Dash LogoDash

Privacy Policy

Last updated: March 10, 2026

Our Approach

Dash is a privacy-first, offline note-taking app. We collect zero user data. This isn't just policy — it's architecture. Dash is designed from the ground up so that your notes never leave your device unless you explicitly choose to share them.

Data We Collect

None.

No accounts. No email addresses. No usage analytics. No telemetry. No crash reports. No cookies. No tracking pixels. Dash does not collect, transmit, or store any personal data whatsoever.

Data Storage

All notes are stored locally on your device. Dash never syncs your data to any cloud server.

  • Desktop (macOS): JSON files stored in ~/Library/Application Support/Dash/
  • PWA (Web): IndexedDB in your browser

Optional Network Features

Two features use a zero-knowledge relay server when you explicitly choose to use them:

Encrypted Sharing

Content is encrypted client-side with AES-256-GCM before upload. The relay stores only encrypted blobs it cannot read. Shared notes are auto-deleted after 30 days. No accounts, no logs.

Live Collaboration

The WebSocket relay forwards encrypted binary messages between participants. The relay never sees plaintext content.

Auto-Updates (Desktop Only)

The Mac app checks for updates in the background via GitHub. No personal data is transmitted during this process.

Third-Party Services

  • Stripe — Payment processing for the Mac desktop app one-time purchase and the Dash Sync subscription. Stripe receives your email, billing address, and card. We never see your card details. For active sync subscribers, our server stores your email, your Stripe customer/subscription IDs, and your subscription status so we can verify the sync entitlement on each device.
  • RevenueCat — Used only on the iOS app to process Dash Sync subscriptions via Apple In-App Purchase. RevenueCat receives an anonymous device-generated ID and your Apple-provided subscription receipt. They do not receive your email or any note content.
  • Resend — Sends sign-in codes (6-digit, one per session) and one-time transactional notices. We never use Resend for marketing. Resend sees only your email address and the short code body.
  • GitHub — Open source code hosting and Mac app update checks.
  • Deno Deploy — Hosts the relay server. The relay stores end-to-end encrypted vault blobs (ciphertext only), per- request timestamps + IPs for abuse prevention, and (for sync subscribers) the entitlement records described above. The relay never has access to your vault key or note plaintext.

Open Source

The full source code for Dash is available on GitHub for anyone to audit. Our privacy claims are verifiable, not trust-based. You can inspect exactly how your data is handled at every step.

Contact

For questions about this privacy policy, contact @efesopoulos on Twitter/X.