owelet.
← Back
Legal

Privacy Policy

Last updated: June 1, 2026

Overview

Owelet ("we," "us," or "our") operates owelet.app. This policy explains what information we collect, how we use it, and your rights around it. We built Owelet for solopreneurs — people who already share a lot of data with their platforms — so we take our responsibility to handle that data carefully seriously.

What we collect

Account data. When you sign up, we collect your email address and a hashed password (managed by Supabase Auth). We never see your plain-text password.

Platform connection data. When you connect a platform (Stripe, Gumroad, etc.), we store the OAuth access token and refresh token. These are encrypted at rest using AES-256-GCM with unique IVs per token. We also store your platform account ID and display name for that connection.

Transaction data.We sync transaction records from your connected platforms — amounts, dates, fees, refunds, product names, and customer country. We store this so your dashboard doesn't need to re-fetch it every time.

Usage data. We collect anonymized analytics (pages visited, features used) via Vercel Analytics and PostHog. No individual user behavior is sold or shared with advertisers.

Feedback. If you submit feedback through the in-app widget, we receive your message, the page you were on, and your email.

How we use it

  • To display your revenue, fees, and cashflow in the dashboard
  • To send you transactional emails (sync failures, weekly summaries, account notices)
  • To improve the product based on aggregate usage patterns
  • To provide customer support

We do not sell your data. We do not use your financial data for advertising. We do not share it with third parties except as required to operate the service (hosting infrastructure, email delivery).

Data storage and security

Your data is stored in Supabase (PostgreSQL hosted on AWS). OAuth tokens are encrypted before storage — we cannot read them without your connection being active. Row-level security policies ensure your data is isolated from other users' data at the database layer.

We connect to your platforms using read-only OAuth scopes wherever the platform supports it. We request only the permissions needed to fetch transaction history.

Data retention

We retain your data as long as your account is active. If you delete your account, we delete all associated transaction data, platform connections (tokens wiped), and profile information within 30 days.

Your rights

You can request a copy of your data, ask us to delete your account and data, or ask questions about what we store at any time. Email us at hello@owelet.app.

If you are in the EU or UK, you have additional rights under GDPR and UK GDPR. We're a small team — reach out and we'll respond promptly.

Third-party services

We use the following services to operate Owelet:

  • Supabase — database and authentication
  • Vercel — hosting and edge functions
  • Resend — transactional email delivery
  • PostHog — product analytics (anonymized)

Each of these providers has their own privacy policy governing how they handle data processed on our behalf.

Changes to this policy

We may update this policy as the product evolves. We'll notify active users by email of any material changes.

Contact

Questions? Email hello@owelet.app.