Privacy Policy

Last updated: March 23, 2026

Overview

Holt is a local-first writing application for macOS developed by fromzeroagain OÜ (registry code 17447933, Estonia). Your writing is stored locally on your device by default. This policy explains what data we collect when you use the app and our website. For any privacy-related inquiries, contact us at hello@writeholt.com.

Legal Basis for Processing

Under the EU General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

  • Account data — performance of a contract (Art. 6(1)(b)), necessary to provide the service you signed up for
  • Shared content — performance of a contract (Art. 6(1)(b)), activated only when you choose to share writing with your circle or publish to the web
  • Invite emails — performance of a contract (Art. 6(1)(b)), sent only when you explicitly invite someone

Account Data

When you create an account, we store your email address, the authentication provider you used (Google or Apple), and your profile information (display name, photo, and highlight color).

Local Data (Private)

Your posts and bookmarks are stored locally in a SQLite database on your Mac. Private posts are never transmitted to our servers. You have full control over your local data.

Shared Data (Circle & Web)

When you set a post's visibility to “Circle” or “Web,” that post is synced to our cloud database (Supabase). Circle posts are only visible to people you are connected with. Web posts are publicly accessible on writeholt.com.

Image Storage

Images in shared posts (Circle or Web) are uploaded to BunnyCDN for delivery. Images in private posts remain on your device.

Network (Circle)

When you invite someone to your circle, we store the invite code, recipient email (if provided), and connection data in our database. Only connected users can see each other's Circle posts.

Invite Emails

When you send an email invite, the recipient's email address is passed to Resend (our email delivery provider) to send the invitation. We store the email address in the invite record.

Third-Party Services

We use the following third-party services to operate Holt:

  • Supabase — authentication and database (US)
  • BunnyCDN — image hosting and app distribution (EU)
  • Resend — email delivery (US)
  • Vercel — website hosting (US)

International Data Transfers

Some of our third-party service providers are based in the United States. When your data is transferred outside the EU/EEA, it is protected by appropriate safeguards, including EU Standard Contractual Clauses (SCCs) adopted by the European Commission, or equivalent mechanisms in accordance with GDPR Article 46.

Data Retention

  • Account data — retained while your account is active. Upon deletion, all associated server data is permanently removed.
  • Local data — stored only on your device. We have no access to it.
  • Shared posts — retained on our servers until you change visibility to private or delete the post.
  • Images — removed from CDN when the associated post is deleted or set to private.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access (Art. 15) — request a copy of your personal data
  • Rectification (Art. 16) — request correction of inaccurate data
  • Erasure (Art. 17) — request deletion of your data
  • Restriction (Art. 18) — request that we limit how we process your data
  • Data portability (Art. 20) — receive your data in a structured, machine-readable format
  • Object (Art. 21) — object to processing based on legitimate interest

To exercise any of these rights, contact us at hello@writeholt.com. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at www.aki.ee, or with the supervisory authority in your EU member state of residence.

Contact

If you have questions about this policy, please reach out at hello@writeholt.com.