Privacy Policy

1. Introduction

Welcome to SyncList ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application and related services.

2. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation or set of operations performed on personal data.
• Data Controller: The entity which determines the purposes and means of processing personal data.
• GDPR: General Data Protection Regulation (EU) 2016/679.
• CCPA/CPRA: California Consumer Privacy Act and California Privacy Rights Act.

3. Data Controller

SyncList is the data controller for your personal data. For any privacy-related questions, contact us at:

Email: support@synclistapp.com

4. Information We Collect

4.1 Information You Provide

• Account Data: Email address and display name required for account creation and synchronization.
• Profile Information: Optional profile picture if you choose to upload one.
• User-Generated Content: Shopping lists, items, and sharing preferences you create within the app.

4.2 Information Collected Automatically

• Identifiers: Unique ID provided by Firebase for authentication and sync.
• Device Information: Device model, OS version, and language settings to ensure technical compatibility.
• Usage Logs: Information about app performance and interactions (via Firebase Analytics/Crashlytics) to identify and fix bugs.
• Push Tokens: Unique identifiers used solely to deliver notifications if you opt-in.

4.3 Local Storage and Cookies

We use local storage on your device to cache list data for offline use. We do not use tracking cookies for advertising purposes. Any "cookies" used are strictly necessary for authentication (via Firebase session management).

5. How We Use Your Information

We process your data for the following specific purposes:

• Service Provision: To create and sync your lists across devices.
• Account Security: To authenticate users and prevent unauthorized access.
• Communication: To send critical service updates or respond to your support requests.
• App Improvement: To analyze performance metrics and crash reports to improve stability.

6. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal basis for processing depends on the context:

• Performance of a Contract: Necessary to provide the SyncList service you signed up for.
• Legitimate Interests: Improving our app performance and ensuring service security, provided these don't override your fundamental rights.
• Consent: For optional features like push notifications or profile pictures.
• Legal Obligation: To comply with laws or respond to lawful requests.

7. Data Sharing

We share your data only in these limited circumstances:

• Service Providers: We use Google Firebase for hosting, database, and authentication. Google processes this data under strict security terms.
• Collaboration: List data is shared with other users you specifically invite to your groups.
• Legal Compliance: If required by law, we may disclose information to protect our rights or comply with judicial proceedings.

8. International Data Transfers

Your data is stored on servers located in the United States and other regions managed by Google Cloud. For users in the EU/EEA, we rely on:

• EU-U.S. Data Privacy Framework (DPF): Ensuring a level of protection essentially equivalent to the EU.
• Standard Contractual Clauses (SCCs): Approved by the European Commission for data transfers.

9. Data Retention

We keep your data as long as your account is active. If you delete your account, your personal data is removed from our active databases within 30 days. Some data may remain in encrypted backups for up to 90 days before final deletion.

10. Your Rights (GDPR & International)

You have the right to:

• Access and Export: Get a copy of your data in a structured format.
• Correction: Fix inaccurate information.
• Deletion: Request account and data removal.
• Object/Restrict: Limit how we process certain data.

Exercise these rights via the app settings or by emailing support@synclistapp.com.

11. US State Privacy Rights (CCPA/CPRA/Other)

Residents of California and other US states have specific rights:

• Right to Know: Disclosure of what data is collected.
• Right to Delete: Request deletion of collected data.
• Right to Correct: Request correction of inaccurate personal data.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your data for cross-context behavioral advertising.
• Non-Discrimination: We won't treat you differently for exercising your rights.

SyncList does not engage in "Automated Decision-Making" or "Profiling" as defined by US or EU laws.

12. Children's Privacy

SyncList is not directed at children under 13 (or the applicable age of consent in your country). We do not knowingly collect data from children.

13. Changes to This Policy

We may update this policy occasionally. We will notify you of major changes via the app or email.

14. Contact and Complaints

Questions? Contact us at support@synclistapp.com.

EEA users also have the right to lodge a complaint with their local Data Protection Authority.