Upright← Back

Legal

Privacy Policy

Last updated: February 28, 2026

Overview

Upright (“we”, “our”, or “us”) operates upright.dev, a developer productivity dashboard that aggregates work signals from services like GitHub, Slack, Google Calendar, and others. This Privacy Policy explains what data we collect, how we use it, and the choices you have.

By using Upright, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you sign up, we collect your email address and basic profile information via Supabase Auth. We do not store passwords directly — authentication is handled through OAuth providers or magic-link email.

OAuth Tokens

When you connect integrations (GitHub, Google, Slack, etc.), we receive OAuth access tokens. These tokens are encrypted at rest using AES-256-GCM and stored in our Supabase database. We use them solely to fetch data on your behalf and display it within your dashboard.

Service Data

We retrieve data from connected services — such as pull requests, calendar events, Slack messages, and issue trackers — to populate your dashboard. This data is processed in memory and displayed to you; we do not build persistent copies of your work items beyond what is needed to render the dashboard.

Usage Data

We may collect anonymized usage signals (page views, feature interactions) to understand how Upright is being used and improve the product. We do not sell this data.

How We Use Your Information

  • To authenticate you and maintain your session.
  • To connect to third-party services on your behalf and display your work data.
  • To generate AI-powered summaries and urgency scores using the data you've chosen to share.
  • To send transactional emails (e.g., invitations, magic-link login).
  • To monitor and improve the reliability and performance of the service.

Data Sharing

We do not sell your personal information. We share data only as necessary to operate the service:

  • Supabase — database and authentication infrastructure.
  • Groq — AI inference for generating summaries. Only the relevant content you request to summarize is sent; no persistent storage occurs on their end under standard API terms.
  • Vercel — hosting and edge compute.

We may disclose information if required by law or to protect the rights, property, or safety of Upright, our users, or others.

Data Retention

OAuth tokens are retained as long as you keep an integration connected. You can disconnect any integration at any time from Settings, which deletes the corresponding token from our database. Account data is retained until you delete your account. You may request full account deletion by contacting us at the address below.

Security

We use industry-standard practices to protect your data, including AES-256-GCM encryption for stored tokens, TLS in transit, and row-level security policies in our database. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Your Rights

Depending on your location, you may have rights to access, correct, or delete your personal data. To exercise any of these rights, contact us at privacy@upright.dev.

Third-Party Services

Upright integrates with third-party services you choose to connect. Each service has its own privacy policy. We encourage you to review the privacy policies of any services you connect to Upright.

Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by updating the “Last updated” date at the top of this page. Continued use of Upright after changes constitutes acceptance of the updated policy.

Contact

Questions or concerns? Reach us at privacy@upright.dev.

Terms of ServiceHome