Last updated: March 18, 2026
When you create an account, we collect your email address and password (hashed). When you use lst.so, we store the tasks, subtasks, tags, notes, and activity logs you create. We also collect basic usage data (page views, feature usage) through privacy-friendly analytics.
We use your data to provide and improve lst.so. Specifically:
We do not sell your data. We do not use your task content to train AI models.
We use the following third-party services:
When you connect AI agents (such as Claude Code, OpenClaw, or ChatGPT) via the Model Context Protocol, those agents can read and write tasks on your behalf using your API key. We do not share your data with AI providers beyond what you explicitly authorize through these connections. Agent activity is logged on your tasks so you always have visibility.
We use a session cookie to keep you logged in. We do not use tracking cookies or third-party advertising cookies.
Your data is stored for as long as you have an active account. If you delete your account, all associated data (tasks, subtasks, logs, tags, and personal information) is permanently deleted within 30 days.
You can export, correct, or delete your data at any time. To delete your account and all associated data, go to Settings. For any other requests, email help@lst.so.
All data is transmitted over HTTPS. Passwords are hashed using bcrypt. API keys can be regenerated at any time from your settings.
We may update this policy from time to time. Material changes will be communicated via email or an in-app notice.
Questions? Email help@lst.so.