Back to Pace

Privacy Policy

Last updated: April 26, 2026

1. Data We Collect

Pace is designed to collect only the absolute minimum amount of data required to function. If you use the free tier without an account, your sessions, clients, and projects stay strictly on your local device via localStorage.

If you create an account, we store your email address for authentication and sync your tracking data securely to our cloud database to provide cross-device access and history.

2. Encryption

All personally identifiable information (PII) — including client names, email addresses, physical addresses, phone numbers, tax IDs, and payment details — is encrypted with AES-256-GCM before being stored in our cloud database. This protects against unauthorized database access, such as casual database dumps or read-replica exposure.

Encryption is performed in your browser before data is sent to our servers. Each user has a unique Data Encryption Key (DEK). The encryption keys are stored alongside your data in our infrastructure, which means our hosting provider and server-side systems can access them. This is not end-to-end encryption — it protects against external database compromise, but not against a compromised hosting account or malicious server-side code.

Data stored locally on your device (guest/free tier) is not encrypted. Sign in to enable cloud storage with encryption at rest.

3. Invoice & Business Profile Data

If you use the Invoices feature, you may enter additional information including your business name, business email address, and client contact details (name, email address, and phone number). This information is used solely to generate your invoices and is never shared with third parties.

On the free tier, this data is stored only in your browser's localStorage and never leaves your device. If you have an account, it is synced to our cloud database under the same terms as your other tracking data.

You are responsible for ensuring you have the appropriate basis to store any client contact information you enter into Pace.

4. Third-Party Services

We use Supabase for database infrastructure and authentication. If you upgrade to a paid tier, payment processing is handled securely by Stripe. We use Vercel for application hosting, which may temporarily log IP addresses for security and performance monitoring. We use Vercel Analytics for aggregated, anonymous pageview insights — no personal data or user identifiers are collected or transmitted. We do not use Google Analytics or invasive tracking pixels.

5. Essential Storage

Pace relies on essential browser storage (localStorage and secure auth tokens) to keep you logged in and persist your unsaved timers and invoice data. We do not use non-essential tracking cookies.

On your first visit, you will see a one-time informational notice explaining this. It can be dismissed and will not reappear. It is not a consent gate — there is nothing to opt out of, as we do not use any non-essential or tracking cookies.

6. Your Rights

You have the right to delete your account and all associated data at any time from your account settings. Once deleted, it cannot be recovered. For requests to access or export your data, contact us at the address below.

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion, all associated data is purged within 30 days.

8. Contact

For privacy-related inquiries or data deletion requests, contact us at hello@yourpace.co.