Privacy for the project decision record
What ShipOrStop stores while you decide whether to build.
ShipOrStop keeps the account, project, evidence, Build Plan, milestone, and review data needed to carry one product idea through the 12-week decision loop.
Last updated: May 14, 2026
Request deletionThe data follows the project stage
Phase 0 direction screen
The idea, description, known keywords, evidence notes, AI-assisted classification, scoring choices, and decision notes you save.
Phase 1 Build Plan
The Build Plan draft, edits, launch checklist, and export-ready content tied to the project.
Phase 2 milestone tracking
Launch date, weekly check-ins, milestone status, connected GSC property, and tracking evidence used for the active project.
Phase 3 final review
The saved comparison between accepted assumptions, connected GSC evidence, manual business inputs, and your final choice.
Information ShipOrStop collects
Account access
Your email address, auth user ID, and profile details returned by the sign-in provider, such as a name or avatar when Google sign-in is enabled.
Project decision record
The project name, one-line description, keywords you paste, score choices, notes, Build Plan content, launch date, check-ins, and final review values you save.
Evidence inputs
Known keywords, competitor or SERP evidence returned for a project, AI-generated explanations you choose to keep, and source labels that separate user input, provider data, and AI output.
Connected Google data
If you connect Google Search Console, ShipOrStop reads your verified property list and Search Analytics rows for the property you select. This can include query, date, clicks, impressions, CTR, and average position.
Service data
Request IDs, error states, provider status, and timestamps used to debug failed saves, failed logins, Google connection issues, and unusual API use.
How the data is used
- Sign you in and keep saved projects tied to the same account.
- Restore Phase 0 results, Build Plans, milestone check-ins, and final reviews when you return.
- Classify the keywords you provided, attach evidence rows to the right source, and keep AI output reviewable.
- Read connected Google Search Console evidence only for the project stage that asks for it.
- Send sign-in links, weekly summaries, milestone reminders, deletion replies, and service notices.
- Investigate failed requests and control provider usage so one account cannot overload shared API limits.
Google user data
Google sign-in, when enabled, asks only for openid, email, and profile. That lets ShipOrStop create the account, recognize you on return visits, and attach saved projects to the right user.
Google Search Console is separate from login. If you click Connect GSC inside a saved project, ShipOrStop asks for the readonly Search Console scope. ShipOrStop reads the verified properties returned by your Google account and the Search Analytics rows for the property you choose.
Search Console access is read-only. ShipOrStop does not write to Search Console, submit URLs, edit sitemaps, request Indexing API access, or manage your Google property. GA4 is not part of the current Google authorization flow.
ShipOrStop uses Google user data only to provide or improve visible ShipOrStop features. ShipOrStop does not sell Google user data, use it for advertising, transfer it to data brokers, use it to determine creditworthiness, or use it to train general AI models.
Providers and security
Storage and access
Supabase stores account and project records with access controls. Cloudflare serves the application and may process request metadata.
Resend sends sign-in links, notices, summaries, milestone reminders, and support replies.
Evidence and AI
OpenRouter, Keywords Everywhere, DataForSEO, and Google APIs may process the project context or provider request needed for the feature you use. Google APIs handle Google sign-in and connected Search Console reads.
ShipOrStop uses HTTPS, server-side API routes, Supabase access controls, and encrypted token storage where Google connections are enabled. OAuth tokens are kept out of browser state, user-visible logs, and AI prompts.
Retention and deletion
Account and project records
ShipOrStop keeps account and project records while your account or project is active, or while the records are needed to provide the saved decision workflow.
Google OAuth tokens
Encrypted Google OAuth tokens are kept only while the related Google connection remains active. Disconnecting GSC or requesting token deletion removes the stored tokens from ShipOrStop.
Service and security records
Request IDs, error states, timestamps, and provider status records may be kept as needed for debugging, security review, abuse prevention, legal obligations, and backup integrity.
Deletion requests
Verified deletion requests are reviewed within 30 days. Deleting ShipOrStop records does not delete source data inside Google Search Console or other third-party accounts you control.
Your choices
Stop future Google reads
Revoke ShipOrStop in your Google Account permissions. That stops future reads that depend on that grant.
Remove saved ShipOrStop records
Request deletion of a project, connected Google tokens, the whole account, or all saved data tied to the account.
For privacy questions, contact support@ship-or-stop.com.