Privacy Policy
An honest take on data privacy from an indie developer
Last updated: December 2025
An Honest Take
I'm an indie developer, not a big corporation. One of my main motivations for building UnderControl was that I wanted full control over my own sensitive data — tasks, finances, personal notes — instead of handing them to big tech companies. I built this for myself first, and now I'm sharing it with you.
I have zero interest, ability, resources, or motivation to do anything with your data. That said, I understand if you don't fully trust me — you shouldn't blindly trust anyone online. Big companies with entire security teams still get breached. So why would you trust a solo developer? You have every right to be skeptical.
Your Choices
That's why I give you options. You don't have to use our cloud service. You can use the Desktop App — your data stays 100% on your device, never touches any server. Or you can Self-Host — run your own instance, full control, your infrastructure.
The cloud service exists for convenience, not because I want your data. If privacy is your priority, go local or self-host. No hard feelings.
What's Saved on the Server
If you use our cloud service: account info (email, username) and the data you create — tasks, expenses, budgets, etc. I promise I won't look into your data, but you don't need to trust me.
Choose desktop app or self-host to fully control your data
Security
I do my best: HTTPS everywhere, passwords are hashed, database is secured. But I'm not a security expert. If you're handling sensitive data, self-host or use the desktop app.
For self-hosted users, security is in your hands. Keep your server updated and follow basic security practices.
Your Options
| Option | Description |
|---|---|
| Desktop App | 100% local, your device only |
| Self-Host | Your server, full control |
Web Clipper Chrome Extension
The Web Clipper Chrome extension has additional privacy considerations:
- Website content is captured only when you explicitly click "Save". It is saved to your local disk or sent to your own UnderControl server. No content is sent to any third party.
- Authentication credentials are stored locally on your device. They are only transmitted to the server URL you configure.
- The extension does not use remote code. All scripts are bundled locally.
- The extension does not track browsing history or user activity.
Questions?
If you have questions or concerns, just reach out. I'm a real person, not a support ticket system.