Offlist — Privacy Policy
PRIVACY POLICY
Last updated: May 2026
This Privacy Policy explains how Mike Laing trading as Offlist (“Offlist”, “we”, “us”) collects, uses, and protects your personal data when you use Offlist at app.offlist.today (“the app”).
We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Offlist is operated by Mike Laing, a sole trader based in the United Kingdom. For all privacy and data matters, contact us at support@offlist.today.
2. What data we collect
Account data
- Email address
- Password (stored encrypted, we never see it in plain text)
- Phone number (optional, only if you choose to use SMS reminders)
Usage data
- Your tasks and list content (Today, This Week, Upcoming)
- Chat messages with the AI (stored for 24 hours then automatically deleted)
- SMS reminders you schedule (deleted once sent)
- Timezone and language preferences
- Theme preference (light or dark mode)
Payment data
- Payment is handled entirely by Stripe. We do not store your card details. We receive only a customer ID and subscription status from Stripe.
Analytics data
- We use PostHog to collect anonymised usage analytics such as which features are used and how often. This helps us improve the app. PostHog data is linked to your user ID and email for our internal reporting only.
3. How we use your data
We use your data to:
- Provide and maintain the Offlist service
- Send SMS reminders you have scheduled via Twilio
- Process subscription payments via Stripe
- Send transactional emails (account confirmation, password reset, account changes) via our email provider
- Analyse usage patterns to improve the app via PostHog
- Respond to support requests
We do not sell your data to any third party. We do not use your data for advertising.
4. Third parties who process your data
By using Offlist you acknowledge that the following third party services process your data as part of delivering the service:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Database and authentication | supabase.com/privacy |
| OpenAI | AI chat processing | openai.com/privacy |
| Twilio | SMS reminder delivery | twilio.com/legal/privacy |
| Stripe | Payment processing | stripe.com/gb/privacy |
| PostHog | Product analytics | posthog.com/privacy |
| Vercel | App hosting | vercel.com/legal/privacy-policy |
Your chat messages are sent to OpenAI for processing. OpenAI does not use data submitted via the API to train their models. Chat messages are stored for 24 hours then permanently deleted from our database.
5. How long we keep your data
| Data type | Retention period |
|---|---|
| Account data | Until you delete your account |
| Task and list content | Until you delete your account |
| Chat messages | 24 hours then automatically deleted |
| SMS reminders | Deleted once sent or if manually removed |
| Payment records | 7 years (legal requirement) |
| Analytics data | 12 months |
6. Your rights under UK GDPR
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and all associated data
- Export your data in a portable format
- Object to how we process your data
- Withdraw consent at any time where processing is based on consent
To exercise any of these rights, email us at support@offlist.today. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you believe we have not handled your data correctly.
7. Data security
We use industry-standard security measures including encrypted connections (HTTPS), encrypted password storage, and row-level security on our database so that users can only access their own data. We regularly review our security practices.
No method of transmission or storage is 100% secure. If you become aware of any security issue please contact us immediately at support@offlist.today.
8. Cookies
Offlist uses only essential cookies required for authentication and session management. We do not use advertising cookies or tracking cookies.
9. Children
Offlist is not intended for users under the age of 16. By creating an account you confirm you are at least 16 years old. If we become aware that a user is under 16 we will delete their account and data promptly.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email. Continued use of the app after changes constitutes acceptance of the updated policy.
11. Contact
For any privacy-related questions or requests: Email: support@offlist.today