Privacy Policy for SmartList

Last Updated: November 29, 2025

SmartList ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

Important: By using SmartList, you consent to the data practices described in this policy. We may update this policy from time to time, and we will notify you of any material changes through the App or via email.

1. Information We Collect

1.1 Personal Information You Provide

When you register for and use SmartList, we collect the following personal information:

  • Account Information: Name, email address, and password (securely encrypted)
  • Location Information: Country, state/province, and city that you manually provide during:
    • Account registration (required)
    • Profile location updates (optional)
    • Shopping list creation (optional)
    • Analytics queries (optional)
    • Shop search features (optional)
  • Google Account Information: If you choose to sign in with Google, we receive your name and email address from Google

1.2 Information Collected Automatically

When you use SmartList, we automatically collect certain information:

  • Usage Data: Features you use, actions you take, groups you join, lists you create
  • Device Information: Device type, operating system, unique device identifiers
  • Push Notification Tokens: Device tokens to send you notifications
  • Log Data: App crashes, performance data, and error logs
  • Analytics Data: Aggregated usage patterns and feature adoption metrics

1.3 Shopping and Purchases Data

  • Shopping Lists: Items you add to lists, quantities, unit types, notes, and location information you provide
  • Shopping Groups: Groups you create or join, member roles and permissions
  • Shop Management: Shop information, customer data, orders, bills, and payment records you create
  • Purchase Analytics: Historical data about items you've purchased, including prices and quantities
  • Price History: Market prices for items in different locations (anonymized and aggregated for analytics)

1.4 Media and Content

  • Photos: Images you choose to capture or select for items or receipt scanning
  • Audio: Voice recordings when you choose to use voice input features (processed locally on your device and converted to text immediately; audio is not transmitted to our servers or stored)

2. Permissions We Request

2.1 Location Services (Optional)

Why we need it: To help you automatically detect your location instead of manually entering country, state, and city information.

What we collect: When you click the GPS button, we collect your approximate geographic coordinates (latitude/longitude) using your device's location services. We use approximate location accuracy (~100m radius), not precise GPS coordinates, to respect your privacy.

When we collect it: GPS detection can be triggered in two ways:

  • Automatic (for convenience): During account registration, when creating a new shopping list, or when creating a new shop, GPS detection is automatically triggered once to pre-fill location fields and save you time. You can still review, modify, or clear this information before submitting.
  • Manual (on-demand): When updating your profile location or editing existing lists/shops, GPS detection only happens when you explicitly click the "Use My Location" button.

Important: Even when GPS is auto-triggered, you maintain complete control:

  • The detected location is only shown to you - not saved automatically
  • You can review and modify any field (country, state, city, coordinates)
  • You can uncheck the coordinate checkbox to exclude coordinates
  • You can use the reset button to clear all GPS-detected data
  • Nothing is sent to our servers until you submit the form
  • You can cancel the form entirely without saving anything

How it works: When you click the GPS button:

  1. We request approximate location permission from your device
  2. Your device provides approximate coordinates (accurate to ~100m)
  3. We show you the detected location (country, state, city) and coordinates
  4. A checkbox appears (checked by default) allowing you to include or exclude coordinates
  5. You can uncheck the box to save only location names without coordinates
  6. You can review, modify, or clear any field before submitting
  7. Coordinates are only saved if the checkbox is checked when you submit

Your control: You have complete control over coordinate collection:

  • GPS is never triggered automatically - only when you click the button
  • Review the detected location and coordinates before deciding
  • Uncheck the coordinate checkbox to exclude coordinates (saves only city/state/country)
  • Change any location field (country, state, city) manually
  • Use the reset button to clear all location data during entry
  • Cancel the form without submitting - nothing is saved
  • Manually enter location without using GPS at all
  • Clear your saved location: Use the "Clear Location" button in your profile settings to permanently delete all location data (country, state, city, and coordinates) from your account at any time

Important: Coordinates are never sent to our servers until you explicitly submit the form with the coordinate checkbox checked. If you uncheck the box or don't submit the form, no coordinates are stored or transmitted. We only store what you choose to save.

How to control it: You can enable or disable location access in your device settings at any time. If location access is disabled, you can still use the app by manually entering location information in the forms.

2.2 Camera Access (Optional)

Why we need it: To take photos of items or scan receipts using OCR technology when you choose to use these features.

What we collect: Photos are captured ONLY when you click the camera button or select the photo option. You can review each photo and choose to use it, retake it, or cancel.

How it works: Camera access is triggered only by your explicit action (clicking a camera button). You always see what is being captured and can choose to submit or discard the photo.

How to control it: Camera access can be revoked in device settings. We never access your camera automatically or in the background.

2.3 Photo Library Access (Optional)

Why we need it: To allow you to select existing images from your device for items or receipts.

What we collect: Only the specific images you actively select from your photo library. You choose which photo to upload and can see what you're selecting before confirming.

How it works: Photo library access only opens when you click a button to select an image. You pick the specific photo and can cancel at any time.

How to control it: Photo library access can be managed in device settings. We only access photos you specifically select.

2.4 Microphone and Speech Recognition (Optional)

Why we need it: To enable voice input for adding items to shopping lists quickly when you choose to use this feature.

What we collect: Voice recordings are captured ONLY when you press and hold the microphone button. The audio is processed locally on your device and immediately converted to text. You can see the converted text and choose to use it, edit it, or discard it.

How it works: Microphone access is triggered only when you press the voice input button. The audio recording stops when you release the button. You always see the result (converted text) and can review it before adding it to your list.

Important: Audio recordings are processed entirely on your device using device speech recognition. Audio data is never transmitted to our servers or stored anywhere. Only the converted text is saved if you choose to use it.

How to control it: Microphone access can be disabled in device settings. Voice input is completely optional.

2.5 Notifications

Why we need it: To send you important updates about:

  • Changes to shared shopping lists
  • New items added by group members
  • Order status updates in shop management
  • Bill payments and financial notifications
  • Group invitations and membership changes

How to control it: You can disable notifications in the app settings or device settings at any time.

2.6 Internet Access

Why we need it: To sync your data across devices, collaborate with group members in real-time, and access backend services.

Note: The app offers offline functionality for viewing cached data, but internet access is required for syncing and real-time collaboration.

2.7 Storage Access

Why we need it: To cache data locally for offline access and store images you upload.

What we store: Shopping lists, group data, user profiles, and media files (only those you explicitly upload).

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Provide and Maintain Services

  • Create and manage your account
  • Enable shopping list creation, editing, and sharing
  • Facilitate group collaboration and real-time synchronization
  • Process shop orders, bills, and payment tracking
  • Provide receipt scanning and OCR functionality

3.2 Improve User Experience

  • Personalize content and recommendations
  • Provide location-based price analytics
  • Generate spending insights and budget recommendations
  • Optimize app performance and fix bugs

3.3 Communication

  • Send push notifications about list changes and group activities
  • Respond to your inquiries and support requests
  • Send important updates about the app or policy changes

3.4 Analytics and Research

  • Analyze usage patterns to improve features
  • Generate anonymized market price trends and statistics
  • Monitor app performance and identify technical issues
  • Conduct research to develop new features

3.5 Security and Fraud Prevention

  • Detect and prevent unauthorized access
  • Protect against fraudulent activities
  • Enforce our Terms of Service
  • Comply with legal obligations

4. How We Share Your Information

4.1 With Other Users (By Your Choice)

  • Group Members: When you join a shopping group, other members can see your name and your contributions to shared lists
  • Shop Customers: If you use shop management features, customer information you add is visible to shop members with appropriate permissions
  • Shared Lists: Items you add to shared lists are visible to all list members

4.2 Service Providers

We may share information with third-party service providers who perform services on our behalf:

  • Cloud Hosting: Secure servers to store and process your data
  • Authentication Services: Google OAuth for Google Sign-In functionality
  • Analytics Providers: To help us understand app usage (data is anonymized)
  • Push Notification Services: Firebase Cloud Messaging for sending notifications

All service providers are contractually obligated to protect your data and use it only for specified purposes.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (court orders, subpoenas)
  • Government or regulatory requests
  • Protection of our rights, privacy, safety, or property
  • Investigation of fraud or security issues

4.4 Business Transfers

If SmartList is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

4.5 Aggregated or De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you, such as:

  • Market price trends by location (no personal identifiers)
  • Usage statistics and feature adoption rates
  • Research data for improving shopping experiences

5. Data Security

We implement industry-standard security measures to protect your information:

5.1 Technical Safeguards

  • Encryption: All data transmitted between your device and our servers uses HTTPS/TLS encryption
  • Password Protection: Passwords are hashed using industry-standard bcrypt algorithm
  • Secure Storage: Sensitive data on your device is stored using Expo SecureStore with hardware-backed encryption
  • JWT Authentication: Secure token-based authentication for API requests
  • WebSocket Security: Real-time communications are encrypted and authenticated

5.2 Access Controls

  • Role-based permissions system for group and shop management
  • Regular security audits and vulnerability assessments
  • Limited employee access to personal data on a need-to-know basis

5.3 Data Retention

We retain your information only as long as necessary to provide services and comply with legal obligations:

  • Active Accounts: Data retained while your account is active
  • Deleted Accounts: Personal data deleted within 30 days of account deletion (except as required by law)
  • Anonymized Analytics: May be retained indefinitely for research purposes
  • Legal Requirements: Some data may be retained longer to comply with legal or regulatory obligations

Important: While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

6. Your Privacy Rights and Choices

6.1 Access and Update

  • View and edit your profile information in the app settings
  • Update your location, email, or password at any time
  • Clear all location data (country, state, city, coordinates) using the "Clear Location" button in profile settings
  • Request a copy of your personal data by contacting us

6.2 Delete Your Data

  • Individual Items: Delete specific lists, items, or groups you created
  • Account Deletion: Delete your entire account from the app settings
    • This will permanently delete your personal information
    • Shared data in groups may be retained for other members
    • Anonymized analytics data may be retained

6.3 Control Permissions

  • Disable location services, camera, microphone, or photo library access in device settings
  • Turn off push notifications in app or device settings
  • Manage group and shop access permissions within the app

6.4 Data Portability

You have the right to request a copy of your data in a structured, commonly used format. Contact us to request data export.

6.5 Opt-Out of Analytics

While we use anonymized analytics to improve the app, you can request to opt out of certain analytics tracking by contacting us.

6.6 Regional Rights

Depending on your location, you may have additional rights under laws such as:

  • GDPR (Europe): Right to erasure, right to restrict processing, right to object
  • CCPA (California): Right to know, right to delete, right to opt-out of sale (note: we do not sell personal information)
  • Other Regions: We comply with applicable local privacy laws

7. Children's Privacy

SmartList is not intended for children under the age of 13 (or the minimum age required by law in your jurisdiction). We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to delete such information from our systems.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your jurisdiction.

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by regulatory authorities
  • Compliance with applicable cross-border data transfer regulations
  • Ensuring service providers meet international data protection standards

9. Third-Party Services

9.1 Google Sign-In

If you choose to sign in with Google, your use of Google services is governed by Google's Privacy Policy. We only receive the information you authorize Google to share with us (name and email address).

9.2 Firebase Cloud Messaging

We use Firebase Cloud Messaging for push notifications. Firebase's data practices are governed by Google's Privacy Policy.

9.3 Links to External Sites

SmartList may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

When we make material changes:

  • We will update the "Last Updated" date at the top of this policy
  • We will notify you through the app or via email
  • For significant changes, we may require you to accept the new policy before continuing to use the app

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

11. Your Consent

By using SmartList, you consent to:

  • The collection, use, and disclosure of your information as described in this Privacy Policy
  • The processing of your information in accordance with applicable laws
  • The transfer of your information to service providers and across borders as necessary to provide services

If you do not agree with any part of this Privacy Policy, please do not use the app.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

SmartList Support Team
Email: support@appsmartlist.com
Website: https://appsmartlist.com

We will respond to your inquiry within 30 days.

13. Data Protection Officer

For questions specifically related to data protection and privacy compliance, you may contact our Data Protection Officer at:

Email: privacy@appsmartlist.com