Back home Privacy

A clear view of your data.

This policy explains what How About Today collects, why we use it, who helps us provide the service, and the choices available to you.

Effective June 6, 2026

How About Today is a product of Streamliner One LLC ("How About Today," "we," "us," or "our"). This Privacy Policy applies when you visit howabout.today, use the web application at app.howabout.today, connect an AI agent, contact us, or otherwise use our services (together, the "Service").

The short version

  • Your task lists are private to your account. We do not make them public.
  • We do not sell or rent personal information, run ads, or share personal information for cross-context behavioral advertising.
  • Stripe processes payments. We do not receive or store your full payment-card number.
  • An AI agent can access your tasks only after you approve a connection and its permission level. You can revoke it at any time.
  • You can export your tasks or delete your account.

1. Information we collect

Information you provide

Account information. We collect your email address, an optional display name, and information about your account and subscription. We use passwordless sign-in, so we do not ask you to create a password.

Tasks and related content. We store task text and the organization choices you enter, including dates, order, completion status, stars, colors, repeat settings, and whether a task is set aside in the Box. We also keep limited task activity and completion information needed to sync devices, support undo and recovery, apply recurring-task and carry-forward rules, and provide completion statistics.

Please use care when deciding what to put in a task. The Service is not designed as a repository for passwords, payment-card numbers, government identifiers, medical records, or other highly sensitive information.

Communications. If you email us or ask for support, we collect your contact details and the contents of your message. Our application email is transactional: sign-in and email-change codes, agent-pairing approval links, and replies to you. We do not send task reminders, advertising, or marketing email. Stripe may send billing-related messages under its own policy.

Information collected when you use the Service

Device, request, and security information. Our servers and service providers receive technical information such as your IP address, browser or device type, user agent, requested page or API route, request method, timestamps, and related diagnostic information. We use it to deliver the Service, prevent abuse, apply rate limits, troubleshoot problems, and investigate security events. Our application security records are designed to minimize exposure: source IP addresses used in security-event records are stored as keyed hashes rather than raw addresses, and email addresses in routine security views are masked or hashed.

Authentication and connected-agent information. We collect sign-in and authorization records such as one-time-code status, session records, connected-agent or OAuth client name, requested and approved permission level, token prefix, creation and last-used times, and revocation status. Session, API, and refresh tokens are stored in hashed form on our systems.

Approximate region for Auto appearance. When the app needs an approximate daylight region for the Auto theme, our server may send your IP address to ipapi.co, with ipwho.is as a fallback, to obtain an approximate city/region and coordinates. The app does not request your device's precise GPS location. The returned approximate region may be rounded and cached in your browser for up to 14 days.

Public-site analytics. We use Simple Analytics on the public website to understand aggregate use, such as page views, referral source, browser or device category, screen size, language, timezone, and interactions with links, email links, or downloads. Simple Analytics does not set analytics cookies, store IP addresses, create device fingerprints, or track visitors across sites. It provides aggregate statistics rather than individual visitor profiles.

Information from other sources

Stripe. If you subscribe, Stripe collects and processes your payment and billing information. We receive limited subscription and transaction information, such as Stripe customer and subscription identifiers, subscription status, billing period, and payment-event status. We do not receive or store your full payment-card number.

AI agents and connected clients. When an approved AI agent or client uses the Service, we receive the requests it sends on your behalf and information needed to identify and authorize the connection.

2. How we use information

We use information to:

  • create and manage your account;
  • authenticate you and send one-time sign-in or email-change codes and agent-pairing approval links;
  • store, sync, display, export, recover, and organize your tasks;
  • carry unfinished tasks forward and create future occurrences of repeating tasks;
  • enable, scope, monitor, and revoke AI-agent connections;
  • provide trials, subscriptions, account access, and billing support;
  • respond to questions and support requests;
  • operate, maintain, troubleshoot, and improve the Service;
  • understand aggregate use of the public website;
  • detect, prevent, and investigate fraud, abuse, security incidents, and unauthorized access;
  • enforce our terms and protect our users, the Service, and others; and
  • comply with legal obligations and valid legal requests.

We may create aggregated or de-identified information that cannot reasonably be used to identify you and use it for analytics, planning, and improving the Service.

4. How we disclose information

Service providers. We use vendors that help us host and deliver the website and application, store data and backups, send transactional email, process payments, provide content delivery or fonts, monitor reliability, and support security. These currently include Netlify for the public website, Simple Analytics for aggregate website analytics, Stripe for billing, Google Fonts on the public website, and the approximate-region providers described above. Other infrastructure and email providers process information on our behalf under contractual or operational safeguards.

AI agents and services you choose. When you approve an AI-agent connection, the connected client can receive task and account information within the permission level you approve. The operator of your chosen AI service may process information under its own privacy policy and terms. Review those terms before connecting it. You can revoke a connection from your account at any time.

Legal and safety reasons. We may disclose information if we reasonably believe it is necessary to comply with law or valid legal process; protect the rights, safety, or property of users, Streamliner One LLC, or others; enforce agreements; or detect and respond to fraud, abuse, or security issues.

Business transfers. If How About Today or Streamliner One LLC is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be disclosed as part of that transaction, subject to appropriate confidentiality protections and applicable law.

With your direction. We may disclose information when you ask us to or otherwise direct us to do so.

We do not sell or rent personal information. We do not share personal information for cross-context behavioral advertising, and we do not use your task content to serve ads.

5. AI-agent connections

How About Today supports user-approved AI-agent connections through MCP, device pairing, and OAuth.

  • You choose whether a connection is read-only or read-and-write.
  • Each issued connection is scoped to the approving account.
  • The agent can access data only when it makes an authenticated request within its approved scope.
  • You can review and revoke connected agents from your account. Revocation prevents the connection from making new authenticated requests.
  • Deleting or revoking a connection in How About Today does not delete copies an external AI provider may already have processed or retained. Requests about those copies should be directed to that provider.

Never give an agent your one-time sign-in code, browser session token, API token, or payment details.

6. Browser storage, cookies, and similar technology

The app uses browser storage and caching necessary to provide its features. Depending on how you use it, this may include:

  • your signed-in session token;
  • a local task copy used for offline operation and recovery when the server cannot be reached;
  • appearance and interface preferences;
  • the cached approximate region used for Auto appearance; and
  • service-worker caches used to make the web app load reliably and work offline.

The OAuth authorization flow may use a strictly necessary session cookie to keep you signed in while you review and approve a connection. Stripe may use cookies or similar technology in its hosted checkout or billing portal for payment, fraud prevention, and security under Stripe's own policy.

Simple Analytics does not use cookies or browser storage for analytics. We do not use advertising cookies or cross-site behavioral tracking.

You can clear browser storage through your browser settings, but doing so may sign you out, remove locally stored preferences or offline task copies, and require the app to download your synced tasks again.

7. Data retention

We keep information only as long as reasonably necessary for the purposes described in this policy, including providing the Service, maintaining security, resolving disputes, and meeting legal obligations.

  • Active tasks remain until you complete or delete them, or delete your account.
  • Completed tasks are recoverable for 14 days and are then purged. We may keep a lightweight aggregate completion count until you delete your account.
  • Deleted tasks remain in recoverable trash for 14 days and are then purged.
  • Account, subscription, session, and connected-agent records are kept while needed to operate your account and for limited periods afterward where necessary for security, billing, dispute resolution, or legal compliance.
  • Security and administrative records may be kept for a reasonable period to investigate abuse, protect the Service, document important account actions, and meet legal requirements.

When you delete your account, we delete your account profile, tasks, task history, completion statistics, active sessions, and connected-agent grants from our active application systems. Limited security, administrative, transaction, tax, or billing records may be retained where reasonably necessary or legally required. Information held by Stripe or another independent provider is subject to that provider's retention practices. Residual copies may remain in restricted backups until those backups are overwritten through the normal backup cycle.

8. Your choices and privacy rights

You can:

  • update your display name or email from your account;
  • export your tasks in a portable format;
  • revoke any connected agent;
  • cancel or manage a paid subscription through the billing controls; and
  • delete your account from the available account controls or contact us for help.

Depending on where you live, you may also have the right to request access to, correction of, deletion of, or a copy of your personal information; object to or restrict certain processing; withdraw consent; or appeal a decision about a privacy request. You may also have the right to complain to your local data-protection authority.

Residents of U.S. states with applicable consumer privacy laws may have rights to know, access, correct, delete, or obtain a portable copy of certain personal information and to receive equal service when exercising those rights. We do not sell personal information or share it for cross-context behavioral advertising.

To exercise a privacy right, email hello@howabout.today. We may need to verify your identity and authority before completing a request. An authorized agent may submit a request where permitted by law, but we may require proof of authorization and identity verification. We will respond within the period required by applicable law.

9. International data transfers

Streamliner One LLC and some of our service providers may process information in the United States and other countries that may have different data-protection laws from your country. Where required, we use recognized safeguards for international transfers, such as contractual protections, and rely on service providers' approved transfer mechanisms.

10. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information. These include HTTPS in transit, account-level data scoping, hashed authentication tokens, scoped and revocable agent access, request limits, and security-event monitoring designed to avoid storing raw secrets.

No method of storage or transmission is completely secure. Please protect access to your email account and devices, review connected agents periodically, and contact us promptly if you believe your account has been compromised.

11. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us contrary to applicable law, contact us and we will take appropriate steps.

12. Changes to this policy

We may update this Privacy Policy as the Service or law changes. We will post the updated version here and revise the effective date. If a change materially affects how we use personal information, we will provide additional notice when required by law.

13. Contact us

Streamliner One LLC is the operator of How About Today and the controller of personal information described in this policy, except where another provider acts as an independent controller.

For privacy questions or requests, contact Streamliner One LLC at:

hello@howabout.today