Legal

Privacy Policy

Last updated: 28 June 2026

In plain English: the schedules you build in Sketchedule are saved on your own device and are never uploaded to our servers. We only handle the basics needed to run an account — your email and your payment status — and we never sell your data or use it to train AI.

1. Who we are

Sketchedule is provided by Vantis Project Intelligence Ltd, a company registered in England and Wales (company number 17285923), registered office 128 City Road, London, United Kingdom, EC1V 2NX ("we", "us"). We are the data controller for the limited personal data described here. Questions or data-protection requests: support@sketchedule.com.

2. What we collect

Your schedules — built and saved in your browser, on your device. They are not collected by us, not uploaded, and not stored on our servers.
Account data — if you create an account, your email address and sign-in details, handled by our authentication provider (Supabase).
Payment data — if you subscribe, your payment is processed by Stripe. We never see or store your full card details; we keep only a customer reference and the status of your purchases and subscriptions.
Operational logs — minimal request/error logs used to keep the service running and secure.

3. How your schedule data is handled

Your schedules stay on your device. Everything you build is saved in your browser's local storage on your own computer. The schedule content is never sent to, or stored on, our servers.

When you share a schedule, the schedule travels inside the share link or file you create — it is rebuilt on the recipient's device, not served from a database of ours. When you collaborate live, your devices connect to each other directly and the session is encrypted end-to-end; we do not store the shared schedule, and the key to the session lives in your invite link, not on our servers.

We do not use your schedule content to train models, and we do not share or sell it.

4. Sub-processors

We rely on a small number of trusted providers to run the parts of the service that need a server: Vercel (hosting the website & app), Supabase (account sign-in), and Stripe (payments). Each handles only the data needed for its part of the service. To connect a live collaboration session, a public signalling relay helps your devices find each other; the schedule itself does not pass through it, and the session is end-to-end-encrypted.

International transfers. Some providers may process data on servers outside the UK and EEA (for example in the United States). Where that happens the transfer is protected by an appropriate safeguard — such as the UK International Data Transfer Agreement / Addendum, the EU Standard Contractual Clauses, or a UK/EU adequacy decision — so your data keeps an equivalent level of protection.

5. Cookies and local storage

Sketchedule does not use advertising or third-party tracking cookies. We use only a small number of strictly necessary browser-storage items to make the service work:

Your schedules & preferences — your saved schedules and your theme choice are kept in your browser's local storage. They never leave your device.
Sign-in — if you have an account, Supabase stores a session token in your browser so you stay signed in.
Payments — Stripe sets cookies during checkout for security and fraud prevention (see Stripe's own policy).

Because these are essential to providing the service you've asked for, they don't require a consent banner under PECR. If we ever add analytics or marketing cookies, we will ask for your consent first and update this policy.

6. Legal bases for processing

Where UK/EU data protection law applies, we rely on: performance of a contract (to create your account and serve any share links you create); legitimate interests (to keep the service secure and reliable through minimal logs, and to prevent misuse), balanced against your rights; and legal obligation (to retain limited payment records for tax and accounting). We will ask for your consent separately before any optional processing such as marketing, and you can withdraw it at any time.

7. Retention and deletion

Because your schedules live on your own device, you can delete them at any time from within the app — there is nothing for us to delete on our side. For account and payment records, you can ask us to delete your account and associated data by emailing us; we will remove it within a reasonable period, except where we must keep limited records (for example, payment records required for tax or accounting).

8. Your rights

Depending on your location (including under UK GDPR / GDPR), you may have rights to access, correct, export or delete your personal data, and to object to or restrict certain processing. To exercise any of these, contact us at the address above. If you are in the UK and unhappy with how we have handled your data, you can also complain to the Information Commissioner's Office (ICO) at ico.org.uk; if you are in the EEA, you may complain to your local supervisory authority.

9. Security

We use encryption in transit, scoped access keys, and provider-managed infrastructure, and — by design — we hold none of your schedule content. No system is perfectly secure, but we work to protect the limited data we do handle and to limit who and what can access it.

10. Changes

We may update this policy as the product evolves. Material changes will be reflected by the "last updated" date above.

← Back to Sketchedule · Terms · Notices