Routine OSRoutine OS
Privacy

Privacy policy

Last updated: April 17, 2026 · Effective: April 17, 2026

This policy is written in plain English. If anything is unclear, email tablerockstudiosdev@gmail.com and we’ll clarify.

Who we are

Routine OS is operated by a sole founder (referred to as “we” or “us” below) based in the United States. Contact: tablerockstudiosdev@gmail.com.

What this covers

This policy applies to:

  • The marketing website at routine-os.com
  • The Routine OS app at app.routine-os.com
  • Future Routine OS mobile apps for iOS and Android (when released)
  • Future hardware devices we ship
  • Our email newsletter

What we collect

We try to collect as little as possible. Here’s what we do collect and why:

When you use the marketing site (routine-os.com)

  • Anonymous analytics via Plausible. We see aggregate page views, referrers, countries, and which devices people use. We do not see individual users, IP addresses, cookies, or browsing history. Plausible is a privacy-first, EU-hosted, cookie-free analytics service. Their privacy policy: plausible.io/privacy.
  • Nothing else. We don’t set any tracking cookies. We don’t use Google Analytics, Facebook Pixel, or any ad-tech trackers.

When you sign up for the newsletter

  • Your email address. Stored at Buttondown, our newsletter provider. We also tag your signup with the source (e.g. footer, blog post, hardware waitlist) so we know which content converts — but not who you individually are beyond the email you gave us.
  • Email engagement data (optional). Buttondown can track opens and clicks if you’ve enabled images in your email client. You can opt out by disabling images, or by replying and asking us to turn tracking off for your address.
  • Buttondown’s privacy policy: buttondown.com/privacy.

When you use the Routine OS app

  • Your account email and display name (if you sign in). Used to identify your account and show a handle on community routines.
  • Your routines, runs, and settings. Stored in Firestore (a Google Cloud database) under your user ID. Only you can read these — enforced by Firestore security rules.
  • Public community content. If you explicitly mark a routine as public, the routine name, steps, and your display name become visible to others. Comments and votes you post publicly are visible to others. You can make a routine private again at any time.
  • Authentication data. Managed by Firebase Auth. If you sign in with Google, Google provides us your email, name, and profile image.
  • Device/browser metadata. For security and debugging — IP address, browser type, timestamps of sign-in. Retained for 30 days.
  • No cross-site tracking. We don’t sell, rent, or share your data with advertisers. We don’t build a profile of you for ads.

What we never collect

  • Payment card details (handled by our payment processor, not us).
  • Your location beyond country-level analytics.
  • Your contacts, photos, or calendar.
  • Audio, video, or keystroke data. The app doesn’t have microphone or camera permissions.

How we use it

  • To run the product you’re using.
  • To send you the newsletter you signed up for.
  • To understand what’s working on the marketing site (aggregate analytics only).
  • To respond when you email us. Your email is retained as long as you’re a user, plus whatever’s needed for our records.

How we share it

We don’t sell your data. We share it only with the subprocessors who help us run the product:

  • Google Firebase — hosting, authentication, database.
  • Buttondown — newsletter delivery.
  • Plausible — anonymous analytics (marketing site only).
  • Stripe (future) — payment processing when Pro tier launches.

We may also share data if legally required to — subpoena, court order, or similar valid legal process — but we’ll push back on overbroad requests and notify you unless prohibited from doing so.

Your rights

You can:

  • Ask us what data we have on you.
  • Ask us to correct anything that’s wrong.
  • Ask us to delete your account and all associated data. This deletes your Firestore user doc, routines, runs, comments, and votes. Email tablerockstudiosdev@gmail.com with the subject line “delete my account.”
  • Unsubscribe from the newsletter at any time (link at the bottom of every email, or email us).
  • Export your routines and runs (available in Pro today; coming to Free tier).

If you’re in the EU/UK, you also have GDPR rights including portability and restriction of processing. If you’re in California, you have CCPA rights including the right to know what we’ve collected and request deletion. Email us to exercise any of these rights.

Children

Routine OS is not directed at children under 13 and we don’t knowingly collect data from them. If you believe a child under 13 has created an account, email us and we’ll delete it.

Security

We do our best to protect your data — TLS on all connections, Firestore security rules on all data, no plaintext credentials anywhere. No security is perfect. If we become aware of a breach affecting your data, we’ll email you within 72 hours.

Changes to this policy

If we update this policy, we’ll change the date at the top. For substantive changes — ones that affect what we collect or how we use it — we’ll also email newsletter subscribers and signed-in users.

Contact

Questions? Concerns? Corrections? Email tablerockstudiosdev@gmail.com. We read and reply to everything.