Privacy Policy
Plain-English summary
- Everything stays on your Mac. No analytics, no telemetry, no crash reports.
- We only talk to the APIs you explicitly connect: Figma, Jira, GitHub, Trello, Linear, and Confluence.
- Your tokens live in the macOS Keychain. Your settings live in your local UserDefaults.
- Cached items live in your app's sandboxed Application Support folder, pruned after 30 days.
- No data is ever sent to us. There is no "us" server.
What data is handled
The app handles only data you provide directly:
| Data | Why | Stored where |
|---|---|---|
| Figma Personal Access Token | Auth header on Figma API requests | macOS Keychain |
| Figma Team ID | URL path for Figma API | UserDefaults |
| Figma File Keys (optional) | URL path for Figma API | UserDefaults |
| Jira API Token | Basic Auth header on Jira API requests | macOS Keychain |
| Jira Base URL | Host for Jira API requests | UserDefaults |
| Jira User Email | Basic Auth identity | UserDefaults |
| GitHub Personal Access Token | Bearer auth header on GitHub API requests | macOS Keychain |
| GitHub Enterprise URL (optional) | Host for GitHub API requests | UserDefaults |
| GitHub Repo allow-list (optional) | Filter for GitHub Search API query | UserDefaults |
| Trello API Key | Query string ?key=… on Trello API requests |
macOS Keychain |
| Trello User Token | Query string ?token=… on Trello API requests |
macOS Keychain |
| Linear API Key | Auth header on Linear GraphQL requests | macOS Keychain |
| Confluence API Token | Basic Auth header on Confluence API requests | macOS Keychain |
| Confluence Base URL | Host for Confluence API requests | UserDefaults |
| Confluence User Email | Basic Auth identity for Confluence | UserDefaults |
| Cached digest items | Offline display + new-item detection. Items older than 30 days are pruned automatically. | ~/Library/Containers/com.designstandupbot/Data/Library/Application Support/cache/items.json |
| Notification preferences | Per-source enable flags | UserDefaults |
| Snooze + read state | Local UX state. Snooze resets at midnight; read state is preserved. | Cached items JSON |
All credentials are retained until you Disconnect the service or remove the app.
No background collection occurs. The app does not request location, contacts, calendar, microphone, camera, or any other system data.
What data leaves your device
Network requests are made only to:
api.figma.com— only when Figma credentials are configured and a refresh occursyour-tenant.atlassian.net— the host you configured, only when Jira and/or Confluence credentials are configured (Confluence uses the same host under/wiki/rest/api)api.github.com(or your GitHub Enterprise host) — only when GitHub credentials are configuredapi.trello.com— only when Trello credentials are configured and a refresh occursapi.linear.app— only when Linear credentials are configured and a refresh occursdesignstandup.app— only when the app checks for updates (anonymous GET to/appcast.json); no credentials sent, no telemetry
These requests carry your credentials in standard auth artifacts. Figma, Atlassian (Jira / Confluence / Trello), GitHub, and Linear's own privacy policies govern how they handle those requests on their end.
No requests are made to any other host. No requests are made to a server owned by the app author or any third party.
What we do not do
- No analytics (no Mixpanel, Segment, Amplitude, Firebase, or anything similar)
- No crash reporting (no Sentry, Crashlytics, or anything similar)
- No advertising SDKs
- No third-party SDKs of any kind
- No "phone home" requests to check for updates
- No data resale or sharing
macOS permissions
The app requests permission for:
- Notifications — to surface new mentions from your connected services. You can revoke this in System Settings → Notifications at any time.
- Network client (sandbox entitlement) — required for any API calls.
The app does not request: Full Disk Access, Accessibility, Screen Recording, Camera, Microphone, Contacts, Calendar, Photos, or Location.
Third-party services
When you connect Figma, Jira, GitHub, Trello, Linear, or Confluence, you interact with their services subject to their own terms:
- Figma Privacy Policy
- Atlassian (Jira / Confluence / Trello) Privacy Policy
- GitHub Privacy Statement
- Linear Privacy Policy
Design Standup has no user account, no server, and no backend. There is no third-party processor.
Your rights and control
- Disconnect a service — Settings → tap "Disconnect" on the service card. This deletes the token from Keychain and the IDs/URLs from UserDefaults.
- Stop notifications — Settings → toggle "Enable notifications" off, or revoke at the system level in System Settings → Notifications.
- Delete all local data — quit the app and remove the app bundle. The sandbox container at
~/Library/Containers/com.designstandupbot/contains all app data and is removed when you drag the app to Trash and empty it.
Children
Design Standup is a professional tool for designers and developers. It is not directed at children under 13 and does not knowingly handle data from them.
Changes to this policy
The "Last updated" date at the top of this page reflects the most recent change. If a future release materially changes data handling, the policy will be updated and the change noted in release notes.
Contact
Carlo Ciccarelli — info@carlociccarelli.com