Privacy Policy

We will collect and use the following Information about you:

Information You Provide to Us Registration Information

When you create an account in the ZapTodo app, you authenticate using Apple Sign-In or Google Sign-In. Through this process, we collect:

• Your name
• Email address
• Profile picture (optional)
• We do not collect or store passwords as authentication is handled entirely by Apple or Google

Payment Information

For paid services, including ZapTodo's premium features, we process payments exclusively through Apple Pay:

• Transaction information and subscription status
• Receipt verification data from Apple
• We do not store your credit card details, billing address, or any other sensitive payment information
• All payment processing is handled by Apple according to their privacy policy

Task and Project Data

When you use the Services, you create and manage tasks, projects, lists, reminders, notes, and other content ("User Content"):

• Tasks, projects, and lists you create
• Text descriptions, notes, and comments
• Dates, times, and reminders
• Priorities, tags, and labels
• Task completion status
• Organizational structures (folders, categories)
• You have full control over this content, and it remains private to your account

Support Communications

When you contact us for support:

• Your email address
• Any Information you choose to provide to help us assist you with your inquiry or issue

Information We Automatically Collect When You Use the Services Device Information

We automatically collect identifiers to ensure compatibility and optimize the app:

• Device type and model (iPhone, iPad)
• Operating system version (iOS)
• Unique device identifiers
• App version information

Usage Information

We collect information about how you interact with the app:

• Features you use
• App launch frequency
• Session duration
• Performance metrics
• This helps us understand which features are most valuable and identify technical issues

Sync and Storage Data

When you use ZapTodo's sync functionality:

• Last sync timestamp
• Connected devices to your account
• This ensures your tasks remain up-to-date across all your iOS devices

Offline Data

ZapTodo works both online and offline:

• When offline, your actions are stored locally on your device
• Data syncs to our servers when you reconnect to the internet
• This enables seamless app usage regardless of connectivity

Information We Receive From Third Party Platforms Third-Party Authentication

When you register through Apple Sign-In or Google Sign-In:

• Username
• Email address
• Profile picture
• The specific Information we receive depends on your privacy settings with Apple or Google and the permissions you grant during sign-in

Payment Platform Information

We receive information from Apple's payment platform:

• Transaction verification
• Subscription status
• Receipt information
• This validates your premium subscription and ensures you have access to paid features

Children

Our Services are intended for users who are at least 13 years of age:

• We do not knowingly collect Information from children under 13
• If you learn that a child has provided us with Information in violation of this Policy, please contact us at privacy@zaptodo.com
• We will delete that information immediately

We use your Information for the following purposes:

Provide You With the Services

We use your Information to perform our contractual obligation towards you to allow you to create an account and use the Services. The Information we process when doing so includes:

• Your registration information (name, email, profile picture)
• Authentication data from Apple Sign-In or Google Sign-In
• Task and project data you create and manage
• Device identifiers to enable sync across your iOS devices
• Information regarding your use of the Services, including sync activity and feature usage

When you activate certain features of the Services, we process additional Information:

• Offline mode: Your task data is stored locally on your device and synced when you reconnect
• Multi-device sync: Device information and sync timestamps to keep your data up-to-date across all your iOS devices

Process Payments

If you subscribe to ZapTodo's premium features, we use your Payment Information for payment processing purposes. We process:

• Transaction information and subscription status from Apple Pay
• Receipt verification data to validate your subscription
• Apple handles all payment processing; we do not store your credit card details or billing information

Provide Customer Support

If you reach out to us for support, we use your Information to respond to and resolve your queries and facilitate support. When doing so, we perform our contractual obligation towards you. The Information we process includes:

• Your email address and any contact information you provide
• Account information necessary to identify and assist you
• Any information you choose to share when describing your issue

Improve Our Services

It is in our legitimate interests to improve the Services for our users. When doing so, we process:

• Usage information such as feature interactions, app performance, and session data
• Device information such as device model, operating system version, and app version
• Crash reports and error logs to identify and fix technical issues

We do not:

• Use your task content or personal data for advertising purposes
• Sell or share your information with third parties for marketing
• Use your data to train artificial intelligence or machine learning models
• Share your Information with analytics companies

Ensure Security and Prevent Fraud

It is in our legitimate interest to protect the integrity of our Services and your account. When doing so, we process:

• Account activity and login information to detect unauthorized access
• Device identifiers to identify suspicious behavior
• Usage patterns to prevent fraud and abuse
• Information relevant to enforcing our terms and policies

Comply With Legal Obligations

We may use your Information to:

• Comply with applicable laws and regulations
• Respond to valid legal requests from authorities
• Defend ourselves against legal claims or disputes
• Protect our rights, property, or safety, and that of our users

What We Do Not Do

To be clear about our privacy practices, we explicitly do not:

• Send marketing emails or promotional notifications
• Conduct surveys or research studies
• Use cookies or tracking technologies for advertising
• Share your task content with anyone
• Analyze your personal data for purposes other than providing and improving the Services
• Retain your data after you delete your account

ZapTodo uses the following third-party services to operate. These services may collect and process your Information according to their own privacy policies.

Authentication Services Apple Sign-In

We use Apple Sign-In to provide secure account creation and login:

• Collects your name, email address, and optionally your profile picture
• Provides secure authentication without requiring us to store passwords
• Processes authentication according to Apple's privacy standards
• You control what information is shared through your Apple ID settings

Google Sign-In

We use Google Sign-In as an alternative authentication method:

• Collects your name, email address, and profile picture
• Provides secure authentication without requiring us to store passwords
• Processes authentication according to Google's privacy standards
• You control what information is shared through your Google account settings

Payment Processing Services Apple Pay

We use Apple Pay exclusively for processing premium subscription payments:

• Handles all payment processing and billing
• Collects and processes your payment information securely
• We receive only transaction verification, subscription status, and receipt information
• We do not store or have access to your credit card details, billing address, or other payment information
• All payment data is processed according to Apple's privacy policy and payment security standards

Cloud Infrastructure Services

We use secure cloud-based infrastructure to store and sync your data:

• Stores your account information, tasks, and app data
• Enables real-time sync across your iOS devices
• Provides secure data storage with encryption
• Processes data on our behalf according to our instructions
• Complies with applicable data protection regulations including GDPR

Third-Party Privacy Policies

We recommend reviewing the privacy policies of these third-party services to understand how they handle your Information:

• Apple Privacy Policy: https://www.apple.com/legal/privacy/
• Google Privacy Policy: https://policies.google.com/privacy

Please note that we are not responsible for the privacy practices of these third-party services. Their processing of your Information is governed by their respective privacy policies.

We take data security seriously and implement appropriate technical and organizational measures to protect your Information against unauthorized access, alteration, disclosure, or destruction.

Security Measures We Implement Authentication Security

We use industry-standard authentication methods to protect your account:

• Secure authentication through Apple Sign-In and Google Sign-In
• No password storage on our servers
• Token-based authentication for secure access
• Session management to prevent unauthorized access

Data Encryption

We protect your data during transmission and storage:

• Encrypted data transmission between your device and our servers using HTTPS/TLS protocols
• Secure cloud-based storage infrastructure with encryption at rest
• End-to-end encryption for sensitive data synchronization
• Encrypted backups to prevent data loss

Access Controls

We implement strict access controls to protect your Information:

• Limited access to user data on a need-to-know basis
• Authentication and authorization mechanisms
• Regular security audits and monitoring
• Automated threat detection and prevention

Infrastructure Security

Our cloud infrastructure providers maintain high security standards:

• GDPR-compliant data processing
• SOC 2 Type 2 certified infrastructure
• Regular security updates and patches
• DDoS protection and firewall systems
• Redundant systems to ensure availability

Security Limitations

While we implement robust security measures, please note:

• No method of transmission over the internet is 100% secure
• No electronic storage system is completely impenetrable
• We cannot guarantee absolute security of your Information
• You are responsible for maintaining the security of your Apple or Google account credentials

Security Incident Response

In the event of a security breach:

• We will investigate the incident promptly
• We will notify affected users in accordance with applicable laws
• We will take steps to remediate the breach and prevent future incidents
• We will cooperate with relevant authorities as required

If you believe your account has been compromised or you notice any suspicious activity, please contact us immediately at privacy@zaptodo.com

We value your privacy and are committed to minimizing data sharing. This section explains when and how we may share your Information with third parties.

What We Do Not Do

We want to be clear about our privacy practices. We explicitly do not:

• Sell your personal information to third parties
• Rent or lease your Information to anyone
• Share your Information for marketing purposes
• Provide your task content to third parties
• Share your data with advertising networks
• Disclose your Information to data brokers

When We Share Your Information

We only share your Information in the following limited circumstances:

Service Providers

We share Information with trusted third-party service providers who help us operate the app:

• Cloud infrastructure providers for data storage and synchronization
• Authentication services (Apple Sign-In, Google Sign-In) for account access
• Payment processors (Apple Pay) for subscription management
• These providers process data on our behalf and are contractually obligated to protect your Information
• They may only use your Information to provide services to us, not for their own purposes

Legal Requirements

We may disclose your Information when required by law:

• To comply with valid legal processes (subpoenas, court orders, warrants)
• To respond to lawful requests from government authorities
• To comply with applicable laws and regulations
• We will notify you of such requests unless prohibited by law

Protection of Rights

We may share Information to protect our legitimate interests:

• To enforce our Terms of Service and other policies
• To detect, prevent, or address fraud and security issues
• To protect against legal liability
• To protect the rights, property, or safety of ZapTodo, our users, or the public

With Your Consent

We may share your Information with third parties when you explicitly consent:

• When you authorize us to share specific Information
• When you choose to connect third-party services (future feature)
• You can withdraw your consent at any time

Business Transfers

In the event of a business transaction:

• If ZapTodo is acquired, merged, or sold, your Information may be transferred to the new owner
• We will notify you before your Information is transferred and becomes subject to a different privacy policy
• You will have the option to delete your account before such a transfer

Anonymized and Aggregated Data

We may share anonymized or aggregated data that cannot identify you:

• Statistical information about app usage
• Aggregated analytics that do not contain personal identifiers
• This data cannot be used to identify individual users

No Collaboration Features (Currently)

Important: ZapTodo is currently designed for individual use only:

• We do not support sharing tasks or collaborating with other users
• All your data remains private to your account
• Your tasks and projects are never visible to other users
• If we introduce collaboration features in the future, we will update this policy and notify you

You have certain rights regarding your personal Information under applicable privacy laws. We are committed to helping you exercise these rights easily and transparently.

Your Privacy Rights Right to Access

You have the right to access all your Information:

• View all your account information directly within the ZapTodo app
• Access your tasks, projects, and all user-generated content
• Review your account settings and preferences
• Check your subscription status and payment history
• No request needed—all your Information is available in the app at any time

Right to Correction

You have the right to correct inaccurate or incomplete Information:

• Update your name in the app settings
• Change your profile picture
• Modify your tasks and projects at any time
• Note: Email address changes must be done through your Apple ID or Google account settings

Right to Deletion

You have the right to delete your account and all associated Information:

• Delete your account at any time through the app settings
• Upon deletion, all your personal Information is immediately removed
• Your task data is permanently deleted from our systems
• We do not retain backup copies of deleted user data
• This deletion is permanent and cannot be reversed
• You will need to create a new account if you wish to use ZapTodo again

Right to Data Portability

You have the right to export your Information:

• Export your tasks and data from within the app
• Receive your data in a structured, commonly used format
• Transfer your data to another service if desired
• Export includes all your tasks, projects, and related content

Right to Restrict Processing

You can limit how we process your Information:

• Revoke ZapTodo's access to your Apple or Google account through your account settings
• Disconnect your devices to stop data synchronization
• Delete your account to stop all processing of your Information

Right to Object

You have the right to object to certain processing:

• You can object to our processing by deleting your account
• You can contact us with specific concerns about data processing
• We will respond to your objection and take appropriate action

Right to Withdraw Consent

Where we process your Information based on consent:

• You can withdraw consent at any time by deleting your account
• Withdrawal does not affect the lawfulness of processing before withdrawal
• You can manage authentication permissions through your Apple ID or Google account settings

Right to Lodge a Complaint

If you believe we have not handled your Information properly:

• Contact us first at privacy@zaptodo.com to resolve the issue
• You have the right to lodge a complaint with your local data protection authority
• For EU users: You can contact your local supervisory authority
• We will cooperate with authorities to resolve any complaints

How to Exercise Your Rights

Most rights can be exercised directly within the ZapTodo app. For assistance or questions about your rights:

• Email us at privacy@zaptodo.com
• Include your account email address
• Describe which right you wish to exercise
• We will respond within 30 days (or as required by applicable law)
• We may need to verify your identity before processing certain requests

There is no fee for exercising your rights, unless your request is clearly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

We retain your Information only for as long as necessary to provide you with the Services and fulfill the purposes described in this Policy.

Active Accounts

While your account is active, we retain:

• Your registration information (name, email, profile picture)
• All your task and project data
• Device information and sync data
• Usage information and performance metrics
• Payment and subscription information

We retain this Information to:

• Provide you with continuous access to the Services
• Sync your data across devices
• Maintain your subscription status
• Provide customer support when needed

Account Deletion

When you delete your account through the app settings:

• All your personal Information is immediately deleted from our production systems
• Your task data is permanently removed
• Your account Information is erased
• Device associations are terminated
• Subscription information is removed (subscription may remain active with Apple until expiration)

No Backup Retention

We follow a strict deletion policy:

• We do not keep backup copies of deleted user data
• Deletion is immediate and permanent
• This action cannot be reversed
• You will need to create a new account if you wish to use ZapTodo again

Legal Retention

In limited circumstances, we may retain certain Information:

• When required by law to retain transaction records
• To comply with tax and accounting obligations
• To resolve disputes or enforce our agreements
• Such retention is limited to the minimum required by law

Automatic Deletion

We may automatically delete inactive accounts:

• If an account remains inactive for an extended period (we will notify you first)
• If required by applicable data protection laws
• You will receive advance notice before any automatic deletion

Third-Party Retention

Please note:

• Third-party services (Apple, Google) may retain Information according to their own policies
• Payment information retained by Apple is subject to Apple's retention policies
• Authentication data is controlled by Apple and Google's respective policies
• We do not control third-party retention periods

We are committed to protecting the privacy of children and complying with the Children's Online Privacy Protection Act (COPPA) and other applicable laws.

Age Requirement

ZapTodo is intended for users who are at least 13 years of age:

• Users must be 13 years or older to create an account
• We do not knowingly collect personal Information from children under 13
• We do not direct the Services to children under 13
• We do not knowingly allow children under 13 to use the Services

No Collection from Children

We do not knowingly collect, use, or disclose personal Information from children under 13:

• We do not request Information from children
• We do not use age screening mechanisms as authentication is handled by Apple and Google
• Parents/guardians are responsible for monitoring their children's use of devices
• Apple and Google's authentication services have their own age requirements

Parental Rights

If you are a parent or guardian and believe your child has provided us with personal Information:

• Contact us immediately at privacy@zaptodo.com
• Provide the child's account information
• We will verify the relationship
• We will promptly delete the child's account and all associated Information

Discovery and Deletion

If we discover that we have collected Information from a child under 13:

• We will delete that Information immediately
• We will terminate the account
• We will not use or disclose the Information
• We will take steps to prevent future collection

Teen Users (13-17)

For users between 13 and 17 years of age:

• We encourage parents/guardians to monitor their teen's online activities
• Teens should obtain parental consent before using the Services
• Parents can request deletion of their teen's account by contacting us
• The same privacy protections apply to teen users as adult users

If you have questions about children's privacy or our practices, please contact us at privacy@zaptodo.com

ZapTodo is available globally to all iOS users. This section explains how we handle Information for users located in different regions and our compliance with international data protection laws.

Global Availability

The Services are accessible worldwide:

• Available in all regions where iOS devices are supported
• Your Information may be transferred to, stored, and processed in locations where our service providers operate
• This may include countries outside your country of residence
• We ensure appropriate safeguards are in place for international transfers

Data Transfers

Your Information may be transferred internationally:

• To cloud infrastructure providers for data storage and processing
• To authentication services operated by Apple and Google
• To payment processing services operated by Apple
• We use service providers that comply with applicable data protection regulations

European Economic Area (EEA) and United Kingdom Users

For users in the EEA, UK, and Switzerland, we comply with the General Data Protection Regulation (GDPR):

Legal Basis for Processing

We process your Information based on the following legal grounds:
• Consent: When you create an account and agree to this Policy
• Contractual Necessity: To provide the Services you requested
• Legitimate Interests: To improve our Services, ensure security, and prevent fraud
• Legal Obligations: To comply with applicable laws

Your GDPR Rights

You have additional rights under GDPR:
• Right to access your Information
• Right to rectification of inaccurate Information
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

Data Transfer Safeguards

When transferring data outside the EEA/UK:
• We use service providers that comply with GDPR
• Our providers implement appropriate technical and organizational measures
• We ensure adequate protection through contractual obligations
• We rely on approved transfer mechanisms

California Residents (CCPA)

For California residents, we comply with the California Consumer Privacy Act (CCPA):

• Right to know what Information we collect and how we use it
• Right to delete your Information
• Right to opt-out of sale of Information (we do not sell your Information)
• Right to non-discrimination for exercising your rights
• Contact us at privacy@zaptodo.com to exercise your CCPA rights

Other Regions

For users in other regions with data protection laws:

• We respect local privacy laws and regulations
• We provide the same privacy protections globally
• You have the rights described in this Policy regardless of location
• Contact us with questions about your local data protection rights

Data Protection Officer

For data protection inquiries:

• Email: privacy@zaptodo.com
• We will respond to your inquiry promptly
• We will work with you to address any concerns

If you have concerns about international data transfers or regional compliance, please contact us at privacy@zaptodo.com

We may update this privacy policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

Why We Update This Policy

We may update this Policy to:

• Reflect new features or functionality in the Services
• Comply with changes in applicable laws and regulations
• Improve clarity and transparency of our practices
• Address feedback from users or regulators
• Reflect changes in our data processing activities

How We Notify You of Changes

When we make changes to this Policy:

• We will update the "Last Updated" date at the top of this Policy
• For significant changes, we will notify you through the app with a prominent notice
• We may also send you an email notification if the changes materially affect your rights
• We will provide a summary of key changes when applicable

What Constitutes a Significant Change

Significant changes include:

• Changes to what Information we collect
• New ways we use or share your Information
• Changes to your rights or how to exercise them
• Changes to data retention periods
• Introduction of new third-party services that process your Information

Your Acceptance of Changes

By continuing to use ZapTodo after we post changes:

• You acknowledge that you have read the updated Policy
• You accept and agree to the updated Policy
• The new Policy will apply to all your Information, including data collected before the change

If You Disagree With Changes

If you do not agree with the updated Policy:

• You should stop using the Services
• You may delete your account through the app settings
• Contact us at privacy@zaptodo.com if you have concerns about specific changes
• We will work with you to address your concerns where possible

Reviewing This Policy

We encourage you to:

• Review this Policy periodically to stay informed
• Check the "Last Updated" date to see when it was last modified
• Contact us with any questions about changes
• Bookmark this page for easy reference

Previous Versions

Upon request:

• We can provide you with previous versions of this Policy
• Contact privacy@zaptodo.com to request historical versions
• We maintain records of material changes

We are committed to addressing your privacy concerns and questions. If you have any inquiries about this Policy or how we handle your Information, we encourage you to reach out.

Contact Information

You can contact us regarding privacy matters:

Email: privacy@zaptodo.com

What You Can Contact Us About

Feel free to reach out regarding:

• Questions about this Privacy Policy
• Requests to exercise your privacy rights (access, deletion, correction, export)
• Concerns about how your Information is being used
• Reports of potential privacy or security issues
• Questions about data retention or deletion
• Complaints about our privacy practices
• Questions about third-party services we use
• Requests for clarification on any section of this Policy

What to Include in Your Message

To help us respond efficiently, please include:

• Your account email address (if applicable)
• A clear description of your question or concern
• Any relevant details or context
• Which privacy right you wish to exercise (if applicable)
• Your preferred method and language for our response

Our Response Time

We are committed to responding promptly:

• We will acknowledge receipt of your message within 48 hours
• We aim to provide a full response within 30 days
• For complex requests, we may need additional time and will keep you informed
• We will notify you if we need additional information to process your request

Identity Verification

For your security:

• We may need to verify your identity before responding to certain requests
• We will ask for information to confirm you are the account holder
• This protects your Information from unauthorized access
• We will explain what verification is needed

Language Support

We primarily communicate in English:

• You may write to us in your preferred language
• We will do our best to respond appropriately
• Translation services may be used for non-English communications

Escalation

If you are not satisfied with our response:

• Let us know and we will review your concern again
• We are committed to resolving issues fairly
• You have the right to lodge a complaint with your local data protection authority

We value your privacy and your trust in ZapTodo. Thank you for taking the time to understand how we protect your Information.