M
momentum

Privacy Policy

Effective Date: April 6, 2026

1. Introduction

Momentum ("we," "us," or "our") operates the Momentum web application — an action-to-outcome tracker for developers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By accessing or using Momentum, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the service.

2. Information We Collect

Account Information

When you create an account, we collect information provided by your authentication method:

  • Email address— provided directly or via OAuth (Google, GitHub)
  • Display name and avatar— imported from your Google or GitHub profile when you use OAuth sign-in

User-Created Content

We store the content you create within the service, including:

  • Projects, goals, tasks, and their associated metadata
  • Notes, descriptions, and settings you configure
  • Activity logs (task completions, status changes)

GitHub Integration Data

When you connect a GitHub repository, we access the following data with your explicit authorization:

  • Repository name and metadata
  • Commit history (author, message, timestamp)
  • We do not access or store your source code

Usage and Analytics Data

  • Activity metrics (streaks, XP, achievement progress)
  • Feature usage patterns to improve the service
  • Device type, browser, and operating system information

Cookies and Session Data

We use essential cookies to maintain your authentication session. We do not use third-party advertising or tracking cookies.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Momentum service
  • Authenticate your identity and manage your account
  • Generate AI-powered recommendations — certain project and activity data is sent to the Anthropic Claude API to produce personalized insights (see Section 4)
  • Calculate gamification metrics (XP, levels, achievements, streaks)
  • Sync and display commit data from connected GitHub repositories
  • Improve and develop new features based on aggregated usage data
  • Communicate with you about service updates or security issues

4. Third-Party Services

Momentum integrates with the following third-party services to provide its functionality:

  • Supabase— authentication, database hosting, and real-time data infrastructure. Your data is stored on Supabase servers.
  • Anthropic Claude API— AI-powered recommendations. We send limited project metadata and activity summaries (not raw task content) to generate personalized advice. Anthropic does not use this data to train models.
  • GitHub API— commit tracking and repository metadata. Access is granted via OAuth with your explicit authorization and can be revoked at any time.
  • Google OAuth— optional authentication method. We receive your email and profile information as authorized by Google's consent screen.

Each third-party service operates under its own privacy policy. We encourage you to review their respective policies.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We only share data with the third-party service providers listed above, solely to operate the service. We may also disclose your information if required by law or to protect the rights and safety of our users.

6. Data Retention

We retain your personal information and user-created content for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law. Aggregated, anonymized data may be retained indefinitely for analytical purposes.

7. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encrypted data transmission (TLS/HTTPS)
  • Secure authentication via OAuth 2.0 and magic links
  • Row-level security policies on our database
  • Regular security reviews of our infrastructure

No method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights

You have the right to:

  • Access— request a copy of the personal data we hold about you
  • Correction— update or correct inaccurate information
  • Deletion— request deletion of your account and associated data
  • Export— request a machine-readable export of your data
  • Revoke integrations— disconnect GitHub or other third-party connections at any time from your account settings

To exercise any of these rights, contact us at the email address below.

9. Cookies

Momentum uses only essential, first-party cookies required for authentication and session management. These cookies are set by Supabase Auth and expire when your session ends or after a defined period. We do not use marketing, analytics, or third-party tracking cookies.

10. Children's Privacy

Momentum is not directed at individuals under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete such information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice within the application. The "Effective Date" at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

privacy@getmomentum.app

← Back to home