Privacy Policy

Account information. When you sign up we collect your email address, a display name, and a hashed password. We never store your password in plaintext.

Workspace content. Tasks, boards, comments, mentions, and other content you create in Momentum is stored on our behalf by our infrastructure providers (currently Neon for database, Vercel for hosting).

Usage signals. We log basic request metadata (timestamp, IP address, user agent) for security and reliability. We do not run third-party tracking or advertising pixels in the Momentum application.

Transactional email. We send transactional email (verification, password reset, invitations) via Brevo. The email subject, recipient, delivery status, and a short preview of the body are retained in our email-log table for debugging and compliance.

• To provide and operate Momentum (accounts, workspaces, tasks).
• To send transactional email required by the service.
• To detect and prevent abuse (rate limiting, fraud).
• To support you when you contact us.

We do not sell your personal information. We do not use your workspace content to train AI models or for any purpose other than operating the service for you.

We share the minimum necessary data with our infrastructure sub-processors (Neon, Vercel, Brevo). All of them are under contractual obligations to protect your data and use it only to provide the underlying service. We do not share your data with advertisers.

If we are required to disclose information by law, we will do so after reviewing the request and, where permitted, notifying the affected user.

You can export your data at any time from your profile page. You can delete your account (which removes your access to all workspaces; your display name remains on historical activity entries so that other members can read their own history). Contact hello@momentumm.xyz with any privacy-related request.

Account and workspace data is retained for as long as the account is active. Email-log entries are retained indefinitely for compliance; non-essential logs are pruned after 90 days.

Passwords are hashed using bcrypt with a work factor appropriate for current hardware. Traffic is encrypted in transit via TLS. Database connections are encrypted. We follow the principle of least privilege for internal access.

We'll post changes to this policy on this page and update the "Last updated" date. Material changes will also be emailed to account owners.

Questions about this policy or your data: write to hello@momentumm.xyz.