sempa

Privacy

Your data stays yours.

Sempa is self-hosted. Your tasks, notes, email and calendar data live on infrastructure you own and control — not on ours. This page explains exactly what the app, the Android app, and this website do with information.

Last updated 14 June 2026

The short version. Sempa runs on your own server. The project maintainers operate no servers that receive your data and run no analytics or tracking — on the app or on this website. Any external service you connect (email, calendar, Jira) is one you choose and configure yourself, and your data flows directly between your server and that provider.

Who this policy covers

This policy applies to three things, which are deliberately separate:

  • The Sempa application — the self-hosted server and its web, desktop and Android clients.
  • The Sempa Android app — distributed via GitHub Releases (and, in time, app stores).
  • This website — the marketing and documentation site you're reading now.

The Sempa application

Sempa is self-hosted. You (or whoever administers your instance) run it on your own server, and your data is stored in a single SQLite database file on that server. The people who develop Sempa have no access to your instance and receive none of your data.

  • What's stored: the tasks, notes, plans, reflections, journal entries, time-blocks, reminders, settings and any account credentials you create — all on your server.
  • Who can see it: only you and anyone you grant access to your instance. Sempa supports authentication (Google Sign-In or username + password) so your instance isn't open to the world.
  • No telemetry: the application does not phone home, collect usage analytics, or send crash/usage data to the maintainers.
  • Backups: if you enable backups, they go to the destination you configure — kept local, or pushed to your own S3, WebDAV or Google Drive, optionally encrypted with a passphrase you set.
  • Local AI title cleanup: when you import an email, its subject is tidied into a concise task title by a small AI model running on your own server (bundled via Ollama). This happens entirely on your infrastructure — no email content is sent to any third party, and no API key is required. If the local model is unavailable, the original subject is kept unchanged.

Services you choose to connect

Sempa's integrations are optional and configured by you with your own credentials. When enabled, your server communicates directly with these providers; the Sempa project is not a party to that exchange and never sees the data. Each provider's own privacy policy governs the data they hold:

  • Email (Gmail, Fastmail, IMAP/forwarding): used to turn starred or forwarded mail into tasks. Sempa reads only what's needed to create a task.
  • Calendars (Google, Fastmail, CalDAV, ICS/webcal): read to show events alongside your tasks.
  • Jira: imports your assigned issues and can transition tickets you mark done.
  • Notification channels (Web Push, Android push, webhooks): deliver reminders you create to the channels you enable.

You can connect, disconnect or revoke any of these at any time in Settings, and revoke access from the provider's side.

The Android app

The Android app is a client for your own Sempa server. It connects only to the server address you enter.

  • No ads, no analytics, no third-party trackers are bundled in the app.
  • Permissions are limited to what the features need — network access to reach your server, and notification/alarm permissions so reminders can fire on your device, even offline.
  • Data location: a local copy of your data is kept on the device to work offline, and synced with your server. It is not sent anywhere else.

This website

This site is a static set of pages served over HTTPS from a static host (such as GitHub Pages or Cloudflare Pages). It exists to describe Sempa and link to the project.

  • No analytics or advertising and no tracking cookies are used.
  • Your browser stores a single local preference — your chosen theme — in localStorage on your own device. It never leaves your browser.
  • The hosting provider may keep standard, short-lived server logs (such as IP address and request time) for security and operational purposes, as any web host does. We do not build profiles from these.
  • Outbound links (for example to GitHub) take you to third parties governed by their own privacy policies.

Governing law & your rights

Sempa is a project based in Ontario, Canada. Personal information handled in the course of the project's activities is treated in accordance with Canada's federal Personal Information Protection and Electronic Documents Act (PIPEDA), the law that governs private-sector handling of personal information in Ontario. This policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable there.

Under PIPEDA you have the right to ask what personal information is held about you, to request a correction, and to withdraw consent. Because Sempa is self-hosted, the project holds essentially none of your personal information — the administrator of your own instance controls your data and is responsible for it. For information held by this website's host, you can exercise these rights through the contact route below.

Children

Sempa is a productivity tool intended for a general, adult audience and is not directed at children. We do not knowingly collect personal information from children or minors — and, being self-hosted, the project collects no personal information from anyone.

Changes to this policy

If this policy changes, the updated version will be published on this page with a new "last updated" date. Material changes will also be noted in the project's release notes.

Contact

Questions about privacy? Open a thread in GitHub Discussions, or for anything sensitive, use private security reporting.