Sturdy
Get the app

Legal

Privacy Policy

Last updated: April 30, 2026

This Privacy Policy explains how Sturdy ("we", "us", "our") collects, uses, and protects your information when you use the Sturdy mobile, desktop, or web app and related websites (collectively, the "Service"). By using the Service you agree to the collection and use of information in accordance with this policy.

1. Information we collect

We collect information that you provide directly, information generated as you use the Service, and a limited amount of information from third parties.

Information you provide

  • Account information: name, email, password (stored hashed), workspace name, and profile photo.
  • Business data you enter: products, vendors, transactions, projects, channels, messages, equity records, and any files you upload.
  • Support communications: any messages you send to support@mysturdy.com.

Information collected automatically

  • Device information: device model, operating system, app version, and crash diagnostics.
  • Usage information: features used, timestamps, and basic performance metrics.
  • Approximate location, derived from your IP address.

2. How we use information

  • To provide, maintain, and improve the Service.
  • To authenticate you and keep your account secure.
  • To respond to support requests and communicate important Service updates.
  • To detect, prevent, and respond to fraud or abuse.
  • To comply with legal obligations.

We do not sell your personal information or your business data, and we do not use the contents of your workspace to train machine-learning models.

3. Where your data is stored

Sturdy uses Supabase to host its database, authentication, and file storage. Your data is stored on managed infrastructure with row-level security on every table, encrypted at rest, and transmitted over TLS. Backups are retained on a rolling basis for disaster recovery.

4. Sharing

We share information only with service providers who help us run the Service (for example, hosting, email delivery, error monitoring, and payment processing) and only to the extent they need to perform their function. These providers are contractually required to protect your information.

We may disclose information if required by law, to enforce our Terms, or to protect the rights, property, or safety of users and the public.

5. Your choices and rights

  • Access & export: you can export your workspace data from inside the app.
  • Correction: you can edit most account and workspace data directly.
  • Deletion: you can delete your account from inside the app or by emailing us. We will delete or anonymise your personal information within 30 days, except where retention is required by law.
  • Marketing email: every marketing email contains an unsubscribe link.

6. Children

Sturdy is not directed to children under 13 (or 16 in the EEA), and we do not knowingly collect personal information from them. If you believe a child has given us information, please contact us so we can delete it.

7. International transfers

Your information may be processed in countries other than your own. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

8. Security

We use industry-standard technical and organisational measures to protect your information, including encryption in transit, encryption at rest, scoped access controls, and audit logging. No system is 100% secure, but we work continuously to improve.

9. Changes to this policy

We may update this policy from time to time. When we do, we will post the new version here and update the "Last updated" date. Material changes will also be communicated in-app or by email.

10. Contact us

Questions about this policy? Email privacy@mysturdy.com.