1. Introduction
Welcome to SyncList ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the
security of your personal data. This Privacy Policy explains how we collect, use, store, and protect
your information when you use our mobile application.
Your Privacy Matters: We only collect data that is essential for the app to
function. We never sell your personal information to third parties.
2. Data Controller
For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection
laws, we are the data controller responsible for your personal data.
Contact email: support@synclistapp.com
3. Information We Collect
3.1 Information You Provide
- Account Information: Email address and display name when you create an account
- Profile Data: Optional profile picture if you choose to upload one
- List Data: Shopping lists, items, and group information you create within the app
3.2 Information Collected Automatically
- Device Information: Device type and operating system version for app compatibility
- Usage Data: Anonymous analytics to improve app performance
- Push Notification Tokens: Only if you enable notifications
3.3 Information We Do NOT Collect
- Location data
- Contacts or address book
- Financial or payment information
- Health or biometric data
4. How We Use Your Information
We use your personal data only for the following purposes:
- Provide Services: Enable you to create, manage, and share lists with your groups
- Account Management: Authenticate your identity and manage your account
- Communication: Send important service updates and respond to support requests
- Improvement: Analyze anonymous usage patterns to improve the app
- Security: Detect and prevent fraud or unauthorized access
5. Legal Basis for Processing (GDPR)
Under the GDPR, we process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide our services to you
- Legitimate Interests: Improving our services and ensuring security
- Consent: Where you have given explicit consent (e.g., marketing communications)
- Legal Obligation: Where required by applicable law
6. Data Sharing and Third Parties
We do not sell, trade, or rent your personal information. We may share data only with:
- Firebase (Google): For authentication, database, and cloud services
- Group Members: List data is shared with members of your groups as per app
functionality
- Legal Requirements: When required by law or to protect our legal rights
All third-party services we use are GDPR-compliant and have appropriate data processing agreements in
place.
7. Data Retention
We retain your personal data only for as long as necessary:
- Active Accounts: Data is retained while your account is active
- Deleted Accounts: Data is deleted within 30 days of account deletion
- Backup Data: May be retained for up to 90 days for disaster recovery
8. Your Rights
Under GDPR and other privacy laws, you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a portable format
- Restriction: Limit how we process your data
- Objection: Object to data processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise any of these rights, please contact us at support@synclistapp.com. We will respond within 30 days.
9. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption of data in transit (TLS/SSL) and at rest
- Secure authentication using Firebase Authentication
- Regular security assessments and updates
- Access controls limiting data access to authorized personnel only
10. International Data Transfers
Your data may be processed in countries outside your residence, including the United States
(Firebase/Google Cloud). We ensure appropriate safeguards are in place:
- Standard Contractual Clauses approved by the European Commission
- Data processing agreements with all service providers
- Compliance with applicable data transfer regulations
11. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the CCPA:
- Right to Know: Request disclosure of what personal information we collect and how
it is used.
- Right to Delete: Request deletion of your personal information.
- Right to Opt-Out: Request that we do not sell your personal information.
- Non-Discrimination: We will not discriminate against you for exercising your
rights.
Do Not Sell My Personal Information: SyncList does not sell your personal
information to third parties.
12. Children's Privacy
Our app is not intended for children under 13 years of age (or 16 in some EU countries). We do not
knowingly collect personal data from children. If you believe a child has provided us with personal
data, please contact us to have it removed.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through
the app or via email. The "Last updated" date at the top indicates when the policy was last revised.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:
You also have the right to lodge a complaint with your local data protection authority if you believe
your rights have been violated.