Privacy policy

Effective date: 4 May 2026

This page explains what personal data Suro collects, why we collect it, and what we do with it. Suro is built to keep your group's information private. We don't sell data, and we don't use it for advertising.

Who is responsible

Suro is run by Roger Clotet as a personal project (no company). For any privacy-related question or request, write to suro@clotet.dev.

What data we collect

We only collect what's needed to run the app:

  • Account information: your name, email address, and (if you sign in with Google) your Google profile picture.
  • Content you create in the app: groups, lists and items, calendar events, notes, files you upload, expenses, Secret Santa entries.
  • Push subscription: if you enable push notifications, we store a browser-issued subscription so we can send you updates.
  • Technical data: usage events and error reports collected through PostHog (see below). No precise location tracking.

How we use your data

We use your data to:

  • Provide the service: store and sync your groups, lists, and shared content with the people you've invited.
  • Sign you in via Google or magic-link email.
  • Send you in-app and push notifications about activity in your groups (only if you opt in).
  • Understand how the app is used and fix bugs, via anonymous analytics.

The legal basis is your consent (when you sign up) and our legitimate interest in operating and improving the service.

Service providers

We rely on a small number of trusted providers that process data on our behalf:

Neon
Hosts the PostgreSQL database where your account and content live.
Google
Used only if you sign in with Google. Google handles the OAuth sign-in; we receive your name, email and profile picture from them.
Resend
Sends magic-link login emails. Receives only the email address you're trying to sign in with.
UploadThing
Stores files you upload to your groups (images and PDFs).
PostHog
Receives anonymous product-analytics events and error reports to help us improve the app. PostHog also sets a cookie to identify your browser across sessions.

Some of these providers may process data outside the EU under standard contractual clauses or equivalent safeguards.

Cookies

Suro uses a small number of cookies and similar storage:

  • A session cookie set by the authentication system, required for you to stay signed in.
  • Cookies storing your interface preferences (language, theme, sidebar state).
  • An analytics cookie set by PostHog to identify your browser across sessions for product analytics. No advertising or cross-site tracking.

How long we keep your data

We keep your data for as long as your account exists. To delete your account and all data linked to it (including any groups you created), write to suro@clotet.dev. Once you ask, we delete everything immediately and keep no copies.

How to delete your account

Your rights

If you're in the EU, the GDPR gives you the right to access, correct, delete or export your data, and to object to its processing. To exercise any of these rights, write to suro@clotet.dev. You also have the right to lodge a complaint with your local data protection authority (in Spain, the AEPD).

Changes to this policy

If we change this policy, we'll update the effective date at the top. For significant changes we'll let you know in the app or by email.

Contact

For any question or request related to this policy, write to suro@clotet.dev.