← Back to Sequoia
Privacy Policy
Effective date: May 16, 2026 · Last updated: May 16, 2026
Short version: Sequoia connects to your Canvas account using a read-only token you provide. We don't sell your data, we don't share it with advertisers, and your Canvas token never leaves your own device.
1. Who We Are
Sequoia ("we," "our," or "us") is a study productivity app that helps college students prioritize assignments by grade weight, track study sessions, and grow a virtual tree as they study. Sequoia is operated as an independent service. Questions? Email us at support@getsequoia.app.
2. Information We Collect
2a. Information You Provide
- Account information: When you create an account via email or Google Sign-In, we collect your name and email address, which are stored in Firebase Authentication (operated by Google).
- Canvas credentials: Your Canvas URL and personal API access token are stored locally on your device (localStorage). If you are signed in, an encrypted copy is also saved to your Firestore profile so you can access Sequoia from multiple devices. Your Canvas token is read-only — it allows Sequoia to read your assignments and grades but cannot submit work or change anything in Canvas.
- Payment information: Subscription payments are processed by Stripe. We never see or store your full card number — Stripe handles all payment data under their own privacy policy.
2b. Information Collected Automatically
- Study data: XP points, streaks, completed assignments, Pomodoro session counts, and tree level are stored in Firestore and locally so your progress syncs across devices.
- Push notification tokens: If you grant permission, your browser's push subscription endpoint is stored in Firestore so we can send study reminders. You can revoke this at any time from Settings.
- Usage analytics: We use PostHog (self-hosted or cloud) to collect anonymous product analytics such as which features are used and error rates. This data does not include personally identifiable information.
- Device and browser information: Standard web server logs may record your IP address, browser type, and page requests. These logs are not linked to your identity and are retained for 30 days.
3. How We Use Your Information
- Authenticate you and sync your study data across devices
- Fetch your Canvas assignments and course information to display inside Sequoia
- Send push notifications you have opted in to (due-date reminders, streak alerts)
- Process subscription payments via Stripe and manage your plan status
- Improve Sequoia using aggregated, anonymized usage analytics
- Respond to support requests you send to us
4. Data Sharing
We do not sell, rent, or trade your personal information. We share data only with the following third-party services that are necessary to operate Sequoia:
- Google Firebase (Authentication, Firestore database) — Firebase Privacy
- Stripe (payment processing) — Stripe Privacy
- Canvas LMS (your institution's Canvas instance) — data is fetched on your behalf using the token you provide; your institution's privacy policy applies to their system
- PostHog (product analytics, anonymized) — PostHog Privacy
- Render (backend hosting) — API requests pass through Render servers; no personal data is logged or stored by Render beyond standard access logs
5. Your Canvas Token — Special Notice
Your Canvas personal access token gives read-only access to your Canvas account. Sequoia stores it in your browser's localStorage and, if you are signed in, in your encrypted Firestore document. It is never logged, transmitted to analytics services, or shared with anyone. We recommend generating a token specifically for Sequoia and revoking it from Canvas Settings if you ever stop using the app.
6. Data Retention and Deletion
Your account data is retained for as long as your account is active. You can request deletion of your account and all associated data at any time by emailing support@getsequoia.app. We will process deletion requests within 30 days.
If you uninstall the Sequoia PWA or clear your browser storage, all locally stored data (Canvas token, XP, streaks) is immediately erased from your device. Firestore data is retained until you request account deletion.
7. Children's Privacy
Sequoia is intended for college students age 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.
8. Security
We take reasonable technical measures to protect your data, including TLS encryption in transit, Firebase's built-in Firestore security rules, and token-based authentication. No system is 100% secure; please protect your Sequoia account with a strong password and revoke your Canvas token if you suspect unauthorized access.
9. International Users
Sequoia is operated from the United States. If you access Sequoia from outside the US, your data may be transferred to and processed in the US. By using Sequoia, you consent to this transfer.
10. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of Sequoia after an update constitutes acceptance of the revised policy.
11. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please email us at support@getsequoia.app.