Privacy Policy

Introduction

BetterList ("we," "our," or "the app") is committed to protecting your privacy. This Privacy Policy explains how we handle information when you use our iOS application and related services.

Our Privacy Architecture

BetterList is designed with a privacy-first architecture. We balance the convenience of cloud features with strict safeguards for your data.

• Private Lists: Stay exclusively on your device. We cannot see them, and they are never uploaded to our servers.
• Shared Lists: Sync through our secure backend (Supabase) for collaboration. Access is strictly limited to list members via Row-Level Security (RLS).
• Zero Plaintext Logging: Our servers never log the content of your checklist items in analytics or error reports.
• Sign in with Apple: We use Apple's secure authentication—no separate passwords to manage or breach.

Information We Collect

Account Information

When you sign in with Apple, we receive and store:

• Your email address (or Apple's private relay email if you choose "Hide My Email")
• Your name (first and last, if provided)
• A unique Apple user identifier

This information is used to manage your account, subscription status, and enable collaboration features.

Shared List Data

When you share a list with collaborators, we store:

• List names, descriptions, and settings (color, icon)
• Checklist items (titles, completion status, categories, order)
• Collaborator membership information

Push Notification Tokens

If you enable push notifications, we store your device token to send notifications about shared list activity. You can disable notifications at any time in iOS Settings.

Data We DO NOT Collect

• Private (non-shared) lists—these never leave your device
• Location data
• Device identifiers for tracking or advertising
• Analytics or usage statistics
• Contacts or calendar data

AI Features

When you use AI-powered features ("From Photo," "Voice to List," or "Tidy Up"), data is sent to our secure API and processed through OpenAI:

What is Sent

• Photos you explicitly choose to convert to lists (temporary processing only)
• Voice recordings for transcription (temporary processing only)
• Text from your checklist items for AI organization

What Happens to This Data

• Data is transmitted securely over HTTPS
• Processing is immediate and temporary—no permanent storage on our servers
• We have configured our OpenAI integration to not retain data for model training

Learn more about OpenAI's privacy practices at openai.com/privacy

Permissions Required

Camera Access

Used only when you tap "From Photo" → "Camera" to create lists from images. You can deny this permission and still use all other features.

Photo Library Access

Used only when you tap "From Photo" → "Upload Photo" to select existing photos. You can deny this permission and still use all other features.

Microphone Access

Used only when you use "Voice to List" to dictate checklist items. You can deny this permission and still use all other features.

Push Notifications

Used to notify you about shared list activity (new lists shared with you, items completed by collaborators). Completely optional.

Data Security

• All API communications use secure HTTPS connections
• Database access is protected by Row-Level Security (RLS)—you can only access your own data and lists you're a member of
• Sign in with Apple means no passwords to breach
• Your device security (passcode, Face ID, Touch ID) protects local data
• We use Supabase's secure infrastructure for data storage

Third-Party Services

Services We Use

• Supabase: Authentication and secure database for shared lists
• OpenAI: AI processing for photo-to-list, voice-to-list, and tidy up features
• Apple Push Notification service (APNs): Push notifications
• Vercel: API hosting

Services We DO NOT Use

• Analytics services (no Google Analytics, Mixpanel, etc.)
• Advertising networks
• Social media integrations
• Crash reporting that collects personal data

Your Rights and Choices

Account Deletion

You can delete your account at any time from the Account tab in the app. This will permanently delete:

• Your account and profile information
• All shared lists you own
• Your membership in others' shared lists
• Your push notification tokens

Note: Private (non-shared) lists are stored only on your device—delete the app to remove them.

Subscription Cancellation

Subscriptions are managed through Apple. Account deletion does not automatically cancel your subscription—you must cancel separately through your Apple ID settings.

Opt-Out of AI Features

Simply don't use "From Photo," "Voice to List," or "Tidy Up" features. All other functionality works without any AI data transmission.

Disable Push Notifications

Go to iOS Settings → BetterList → Notifications and toggle off.

Data Retention

• On Your Device: Private lists persist until you delete the app
• In Our Database: Account and shared list data persist until you delete your account
• AI Processing: No data retained—all requests are processed immediately and discarded

Children's Privacy

BetterList is rated 4+ and is safe for all ages. We do not knowingly collect information from children under 13. The app requires Sign in with Apple for premium features, which requires users to have an Apple ID.

Your Legal Rights

California Privacy Rights (CCPA)

California residents have the right to know what personal information is collected, request deletion, and opt-out of sale. We do not sell personal information.

European Privacy Rights (GDPR)

EU residents have rights to access, rectification, erasure, and data portability. Delete your account in the app to exercise your right to erasure.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last Updated" date. Significant changes will be announced through App Store update notes.

Summary (TL;DR)

• Private lists: Never leave your device
• Shared lists: Stored securely with access limited to collaborators only
• AI features: Temporary processing, no retention
• We don't: Sell data, show ads, or track you
• Your control: Delete your account anytime to remove all server-side data