What we can see — and what we won’t.
This page is the honest version. No lawyer-speak. If you want the formal one too, email hello@getkatchapp.com and we’ll send the long-form privacy policy.
What we collect
- Your email address (for sign-in — we send you a code, we don’t store a password).
- Optionally, the name you typed at signup.
- Everything you catch: links, notes, voice transcripts, photos, reminders. This is the product.
- The pairings you set up — who you’ve invited and who’s accepted.
Who can see what you caught
You. Always. The app is built so that one user’s data is invisible to another user at the database level (row-level security — Supabase enforces it).
People you explicitly share with. When you tag a drop with a partner, that one drop becomes visible to them. The rest of what you’ve caught is not. Sharing is per-drop and per-person — never accidental, never bulk.
Us, the operators — technically yes. Katch is not an end-to-end encrypted product. The same is true of Notion, Things, Todoist, Apple Notes (in iCloud’s default mode), and almost every cloud productivity app. That means: in principle, the people who run the database have the keys to read it. We don’t read your stuff for fun, for ads, or for training models — but we’d be lying if we said it was technically impossible. If zero-knowledge encryption is a requirement for you, Katch is not currently the right tool, and we’ll say so honestly until that changes.
When we do look at data — only ever to debug a specific issue you’ve reported, or under legal compulsion — we’ll be straight with you about it.
What we do not do
- No advertising. Ever. We are not in the attention-selling business.
- No selling, renting, or sharing of your data with third parties.
- No third-party trackers in the app. No Google Analytics. No Meta pixel. No Hotjar.
- No training of AI models on your data. The AI suggestions in Katch are made by sending the single drop you just caught to a model provider for one-off processing — the provider’s contractual terms forbid them from training on it.
Where your data lives
On Supabase (a managed Postgres + auth platform), running on AWS in the region the project is provisioned in. The marketing site at getkatchapp.com is hosted on Netlify. The app at app.getkatchapp.com is hosted on Netlify and talks to Supabase.
Deleting your account
Email hello@getkatchapp.com from your account email. We’ll delete the row from auth.users, which cascades to every drop, bucket, pairing, and token you ever created. We’ll confirm when it’s done. Anything you previously shared with a partner becomes private to them on their side — we don’t delete from people you shared with, only from you.
Changes
If we change anything substantive on this page, we’ll email every active user before it takes effect. No silent updates.
Questions? hello@getkatchapp.com. Last updated May 2026.