← Back

Privacy Policy

Last updated: May 26, 2026

What we collect

When you sign in with Linear we receive:

  • Your Linear user ID, name, email, and avatar URL
  • An OAuth access token to read and write your Linear workspace on your behalf

We also store your canvas layout (node positions, edges, groups) so it persists between sessions.

How we use it

Your data is used exclusively to power RoadCanvas:

  • Authenticating you across sessions via a signed JWT cookie
  • Fetching your initiatives, projects, and milestones from Linear's API
  • Saving your canvas state to our database so it loads on your next visit

We do not sell, share, or transfer your data to third parties for any commercial purpose.

Error monitoring

We use Sentry to capture application errors. Error reports may include the URL where the error occurred (query parameters are stripped to prevent token leakage) and a stack trace. No personally identifiable information is intentionally included in error reports.

Data storage

Your data is stored in a Cloudflare D1 database (SQLite) hosted in Cloudflare's global network. Access tokens are encrypted at rest. Canvas state is stored as JSON per user per initiative.

Data retention & deletion

You can delete your account and all associated data at any time by emailing [email protected]. We will process the request within 30 days and confirm deletion.

Cookies

We use a single HttpOnly, Secure, SameSite=Lax session cookie (rc_session) that contains a signed JWT. This cookie is strictly necessary for authentication. No tracking or advertising cookies are used.

Your rights (GDPR / CCPA)

You have the right to access, correct, or delete your personal data. To exercise any of these rights, contact us at [email protected].

Contact

Questions about this policy? Email us at [email protected].

v0.7.0