sell private workspace content. Public Things are intentionally visible to others and may be copied.

1. Scope

This Privacy Policy applies to Create A Thing and explains how data is collected, used, stored, and protected when you use the service. It should be read together with the Terms of Service.

2. Data We Collect

We collect account information needed to operate the service, such as user id, email address, username, display name, authentication state, timestamps, profile settings, and terms acceptance records.

We may also process technical data such as browser type, session information, security events, error data, request metadata, and infrastructure logs needed to keep the service reliable and secure.

3. Workspace and Secure Label Data

Workspace data includes Things, names, slugs, hierarchy, labels, files, background images, previews, search data, and related metadata you create in the app.

Secure text labels may include encrypted values and encryption metadata. When secure-label encryption is used correctly, the stored sensitive text value should be ciphertext, not plaintext. Thing names, slugs, file names, background images, and uploaded files are not currently end-to-end encrypted.

4. How We Use Data

We use data to provide authentication, workspace navigation, search, file display, secure text-label handling, account support, security monitoring, debugging, abuse prevention, and product improvement.

We do not use private workspace content or sensitive secure label data for advertising, resale, or unrelated profiling.

5. Sensitive Data Handling

Sensitive text should be stored only in secure text labels, which are encrypted before they are saved. You should not put passwords, card numbers, recovery codes, API keys, app passwords, or private notes into names, slugs, non-secure labels, search terms, file names, background images, or other non-secure-label areas.

If you lose secure-label unlock material, encrypted text labels may be unrecoverable. This is an intentional tradeoff of client-side encryption.

6. Files and Uploads

Files and background images may be stored with infrastructure providers and may be temporarily accessible through signed URLs so the app can display them. They are protected by account access controls and storage rules, but they are not currently end-to-end encrypted. File labels are disabled inside secure Things until encrypted file uploads are supported. Do not upload illegal files, payment authentication data, or content you do not have the right to store.

7. Sharing and Providers

We may use service providers for authentication, database, storage, hosting, email, logging, analytics, or security. These providers may process data only as needed to provide and protect the service.

We may disclose data if required by law, to protect rights and safety, to investigate abuse, or in connection with a business transfer such as merger, acquisition, or asset sale.

8. Security

We aim to use reasonable safeguards such as authenticated access, row-level database controls, restricted storage policies, encryption for secure text labels, and careful data boundaries. However, no system can be guaranteed completely secure.

You are responsible for your account password, devices, browser extensions, session safety, and deciding whether this MVP is appropriate for the data you store.

9. Public Sharing

When you mark a Thing public, we process and display the public Thing, its public descendants, and its non-secure text labels so others can view it. Public pages may also show public metadata such as names, slugs, hierarchy, counts, previews, and background images.

Public discovery and copying features are paused for the launch version. If those features are enabled later, copied Things may exclude files, background images, encrypted labels, secure labels, and private descendants.

10. Retention and Deletion

We retain data while your account is active or as needed to provide the service, comply with law, resolve disputes, prevent abuse, maintain backups, and operate infrastructure. Deletion may not immediately remove data from backups or logs.

11. Your Choices

You can choose what to store, whether to mark a Thing secure, whether to make a Thing public, whether to upload files, and whether to continue using the service. Future account-management features may add more self-serve export, deletion, and privacy controls.

If this policy changes materially, the effective date should be updated and additional notice or acceptance may be requested where appropriate.