Last updated: March 1, 2026
This Privacy Policy explains how WithoutMe, operated by Michael Cardin, sole proprietor ("we," "us," or "our"), collects, uses, and protects your information when you use our Service at withoutme.app. We are committed to protecting your privacy and handling your data responsibly.
Free Plan (No Account): When you use WithoutMe without an account, all data — including SOPs, steps, checklist progress, and SOP version history — is stored locally on your device using your browser's localStorage. We do not collect, transmit, or store any of this data on our servers.
With an Account (Pro Plan): When you create an account, we collect:
Team Member Data (Pro Plan): When a team owner creates invite links, we store the team member's name as provided by the owner. When team members complete checklists, we collect:
Team members do not need accounts. Their identity is tied to the invite link provided by the team owner, not to any personal account or email address.
Payment Information: When you subscribe to a paid plan, payment is processed by Lemon Squeezy (Lemon Squeezy, Inc.), who acts as our Merchant of Record. We do not collect, store, or have access to your credit card number or payment details. Please refer to Lemon Squeezy's Privacy Policy for details on how they handle payment data.
We use the information we collect to:
Pro plan users can use AI-powered features to generate SOP steps or improve existing steps. When you use these features, the SOP title, description, existing steps, and your business type setting are sent to our AI provider (Anthropic) for processing. This data is used solely to generate the requested output and is not stored by Anthropic for training or any other purpose beyond fulfilling the request. AI features are optional — they are only triggered when you explicitly click the AI buttons in the editor.
Account data and synced SOPs are stored using Supabase, a cloud database platform with industry-standard security practices including encryption at rest and in transit. Authentication is handled by Supabase Auth with secure password hashing.
Images attached to SOP steps are stored as part of your SOP data in the same cloud database. Images are re-encoded on upload to remove metadata such as GPS coordinates, device information, and embedded scripts.
We take reasonable measures to protect your data, but no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
We do not sell, rent, or share your personal information with third parties for marketing purposes. We share data only with the following service providers, solely to operate the Service:
We may also disclose information if required by law, regulation, or legal process.
When you share SOPs with your team via invite links, team members can view your Active SOPs and run them as checklists. Team members cannot access your drafts, archived SOPs, or account information.
When team members complete checklists, their completion records — including step-by-step timestamps and any notes they add — are stored on our servers and visible to the team owner through the activity dashboard. Team members can also flag issues on SOPs, which are visible to the team owner.
Team owners can assign specific SOPs to team members with due dates. Assignment status is visible to both the assigned team member and the team owner.
Pro plan users can configure a webhook URL in their account settings to receive real-time notifications when team members complete checklists. When configured, completion data — including the SOP title, team member name, completion timestamp, and any step notes — is sent to the URL you specify. We are not responsible for how third-party services at your configured webhook URL handle this data. You are responsible for ensuring your webhook destination complies with applicable privacy laws.
Pro plan users receive a daily email summarizing their team's activity from the previous day. These emails are sent via Postmark and include team member names, completed SOP titles, timestamps, step notes, feedback counts, and overdue assignment alerts. You can opt out of digest emails at any time in your account settings. No emails are sent on days with no team activity.
We retain your account data, synced SOPs, team completion records, feedback, and assignment history for as long as your account is active. If you delete your account, we will delete your data from our servers within 30 days. Local data stored on your device is not affected by account deletion — you control that through your browser settings.
SOP version history is stored locally on your device only and is not synced to our servers.
You have the right to:
If you are a California resident, the California Consumer Privacy Act (CCPA/CPRA) provides you with specific rights regarding your personal information. We do not sell or share your personal information for cross-context behavioral advertising. You have the right to request that we delete your personal information, know what personal information we collect, and not be discriminated against for exercising your privacy rights. To exercise any of these rights, contact us at support@withoutme.app.
In the unlikely event of a data breach affecting your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, as required by applicable law. We will also take immediate steps to investigate and contain the breach, and will provide information about what data was affected and what steps you can take to protect yourself.
WithoutMe uses browser localStorage for core application functionality (storing SOPs, preferences, and session state). We use Google Analytics 4 to understand how visitors find and use our site — this helps us improve the product. Google Analytics collects anonymized usage data such as pages visited, traffic source, and session duration. You can learn more about how Google handles this data at https://policies.google.com/privacy. Our payment processor, Lemon Squeezy, may set cookies related to checkout and fraud prevention. We do not use cookies for advertising or ad personalization.
For visitors in the European Economic Area and United Kingdom, we display a cookie consent banner on your first visit. Google Analytics will not set tracking cookies unless you accept. If you decline, analytics tracking remains disabled for your session. Your consent preference is stored in a cookie on your device so the banner does not appear on return visits. We also use a location-detection cookie to determine whether to display the consent banner based on your region.
The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
We may update this Privacy Policy from time to time. We will post the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or your data, please contact us at support@withoutme.app.