Privacy Policy for List & Logs

1. Introduction

Welcome to List & Logs ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information.

This Privacy Policy explains how List & Logs, operated by Tharindu Athapaththu ("Developer"), collects, uses, shares, and protects information when you use our mobile application (the "App"). By using List & Logs, you agree to the practices described in this Privacy Policy.

2. What List & Logs Does

List & Logs is a smart shopping tracker that helps you plan, track, and analyze your purchases by distinguishing between required and non-required spending in real-time. The App allows you to:

• Create and manage shopping lists
• Log actual spending during checkout
• Track your expenses and identify savings opportunities
• Visualize spending patterns through detailed analytics
• Back up your data to your personal cloud storage (Google Drive or iCloud)

By turning everyday shopping into measurable insights, List & Logs empowers you to spend mindfully and save more over time.

3. Age Restrictions

If we discover that we have collected personal information from a child under 13, we will delete that information immediately. If you believe we have collected information from a child under 13, please contact us at tharinduathapaththuhewage@gmail.com.

Compliance:

• COPPA (Children's Online Privacy Protection Act): We comply with U.S. COPPA requirements.
• EU Users: If you are under 16 and located in the European Union, parental consent may be required.

4. Information We Collect

4.1 Information You Provide Directly

During Registration:

• First name
• Last name
• Email address
• Password (encrypted and securely stored via Firebase Authentication)
• Profile picture (optional)

During App Usage:

• Shopping list names and purposes
• Item names, quantities, units, and estimated costs
• Actual purchase prices and quantities
• Store/location names (entered manually as text)
• Currency preferences
• List reminders and scheduling information
• Settings and preferences (theme, font size, notification preferences)

4.2 Information Collected Automatically

Device & Technical Information:

• Device model and manufacturer
• Operating system version (Android/iOS)
• App version
• Device identifiers for push notifications (FCM token)
• IP address (automatically collected by Firebase and Google AdMob)

Usage Data:

• App opens and screen views
• Time spent in the app
• App usage patterns (navigation, feature usage)
• Crash reports and error logs (via Firebase Crashlytics)

Advertising Data (Google AdMob):

• Advertising ID (GAID for Android, IDFA for iOS)
• Ad impressions, clicks, and interactions
• Approximate location (derived from IP address, not GPS)
• Device characteristics (screen size, orientation)

4.3 Information from Third-Party Sign-In

When you sign in using Google Sign-In or Apple Sign-In, we receive:

• Your email address
• Your name (if provided by the service)

We do not receive your password from third-party authentication providers.

4.4 Information We Do NOT Collect

We do not collect:

• Phone numbers
• Date of birth or age (beyond 13+ verification)
• Gender
• Precise GPS location (we only collect store names you manually enter)
• Payment information or credit card details
• Financial account information

5. How We Use Your Information

5.1 Core App Functions

• Authentication: To create and manage your account, verify your identity, and provide secure login.
• Shopping Lists: To create, store, and manage your shopping lists, items, and purchase data.
• Analytics & Reports: To calculate your spending patterns, savings, and required vs. non-required analysis.
• Backup & Sync: To back up your data to your personal Google Drive or iCloud account.
• Notifications: To send list reminders, app update alerts, and report insights.

5.2 App Improvement

• Analytics: To understand how users interact with the App and improve features.
• Crash Reporting: To identify and fix technical issues and bugs.
• Performance Monitoring: To optimize app speed and reliability.

5.3 Advertising

• Personalized Ads: To show you relevant advertisements based on your interests and behavior (via Google AdMob).
• Ad Performance: To measure ad effectiveness and optimize ad delivery.

5.4 Security & Compliance

• Rate Limiting: To prevent abuse (e.g., limiting OTP requests, login attempts).
• Fraud Prevention: To detect and prevent fraudulent activity.
• Legal Compliance: To comply with applicable laws and regulations.

5.5 Communications

• Transactional Messages: To send essential notifications (e.g., password resets, account changes).
• Marketing Messages: To send promotional push notifications about new features or offers (you can opt out).

6. How We Share Your Information

We do not sell your personal information to third parties. However, we share your information with the following service providers to operate the App:

6.1 Google Services (Firebase)

We use Firebase (a Google service) for:

• Firebase Authentication: User login and account management
• Cloud Firestore: Storing user profiles (name, email, authentication tokens)
• Firebase Analytics: Tracking app usage and user behavior
• Firebase Crashlytics: Collecting crash reports and error logs
• Firebase Cloud Messaging (FCM): Sending push notifications

Data Shared with Firebase:

• User profile data (name, email)
• Authentication tokens
• Device information
• App usage data
• Crash logs

Firebase Privacy Policy: https://firebase.google.com/support/privacy

6.2 Google AdMob (Advertising)

We use Google AdMob to display advertisements in the App. AdMob collects and processes data to serve personalized ads.

Data Shared with AdMob:

• Advertising ID (GAID/IDFA)
• Device information (model, OS, screen size)
• IP address (for approximate location)
• Ad interaction data (impressions, clicks)
• App usage data

Ad Types:

• Banner ads
• Interstitial ads (full-screen)
• Native ads (blended with content)

Personalized Ads: By default, we show personalized ads. You can opt out of personalized advertising:

• Android: Settings → Google → Ads → Opt out of Ads Personalization
• iOS: Settings → Privacy → Tracking → Disable "Allow Apps to Request to Track"

Google AdMob Privacy Policy: https://policies.google.com/privacy
Opt-Out of Personalized Ads: https://adssettings.google.com

6.3 Cloud Backup Services

Google Drive (Android):

• You can manually back up your app data to your personal Google Drive.
• We do not access your other Google Drive files—only the backup data created by List & Logs.

iCloud (iOS - Future):

• You can manually back up your app data to your personal iCloud account.
• We do not access your other iCloud files—only the backup data created by List & Logs.

Important: Your backup data is stored in your own cloud account. We do not have access to your cloud storage.

6.4 Third-Party Advertising Partners

Google AdMob may work with additional advertising partners to serve ads. These partners may collect data about your device and app usage. For a list of Google's advertising partners, visit:
https://support.google.com/admob/answer/9012903

6.5 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders or legal processes
• Government or regulatory requests
• Protection of our legal rights or safety
• Prevention of fraud or illegal activity

7. Data Storage and Security

7.1 Where Your Data is Stored

Local Storage (On Your Device):

• Shopping lists, items, and purchase history
• Settings and preferences
• Reports and analytics data
• Profile picture

Firebase (Cloud Firestore - United States):

• User profile (name, email)
• Authentication tokens
• Firebase servers are located in: nam5 (United States, Multi-region)

Your Personal Cloud Storage:

• Google Drive (Android) or iCloud (iOS) for backups
• Stored in your own account—we do not have access

7.2 Data Security Measures

We take reasonable measures to protect your information:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/SSL.
• Firebase Authentication: Passwords are securely hashed and never stored in plain text.
• Access Controls: Only authorized personnel and services can access user data.
• Regular Security Audits: We monitor for vulnerabilities and security threats.

However, no system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. Use List & Logs at your own risk.

8. Data Retention

8.1 Active Accounts

We retain your information as long as your account is active or as needed to provide you with the App's services.

8.2 Account Deletion

You can delete your account at any time through the App's settings. Upon deletion:

• Your user profile and authentication tokens will be immediately deleted from Firebase.
• Your local data (shopping lists, items, etc.) will be immediately deleted from your device.
• Backup data in your Google Drive or iCloud will remain until you manually delete it from your own cloud storage.

Note: Some aggregated, anonymized analytics data may be retained for statistical purposes, but it will not identify you personally.

8.3 Inactive Accounts

If you do not use the App for an extended period (e.g., 2+ years), we may delete your account and associated data. We will attempt to notify you before deletion.

9. Your Privacy Rights

Depending on your location, you may have the following rights:

9.1 Access & Portability

• Access: You can view your data at any time through the App's interface.
• Export: You can export your data using the backup feature (Google Drive/iCloud).

9.2 Correction & Update

You can update your profile information (name, email, profile picture) in the App's settings.

9.3 Deletion

• You can delete your account and all associated data through the App's settings.
• Note: Backup data in your personal cloud storage must be deleted manually by you.

9.4 Opt-Out Rights

Marketing Notifications:

• You can opt out of promotional push notifications in the App's settings.

Personalized Ads:

• Android: Settings → Google → Ads → Opt out of Ads Personalization
• iOS: Settings → Privacy → Tracking → Disable tracking

Analytics (Limited):

• You cannot fully opt out of Firebase Analytics, as it is essential for app functionality. However, data is anonymized and aggregated.

9.5 EU/EEA Users (GDPR)

If you are in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request a copy of your personal data.
• Right to Rectification: Correct inaccurate data.
• Right to Erasure ("Right to be Forgotten"): Delete your data.
• Right to Restrict Processing: Limit how we use your data.
• Right to Data Portability: Receive your data in a portable format.
• Right to Object: Object to certain data processing activities (e.g., marketing).
• Right to Withdraw Consent: Withdraw consent for personalized ads.

To exercise these rights, contact us at: tharinduathapaththuhewage@gmail.com

9.6 California Users (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Know what personal information we collect and how it's used.
• Right to Delete: Request deletion of your personal information.
• Right to Opt-Out: Opt out of the sale of personal information (Note: We do not sell your data).
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

To exercise these rights, contact us at: tharinduathapaththuhewage@gmail.com

10. Cookies and Tracking Technologies

List & Logs does not use cookies in the traditional web sense. However, third-party services like Firebase and Google AdMob may use similar tracking technologies (e.g., SDKs, device identifiers) to collect data.

Advertising ID:

• Google AdMob uses your Advertising ID to track ad interactions and deliver personalized ads.
• You can reset or opt out of personalized ads using your device settings (see Section 9.4).

11. Third-Party Links

The App may contain links to third-party websites or services (e.g., privacy policy generators, Firebase documentation). We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing any information.

12. International Data Transfers

List & Logs is operated from Sri Lanka, but we use services (Firebase, Google AdMob) that store data in the United States. By using the App, you consent to the transfer of your information to the United States and other countries where our service providers operate.

EU/EEA Users: Firebase complies with GDPR and uses Standard Contractual Clauses (SCCs) for international data transfers.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new features. When we make changes, we will:

1. Update the "Last Updated" date at the top of this policy.
2. Notify you through:
   • An in-app notification
   • App update notes (Google Play Store / Apple App Store)
   • A notice on our website (www.tharinduathapaththu.com)

Continued use of the App after changes constitutes your acceptance of the updated Privacy Policy.

For significant changes (e.g., new data collection practices), we may require your explicit consent before the changes take effect.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

We will respond to your inquiry within 30 days (or sooner as required by applicable law).

15. Compliance Summary

This Privacy Policy complies with:

• ✅ GDPR (General Data Protection Regulation) - EU/EEA users
• ✅ COPPA (Children's Online Privacy Protection Act) - U.S. users under 13 (minimum age: 13+)
• ✅ CCPA (California Consumer Privacy Act) - California residents
• ✅ Google Play Store data disclosure requirements
• ✅ Apple App Store privacy requirements (when applicable)
• ✅ Google AdMob advertising policies
• ✅ Firebase data processing requirements

16. Data We Collect - Summary Table

Category	Data Collected	Purpose	Legal Basis
Account Info	Name, email, password, profile picture	Account creation & authentication	Contract performance
Shopping Data	Lists, items, prices, stores, spending	Core app functionality	Contract performance
Device Info	Device model, OS, app version, IP address	App operation, analytics, advertising	Legitimate interest
Usage Data	Screen views, app opens, feature usage	Analytics, app improvement	Legitimate interest
Advertising Data	Advertising ID, ad interactions	Personalized ads (with consent)	Consent (EU), Legitimate interest (non-EU)
Crash Data	Error logs, stack traces	Bug fixing, stability	Legitimate interest
Notifications	FCM tokens, reminder preferences	Push notifications	Contract performance

17. Google AdMob - Additional Disclosures

17.1 Google's Advertising Partners

Google AdMob may share your data with its advertising partners. For a full list, visit:
https://support.google.com/admob/answer/9012903

17.2 Personalized Ads & User Consent

Non-EU Users: Personalized ads are enabled by default. You can opt out via device settings.

EU/EEA Users: We will display a consent dialog when you first use the App. You can:

• Accept: Receive personalized ads
• Decline: Receive non-personalized ads only

You can change your consent preference at any time in the App's settings or via your device's ad settings.

17.3 Children and Advertising

We do not show personalized ads to users under 13. All ads shown to users aged 13-15 are non-personalized and comply with COPPA.

17.4 Advertising ID & Opt-Out

What is an Advertising ID?

• A unique, user-resettable ID for advertising purposes.
• Android: Google Advertising ID (GAID)
• iOS: Identifier for Advertisers (IDFA)

How to Opt Out or Reset:

• Android: Settings → Google → Ads → Reset advertising ID or Opt out of Ads Personalization
• iOS: Settings → Privacy → Tracking → Disable "Allow Apps to Request to Track"

18. EU/EEA Consent for Personalized Ads

If you are located in the EU or EEA, we will ask for your consent before enabling personalized advertising. The consent dialog will include:

• Clear explanation of personalized ads
• Link to this Privacy Policy
• Link to Google's Privacy Policy
• Option to accept or decline
• Ability to change your choice later

Legal Basis: Consent (GDPR Article 6(1)(a))

19. Data Protection Officer (DPO)

As of now, we do not have a designated Data Protection Officer (DPO). For all privacy-related inquiries, please contact:

If we are required to appoint a DPO under GDPR or other regulations, we will update this Privacy Policy with the DPO's contact information.

20. Your Consent

By using List & Logs, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and sharing of your information as described herein.

For EU/EEA Users: You will be asked to provide explicit consent for:

• Personalized advertising (optional)
• Non-essential data processing (if applicable)

You can withdraw your consent at any time by contacting us or adjusting your settings in the App.

---

Thank you for using List & Logs! We are committed to protecting your privacy and providing a transparent, secure experience.