Privacy Policy

Last updated: February 6, 2026

1. Introduction

Welcome to TodoAid ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and safeguard your information when you use our mobile application and web services (collectively, the "Service").

By using TodoAid, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, and password when you create an account
  • Profile Information: Age, preferences, and other optional profile details
  • User Content: Tasks, habits, plans, lists, daily notes, mood entries, and any other content you create or upload within the app
  • Communications: When you contact our support team, we collect your name, email, and message content

2.2 Automatically Collected Information

  • Device Information: Device type, model, operating system version, device identifiers, and mobile network information
  • Usage Data: App features used, time spent in app, completion rates, interaction patterns, and feature engagement
  • Technical Data: IP address, browser type, language preferences, time zone, and crash reports for debugging purposes
  • Location Data: We do not collect precise location data. General location may be inferred from IP address for regional service optimization

2.3 Information from Third Parties

If you choose to authenticate via third-party services (such as Apple Sign-In), we receive basic profile information as authorized by you, such as name and email address.

3. How We Use Your Information

We use the information we collect to:

Service Provision

  • Provide, operate, and maintain the TodoAid service
  • Sync your data across devices (when cloud features are enabled)
  • Send you notifications about your tasks, habits, and reminders
  • Process your premium subscription (if applicable)

Service Improvement

  • Analyze usage patterns to improve app functionality and user experience
  • Develop new features and services
  • Debug technical issues and fix errors
  • Conduct research and analytics

Communication

  • Respond to your comments, questions, and customer support requests
  • Send you technical notices, updates, and administrative messages
  • Send you marketing communications (with your consent, where required)

Safety and Security

  • Detect, prevent, and address fraud, abuse, and security issues
  • Verify accounts and activity
  • Comply with legal obligations

4. Data Storage and Security

4.1 Local Storage (Default)

Privacy-First Design:

By default, your todos, habits, notes, and other personal data are stored locally on your deviceusing SwiftData (iOS app) or browser local storage (web app). This means your data stays private on your device and is never sent to our servers unless you explicitly enable cloud sync features.

4.2 Cloud Sync (Optional)

If you create an account and enable cloud sync, your data is:

  • Encrypted in transit: All data transmitted between your device and our servers uses industry-standard TLS/SSL encryption
  • Securely stored: Data is stored on secure servers provided by our hosting partner with encryption at rest
  • Access controlled: Only you can access your data through authenticated API requests
  • Deletable: You can delete your cloud data at any time from the app settings

4.3 Security Measures

We implement industry-standard security measures including:

  • Password hashing using bcrypt
  • JWT-based authentication with secure token management
  • Regular security audits and updates
  • Secure server infrastructure with firewalls and monitoring
  • Regular backups to prevent data loss

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Sharing and Disclosure

Our Commitment:

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Your data is yours.

5.1 Service Providers

We may share limited data with trusted service providers who help us operate the Service:

  • Cloud Hosting: For database storage and server infrastructure
  • Analytics Services: For understanding app usage and improving features (aggregated data only)
  • Crash Reporting: For debugging and fixing technical issues
  • Email Services: For sending transactional emails and notifications
  • Payment Processors: For processing premium subscriptions (Apple, payment gateways)

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to:

  • Enforce our Terms of Service
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our users or others
  • Prevent fraud or security issues

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you via email or prominent notice in the app before your data is transferred and becomes subject to a different privacy policy.

6. Third-Party Services

TodoAid integrates with the following third-party services:

Apple Services

Push Notifications for task reminders, Sign in with Apple for authentication, and App Store for subscriptions.

Apple Privacy Policy →

RevenueCat (Subscription Management)

We use RevenueCat to manage in-app subscriptions and purchases. RevenueCat collects:

  • Anonymous user identifiers (to link your subscription across devices)
  • Purchase history and subscription status
  • Device information (type, OS version)

This data is used solely to provide and manage your subscription. RevenueCat does not have access to your personal data (tasks, habits, notes, etc.).

RevenueCat Privacy Policy →

Cloud Database Provider

For secure cloud data storage and synchronization when you enable cloud features.

These third-party services have their own privacy policies governing their collection and use of data. We encourage you to review them. We are not responsible for the privacy practices of these third parties.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you

Right to Correction

Update or correct inaccurate or incomplete information

Right to Deletion

Delete your account and all associated data (subject to legal retention requirements)

Right to Data Portability

Export your data in a machine-readable format (JSON)

Right to Opt-Out

Disable push notifications, marketing emails, or cloud sync at any time

Right to Object

Object to certain processing of your data, such as for marketing purposes

To Exercise Your Rights:

Contact us at dev.nasir.k@gmail.com. We will respond to your request within 30 days.

8. Children's Privacy

Age Requirement:

TodoAid is intended for users aged 13 years and older. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at dev.nasir.k@gmail.com. We will promptly delete such information from our systems.

Users between 13 and 18 should use the Service with the knowledge and consent of a parent or legal guardian.

9. International Data Transfers

TodoAid operates globally, and your information may be stored and processed in countries other than your own, including servers located in various regions. These countries may have data protection laws that differ from your jurisdiction.

We ensure that appropriate safeguards are in place to protect your data in accordance with this privacy policy and applicable laws, including:

  • Standard contractual clauses approved by regulatory authorities
  • Encryption in transit and at rest
  • Regular security assessments of our service providers

10. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

Account Data

Retained while your account is active or as needed to provide services

User Content

Retained until you delete it or close your account

Technical and Usage Data

Retained for up to 24 months for analytics and service improvement

Legal and Financial Records

Retained as required by law (e.g., tax records for 7 years)

When you delete your account, we will delete your personal data within 30 days, except where we are legally required to retain it. Backups may persist for an additional 30 days but are not accessible for normal operations.

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will update the "Last updated" date at the top of this page
  • For significant changes, we will notify you via email or in-app notification
  • We will post the new policy on our website and in the app

Your continued use of TodoAid after the effective date of changes constitutes your acceptance of the updated policy. If you do not agree with the changes, please stop using the Service and delete your account.

12. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

Response Time

We aim to respond to all inquiries within 48 hours

By using TodoAid, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service. If you do not agree with these terms, please do not use the Service.