In short: We collect only what is necessary to deliver and improve our Apps. We never sell your personal data. You retain full control of your information, including the right to access, export, correct, and delete it at any time.
1. Introduction
INNOVASFT PTE. LTD. ("INNOVASFT," "we," "us," or "our") is a company registered in Singapore. We develop and publish premium mobile applications (our "Apps") distributed through the Apple App Store and other platforms worldwide.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Apps or our website. It applies to all users globally, including those in regions governed by the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), Singapore's Personal Data Protection Act (PDPA), and all other applicable privacy laws in jurisdictions where our Apps are available.
By using our Apps or website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of our services.
2. Information We Collect
2.1 Information You Provide Directly
- Account Identifiers: When you sign in with Apple or Google, we receive your authentication user ID (UID) and, optionally, the email address you choose to share. If you use Apple's Hide My Email, we only see the relay address — never your real email.
- Display Name: The name you optionally enter or share after signing in.
- User Content: Titles, items, notes, icons, colors, completion status, and timestamps you create inside our Apps.
- Communications: When you contact support, we collect your email address and the content of your correspondence.
- Feedback: Responses you voluntarily provide in surveys, reviews, or feedback forms.
2.2 Information Collected Automatically
- Device Information: Device model, operating system version, language settings, and time zone — used to diagnose crashes and deliver the correct experience.
- Anonymous Usage Events: Aggregate events such as "list created" or "list completed" to understand feature adoption. We do not log the contents of your items.
- Crash Reports: When our Apps encounter an error, we collect a stack trace and device metadata to fix the problem.
- Subscription Receipts: If you purchase a premium subscription, Apple provides us with a receipt we use to verify your entitlement.
2.3 Information from Third-Party Sources
- Sign in with Apple: If you choose Apple Sign-In, we receive only the information you authorize (name and/or email). We fully support Apple's Hide My Email feature.
- Google Identity Services: If you choose Google Sign-In, we receive your basic profile (UID and email) as authorized by Google.
2.4 Information We Do Not Collect
We do not collect, access, or store the following unless explicitly required by a specific App and disclosed in its App Store listing:
- Precise geolocation data
- Contacts, calendar, or address book data
- Photos, camera, or microphone data (unless a core feature requires it, in which case we obtain explicit permission)
- Health, fitness, or biometric data
- Financial or payment card information (payments are processed entirely by Apple)
- Cross-app or cross-website tracking data. We do not use third-party advertising SDKs.
3. How We Use Your Data
We use the collected data for the following purposes:
| Purpose | Data Used |
|---|---|
| Authenticate you | UID, email (optional) |
| Sync your content across your devices | UID, user content |
| Link a new device via a short code | UID, short-lived 6-digit code (3-minute TTL, auto-deleted) |
| Verify premium subscription entitlement | Apple subscription receipt |
| Improve our Apps | Anonymous usage events, device model, iOS version |
| Diagnose crashes and stability issues | Stack trace, device metadata |
| Reply to support requests | Email address (if you contact us) |
| Ensure security & prevent fraud | Device info, IP address, usage patterns |
We do not use your data for behavioral advertising, cross-app profiling, or automated decisions that produce legal effects on you.
4. Legal Bases for Processing
Where applicable (e.g., under GDPR), we process your personal data based on the following legal grounds:
- Contractual Necessity: To provide the services you request when using our Apps.
- Legitimate Interests: To improve our Apps, ensure security, and communicate service updates — balanced against your rights and freedoms.
- Consent: For optional data processing such as analytics or push notifications. You may withdraw consent at any time.
- Legal Obligation: To comply with applicable laws, regulations, or lawful requests.
5. Data Sharing & Disclosure
We do not sell, rent, or trade your personal data to third parties.
We may share your data only in the following limited circumstances:
- Service Providers: Trusted vendors who help us operate our Apps (e.g., cloud hosting, authentication, crash reporting). These providers are contractually obligated to protect your data and process it only on our behalf.
- Legal Requirements: When required by law, subpoena, or governmental request, or to protect the rights, property, or safety of INNOVASFT, our users, or the public.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you before your data becomes subject to a different privacy policy.
6. Third-Party Services
Our Apps integrate the following third-party services. Each has its own privacy policy:
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Apple | Sign in with Apple, StoreKit (in-app purchases), push notifications | apple.com/legal/privacy |
| Google Identity Services | Google Sign-In authentication | policies.google.com/privacy |
| Google Firebase | Authentication, cloud storage & sync, crash reporting | firebase.google.com/support/privacy |
We carefully vet all third-party providers for their privacy practices and require them to meet standards consistent with this policy.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy.
| Data Type | Retention Period | After Expiry |
|---|---|---|
| Account & user content | Duration of account | Deleted within 30 days of account deletion |
| Device-pairing codes | 3 minutes (single-use) | Automatically deleted |
| Anonymous usage events | Up to 24 months (aggregated) | Anonymized or deleted |
| Crash reports | 12 months | Automatically purged |
| Support correspondence | 36 months from last contact | Permanently deleted |
| Legal & compliance records | As required by law (typically 5–7 years) | Securely destroyed |
8. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
- Encryption at Rest: Sensitive personal data stored on our servers is encrypted using industry-standard algorithms.
- Access Controls: Strict role-based access — only authorized personnel with a legitimate need can access personal data.
- Infrastructure Security: We rely on cloud providers with recognized security certifications (e.g., SOC 2 Type II, ISO 27001).
- Incident Response: We maintain an incident response plan and will notify affected users and relevant authorities of any data breach within the timeframes required by applicable law (e.g., 72 hours under GDPR).
While we take extensive precautions, no method of electronic transmission or storage is 100% secure. We encourage you to use strong device passcodes and keep your operating system up to date.
9. Your Rights
Regardless of where you live, you can:
- Access: View all your content inside the App, or request a copy of the personal data we hold about you.
- Export: Share any list as text or image from the share menu within the App.
- Rectification: Edit your content, display name, and preferences at any time within the App.
- Erasure: Remove your account and all associated data via Profile → Account → Delete Account.
- Portability: Request your data in a structured, machine-readable format by emailing us.
- Restriction / Objection: Request that we limit or stop specific processing based on legitimate interests.
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
How to exercise your rights: Email [email protected] with the subject line "Privacy Request." We will verify your identity and respond within 30 days (or sooner if required by your local law). There is no fee for reasonable requests.
10. International Data Transfers
As our Apps are available worldwide, your data may be transferred to and processed in countries other than your own, including Singapore (where INNOVASFT is headquartered) and the United States (where certain cloud services are hosted).
When transferring data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA.
- Adequacy decisions where the destination country has been recognized as providing adequate data protection.
- Binding contractual commitments with our service providers requiring equivalent levels of protection.
11. Children's Privacy
Our Apps are rated 4+ on the App Store but are not directed at children under the age of 13 (or the equivalent minimum age in your jurisdiction, such as 16 in certain EU member states). We do not knowingly collect personal data from children under 13.
If we discover that we have inadvertently collected data from a child, we will promptly delete it. If you are a parent or guardian and believe your child has provided us with personal data, please contact [email protected] and we will take immediate action.
12. Account & Data Deletion
In accordance with Apple App Store guidelines and applicable data protection laws, you have the right to delete your account and all associated data. You can do this through:
- In-App: Navigate to Profile → Account → Delete Account within the App.
- By Email: Send a request to [email protected] with the subject line "Account Deletion Request."
Upon receiving a deletion request:
- We will verify your identity to protect against unauthorized deletions.
- Your account and all associated personal data will be permanently deleted within 30 days.
- Certain data may be retained for a limited period if required by law (e.g., financial records, fraud prevention). Such data will be securely isolated and deleted at the earliest lawful opportunity.
- Data that has been irreversibly anonymized and aggregated may be retained for analytical purposes.
Please note: Account deletion is permanent and cannot be undone. We recommend exporting any content you wish to keep before initiating a deletion request.
13. Region-Specific Disclosures
13.1 European Economic Area, United Kingdom & Switzerland (GDPR / UK GDPR)
- The data controller is INNOVASFT PTE. LTD., contactable at [email protected].
- You have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, CNIL in France, or the relevant Data Protection Authority in your country).
- We rely on Standard Contractual Clauses for transfers outside the EEA/UK.
13.2 United States — California (CCPA / CPRA)
- Right to Know: You may request details about the categories and specific pieces of personal information we have collected.
- Right to Delete: You may request deletion of your personal information.
- Right to Opt-Out: We do not sell or share your personal information for cross-context behavioral advertising.
- Right to Non-Discrimination: We will not deny services, charge different prices, or provide a different level of quality based on your exercise of privacy rights.
13.3 United States — Other State Privacy Laws
We also comply with privacy laws in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other U.S. states with applicable consumer privacy legislation.
13.4 Singapore (PDPA)
- We collect, use, and disclose personal data only for purposes that a reasonable person would consider appropriate in the circumstances.
- You may withdraw consent, request access to, or request correction of your personal data.
- Complaints may be directed to the Personal Data Protection Commission (PDPC).
13.5 Other Jurisdictions (Japan APPI · Korea PIPA · Australia APPs · Brazil LGPD · Canada PIPEDA)
For users in any other jurisdiction where our Apps are available, we comply with all applicable local data protection and privacy laws. If your local law provides additional rights beyond those described in this policy, those rights are hereby incorporated. Please contact us for jurisdiction-specific inquiries.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will update the "Last Updated" date at the top of this page.
- For significant changes, we will provide prominent notice through our Apps (e.g., in-app banner or pop-up) or by email.
- Where required by law, we will obtain your consent before applying material changes to existing data.
We encourage you to review this policy periodically. Your continued use of our Apps after changes are posted constitutes acceptance of the updated policy.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:
We aim to respond to all inquiries within 5 business days. For formal privacy rights requests, we will respond within the timeframes required by your applicable local law (typically 30 days).