Privacy Policy
Last updated: July 5, 2026
Who we are
Compos is a personal organization application operated by Gabriele Acquaroli. This product is currently in Beta Testing Mode. For any questions or requests, write at contact@ghosted.cool
Data we collect and store
When you sign in with Google and use Compos, we store the following data in our database (hosted on Supabase):
- Account information: your name, email address and profile picture as provided by Google Sign-In.
- Tasks and projects: the to-do items, task lists, priorities, due dates and project details you create in the app.
- Google Calendar tokens: OAuth access and refresh tokens that let Compos read and create events in your Google Calendar. These tokens are stored encrypted (AES-256-GCM) and are used exclusively to sync calendar events inside the app.
- Chat messages: conversations you have with the built-in AI assistant, so you can revisit them later.
- Spending entries and budgets: the expense amounts, categories, notes and monthly budget figures you enter on the Budget page.
- Whiteboard content: the drawings, shapes, text and images you place on Brainstorm boards.
How we use your data
Your data is used solely to provide Compos's features to you: showing your tasks and projects, syncing your calendar, tracking your budget, saving your whiteboards and keeping your chat history. We do not use your data for advertising, profiling, analytics resale or model training.
Google user data
Compos requests the profile, email and https://www.googleapis.com/auth/calendar.events scopes. Google Calendar data is used only to display your events inside the Compos calendar and to create or update events you explicitly add from the app. It is never shared with any third party, never used for any other purpose, and never used to train AI or machine-learning models.
Compos's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Sharing with third parties
We do not sell, rent or share your personal data with third parties. The only parties that process data on our behalf are the infrastructure providers required to run the app:
- Supabase — database and authentication hosting.
- Vercel — application hosting.
- Anthropic— when you send a message to the AI chat, the text of that conversation is sent to Anthropic's API to generate a reply. Your calendar data, tokens and spending entries are not sent to Anthropic.
Sharing you control
If you share a Project or Brainstorm board with another Compos user by link or email invite, that person can see (and, if you grant edit permission, modify) the content of that specific project or board. You can revoke a share at any time from the app.
Data retention and deletion
Your data is kept for as long as you have an account. You can delete individual items (tasks, chats, expenses, boards) at any time from the app. To delete your account and all associated data — including stored Google Calendar tokens — email acquaroligabriele@gmail.com and it will be removed within 30 days. You can also revoke Compos's access to your Google account at any time at myaccount.google.com/permissions, which immediately invalidates the stored tokens.
Security
All traffic is encrypted in transit with TLS. Google Calendar tokens are encrypted at rest with AES-256-GCM before being written to the database. Database access is protected by row-level security so each user can only read and write their own data (plus content explicitly shared with them).
Changes to this policy
If this policy changes, the updated version will be posted at this address with a new "Last updated" date.