Legal

Privacy Policy

Last Updated: February 25, 2026

This Privacy Policy describes how Areca (“Service,” “we,” “us,” or “our”) collects, uses, stores, and protects your personal information when you use our personal productivity application that integrates with Linear. This policy applies to all users of the Service regardless of location.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

We collect information in the following ways:

1.1 Information You Provide Directly

Feedback: When you submit feedback through our in-app feedback form, we collect the content of your submission (up to 5,000 characters) and your associated email address.

1.2 Information Collected Through Linear OAuth

When you authenticate with the Service using your Linear account, we receive and store:

Identity Information: Your full name, email address, and Linear user ID.
Authentication Credentials: OAuth 2.0 access tokens and refresh tokens issued by Linear, which allow the Service to access your Linear data on your behalf.

1.3 Information Collected From the Linear API

Through authorized API calls, we access and cache:

Issue Data: Titles, identifiers, descriptions, due dates, priority levels, workflow states, team assignments, assignee information, labels, and sub-issue relationships for issues assigned to you.
Workspace Metadata: Available workflow states and labels for your Linear teams.

We only access data that is visible to you within Linear based on your existing permissions.

1.4 Information You Create Within the Service

Issue Schedules: When you schedule a Linear issue on your calendar, we store the scheduled start and end times, any title overrides, personal notes or annotations, completion status, and actual duration.
User Preferences: Your chosen settings, including notification preferences (desktop and sound), timezone, calendar display density, and whether issue editing is enabled.

1.5 Information Collected Automatically

Usage Analytics: We use PostHog to collect anonymized analytics data, including page views, feature interactions, and application errors.
Activity State: We track whether your browser tab is active or inactive to manage notification delivery.
Session Data: We maintain session cookies to keep you authenticated.
Server Logs: Our servers may automatically record information such as your IP address, browser type, operating system, referring URLs, and timestamps of requests.

2. How We Use Your Information

We use the information we collect for the following purposes:

Purpose	Data Used	Legal Basis (GDPR)
Provide core Service functionality	Identity, Linear data, schedules, preferences	Performance of contract
Authenticate you and maintain your session	Identity, OAuth tokens, session cookies	Performance of contract
Synchronize your Linear issues	OAuth tokens, cached issue data	Performance of contract
Deliver desktop and sound notifications	Preferences, activity state	Legitimate interest
Improve the Service and fix bugs	Usage analytics, error reports	Legitimate interest
Respond to your feedback and support requests	Feedback content, email address	Legitimate interest
Ensure security and prevent abuse	Server logs, rate limiting data, IP addresses	Legitimate interest
Comply with legal obligations	Any data as required	Legal obligation

We do not use your data for:

Advertising or ad targeting.
Profiling for automated decision-making.
Training machine learning models on your personal data.
Selling or renting to third parties.

4. Cookies and Tracking Technologies

4.1 Essential Cookies

We use session cookies that are strictly necessary for the Service to function. These cookies cannot be disabled while using the Service.

Cookie	Purpose	Duration
Session cookie	Maintains your authenticated login state	Session / expiry set by Better-Auth

4.2 Analytics

PostHog may use cookies or similar technologies to collect anonymized usage analytics.

4.3 No Third-Party Advertising Cookies

We do not use any advertising cookies, tracking pixels, or third-party ad networks.

4.4 Browser Permissions

The Service may request the following browser permissions:

Notifications: To deliver desktop notifications about issue activity.
Audio: To play sound notifications.

We do not request access to your camera, microphone, geolocation, or payment information.

5. Data Storage and Security

5.1 Where Your Data Is Stored

Your data is stored in a PostgreSQL database hosted on secure infrastructure. OAuth tokens, user preferences, issue schedules, and cached Linear data are all stored in this database.

5.2 Security Measures

We implement multiple layers of security to protect your data:

All data in transit is encrypted using HTTPS/TLS.
HTTP Strict Transport Security (HSTS) is enforced in production.
Content Security Policy (CSP) headers mitigate cross-site scripting (XSS) attacks.
Cross-Site Request Forgery (CSRF) protection through origin and referer validation.
Rate limiting on API endpoints to prevent abuse and brute-force attacks.
Input validation using Zod schemas on all API endpoints.
OAuth 2.0 tokens are stored server-side and never exposed to the client.

5.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law, without undue delay.

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide the Service.

6.2 Account Deletion

When you delete your account through the Settings page, all user data is permanently deleted from our database immediately, including:

Account and identity information
OAuth access and refresh tokens
Issue schedules and annotations
User preferences and settings
Cached Linear data
Sync status and activity records

Your Linear OAuth token is also revoked and any pending background synchronization jobs are cancelled.

6.3 Server Logs

Server logs are retained for a limited period necessary for security monitoring and debugging, after which they are automatically purged.

6.4 Analytics Data

Anonymized analytics data collected by PostHog is retained according to PostHog's data retention policies and is not linked back to your identity after collection.

7. Your Rights

7.1 All Users

Regardless of your location, you have the right to:

Access: View the personal data we hold about you.
Correction: Update inaccurate personal information through your account settings.
Deletion: Delete your account and all associated data at any time via the Settings page.
Revocation: Revoke the Service's access to your Linear account at any time.
Notification Control: Enable or disable desktop and sound notifications at any time.

7.2 EEA and United Kingdom Residents

If you are located in the EEA or UK, you have additional rights under GDPR and UK GDPR:

Right to Data Portability
Right to Restrict Processing
Right to Object
Right to Withdraw Consent
Right to Lodge a Complaint with your local Data Protection Authority

7.3 California Residents

If you are a California resident, you have the following rights under CCPA/CPRA:

Right to Know what personal information we have collected.
Right to Delete your personal information.
Right to Opt-Out of Sale — we do not sell your personal information.
Right to Non-Discrimination for exercising your privacy rights.

Categories of Personal Information Collected (CCPA):

Category	Examples	Collected
Identifiers	Name, email, Linear user ID	Yes
Internet activity	Page views, feature usage, IP address	Yes
Professional information	Linear issue data (work-related)	Yes
Inferences	None	No

7.4 Exercising Your Rights

Use the Settings page to manage preferences or delete your account. For other requests, contact us at the address in Section 12. We will respond to verified requests within 30 days.

8. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us.

9. International Data Transfers

If you access the Service from outside the country where our servers are located, your data may be transferred across international borders. We ensure such transfers comply with applicable data protection laws through Standard Contractual Clauses (SCCs) and data processing agreements with our infrastructure providers.

10. Third-Party Links and Services

This Privacy Policy applies only to the Service. We are not responsible for the privacy practices of Linear or any other third-party services.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date and notify you through the Service interface or via email. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: contact@arecaapp.com

By using Areca, you acknowledge that you have read and understood this Privacy Policy.

Legal

Privacy Policy

Last Updated: February 25, 2026

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

We collect information in the following ways:

1.1 Information You Provide Directly

Feedback: When you submit feedback through our in-app feedback form, we collect the content of your submission (up to 5,000 characters) and your associated email address.

1.2 Information Collected Through Linear OAuth

When you authenticate with the Service using your Linear account, we receive and store:

Identity Information: Your full name, email address, and Linear user ID.
Authentication Credentials: OAuth 2.0 access tokens and refresh tokens issued by Linear, which allow the Service to access your Linear data on your behalf.

1.3 Information Collected From the Linear API

Through authorized API calls, we access and cache:

Issue Data: Titles, identifiers, descriptions, due dates, priority levels, workflow states, team assignments, assignee information, labels, and sub-issue relationships for issues assigned to you.
Workspace Metadata: Available workflow states and labels for your Linear teams.

We only access data that is visible to you within Linear based on your existing permissions.

1.4 Information You Create Within the Service

Issue Schedules: When you schedule a Linear issue on your calendar, we store the scheduled start and end times, any title overrides, personal notes or annotations, completion status, and actual duration.
User Preferences: Your chosen settings, including notification preferences (desktop and sound), timezone, calendar display density, and whether issue editing is enabled.

1.5 Information Collected Automatically

Usage Analytics: We use PostHog to collect anonymized analytics data, including page views, feature interactions, and application errors.
Activity State: We track whether your browser tab is active or inactive to manage notification delivery.
Session Data: We maintain session cookies to keep you authenticated.
Server Logs: Our servers may automatically record information such as your IP address, browser type, operating system, referring URLs, and timestamps of requests.

2. How We Use Your Information

We use the information we collect for the following purposes:

Purpose	Data Used	Legal Basis (GDPR)
Provide core Service functionality	Identity, Linear data, schedules, preferences	Performance of contract
Authenticate you and maintain your session	Identity, OAuth tokens, session cookies	Performance of contract
Synchronize your Linear issues	OAuth tokens, cached issue data	Performance of contract
Deliver desktop and sound notifications	Preferences, activity state	Legitimate interest
Improve the Service and fix bugs	Usage analytics, error reports	Legitimate interest
Respond to your feedback and support requests	Feedback content, email address	Legitimate interest
Ensure security and prevent abuse	Server logs, rate limiting data, IP addresses	Legitimate interest
Comply with legal obligations	Any data as required	Legal obligation

We do not use your data for:

Advertising or ad targeting.
Profiling for automated decision-making.
Training machine learning models on your personal data.
Selling or renting to third parties.

4. Cookies and Tracking Technologies

4.1 Essential Cookies

We use session cookies that are strictly necessary for the Service to function. These cookies cannot be disabled while using the Service.

Cookie	Purpose	Duration
Session cookie	Maintains your authenticated login state	Session / expiry set by Better-Auth

4.2 Analytics

PostHog may use cookies or similar technologies to collect anonymized usage analytics.

4.3 No Third-Party Advertising Cookies

We do not use any advertising cookies, tracking pixels, or third-party ad networks.

4.4 Browser Permissions

The Service may request the following browser permissions:

Notifications: To deliver desktop notifications about issue activity.
Audio: To play sound notifications.

We do not request access to your camera, microphone, geolocation, or payment information.

5. Data Storage and Security

5.1 Where Your Data Is Stored

Your data is stored in a PostgreSQL database hosted on secure infrastructure. OAuth tokens, user preferences, issue schedules, and cached Linear data are all stored in this database.

5.2 Security Measures

We implement multiple layers of security to protect your data:

All data in transit is encrypted using HTTPS/TLS.
HTTP Strict Transport Security (HSTS) is enforced in production.
Content Security Policy (CSP) headers mitigate cross-site scripting (XSS) attacks.
Cross-Site Request Forgery (CSRF) protection through origin and referer validation.
Rate limiting on API endpoints to prevent abuse and brute-force attacks.
Input validation using Zod schemas on all API endpoints.
OAuth 2.0 tokens are stored server-side and never exposed to the client.

5.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law, without undue delay.

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide the Service.

6.2 Account Deletion

When you delete your account through the Settings page, all user data is permanently deleted from our database immediately, including:

Account and identity information
OAuth access and refresh tokens
Issue schedules and annotations
User preferences and settings
Cached Linear data
Sync status and activity records

Your Linear OAuth token is also revoked and any pending background synchronization jobs are cancelled.

6.3 Server Logs

Server logs are retained for a limited period necessary for security monitoring and debugging, after which they are automatically purged.

6.4 Analytics Data

Anonymized analytics data collected by PostHog is retained according to PostHog's data retention policies and is not linked back to your identity after collection.

7. Your Rights

7.1 All Users

Regardless of your location, you have the right to:

Access: View the personal data we hold about you.
Correction: Update inaccurate personal information through your account settings.
Deletion: Delete your account and all associated data at any time via the Settings page.
Revocation: Revoke the Service's access to your Linear account at any time.
Notification Control: Enable or disable desktop and sound notifications at any time.

7.2 EEA and United Kingdom Residents

If you are located in the EEA or UK, you have additional rights under GDPR and UK GDPR:

Right to Data Portability
Right to Restrict Processing
Right to Object
Right to Withdraw Consent
Right to Lodge a Complaint with your local Data Protection Authority

7.3 California Residents

If you are a California resident, you have the following rights under CCPA/CPRA:

Right to Know what personal information we have collected.
Right to Delete your personal information.
Right to Opt-Out of Sale — we do not sell your personal information.
Right to Non-Discrimination for exercising your privacy rights.

Categories of Personal Information Collected (CCPA):

Category	Examples	Collected
Identifiers	Name, email, Linear user ID	Yes
Internet activity	Page views, feature usage, IP address	Yes
Professional information	Linear issue data (work-related)	Yes
Inferences	None	No

7.4 Exercising Your Rights

Use the Settings page to manage preferences or delete your account. For other requests, contact us at the address in Section 12. We will respond to verified requests within 30 days.

8. Children's Privacy

9. International Data Transfers

10. Third-Party Links and Services

This Privacy Policy applies only to the Service. We are not responsible for the privacy practices of Linear or any other third-party services.

11. Changes to This Privacy Policy

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: contact@arecaapp.com

By using Areca, you acknowledge that you have read and understood this Privacy Policy.

Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

1.2 Information Collected Through Linear OAuth

1.3 Information Collected From the Linear API

1.4 Information You Create Within the Service

1.5 Information Collected Automatically

2. How We Use Your Information

3. How We Share Your Information

3.1 Linear

3.2 PostHog (Analytics)

3.3 Infrastructure Providers

3.4 Legal and Safety Disclosures

3.5 Business Transfers

4. Cookies and Tracking Technologies

4.1 Essential Cookies

4.2 Analytics

4.3 No Third-Party Advertising Cookies

4.4 Browser Permissions

5. Data Storage and Security

5.1 Where Your Data Is Stored

5.2 Security Measures

5.3 Data Breach Notification

6. Data Retention

6.1 Active Accounts

6.2 Account Deletion

6.3 Server Logs

6.4 Analytics Data

7. Your Rights

7.1 All Users

7.2 EEA and United Kingdom Residents

7.3 California Residents

7.4 Exercising Your Rights

8. Children's Privacy

9. International Data Transfers

10. Third-Party Links and Services

11. Changes to This Privacy Policy

12. Contact Information

Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

1.2 Information Collected Through Linear OAuth

1.3 Information Collected From the Linear API

1.4 Information You Create Within the Service

1.5 Information Collected Automatically

2. How We Use Your Information

3. How We Share Your Information

3.1 Linear

3.2 PostHog (Analytics)

3.3 Infrastructure Providers

3.4 Legal and Safety Disclosures

3.5 Business Transfers

4. Cookies and Tracking Technologies

4.1 Essential Cookies

4.2 Analytics

4.3 No Third-Party Advertising Cookies

4.4 Browser Permissions

5. Data Storage and Security

5.1 Where Your Data Is Stored

5.2 Security Measures

5.3 Data Breach Notification

6. Data Retention

6.1 Active Accounts

6.2 Account Deletion

6.3 Server Logs

6.4 Analytics Data

7. Your Rights

7.1 All Users

7.2 EEA and United Kingdom Residents

7.3 California Residents

7.4 Exercising Your Rights

8. Children's Privacy

9. International Data Transfers

10. Third-Party Links and Services

11. Changes to This Privacy Policy

12. Contact Information