Privacy Policy

Introduction

Welcome to Productivica! This privacy policy explains how we handle your information when you use our mobile application. We believe in transparency, so we've written this in plain language.

⚠️ Important: Do Not Store Sensitive Information

Who We Are

Data Controller:

• Name: Eryk Włoszczyński
• Location: Koźmin Wielkopolski, Poland
• Email: productivica.help@gmail.com

Productivica is operated by an individual developer, not a company. This means you're supporting an indie creator, and your data is handled with personal care and respect.

What Data We Collect

1. Data Stored Locally on Your Device

Your Tasks and Notes:

• Task titles, descriptions, and notes
• Due dates and time estimates
• Completion status and streaks
• Settings and preferences (themes, notification times)
• Custom categories and tags

How it's stored: All of this data is stored locally on your device using AsyncStorage (React Native's local storage). This data never leaves your device unless you explicitly export it.

When it's deleted: This data is permanently deleted when you uninstall the app. There is no cloud backup, no server copy, and no way for us to recover it.

2. Anonymous Analytics Data

We use Mixpanel to understand how people use the app and improve it. We collect:

Usage Information:

• Which features you use (e.g., "created task", "viewed statistics")
• How often you use the app
• Which screens you visit
• App crashes and errors
• Your device type (iPhone, Android) and OS version
• App version number

Anonymous Device Identifier:

• A random ID generated when you first open the app (e.g., "1730736000000-abc123xyz")
• This ID is NOT tied to your identity, phone number, email, or any personal information
• It's used only to distinguish between different devices in aggregate statistics
• It's stored only on your device and deleted when you uninstall

Subscription Status Information:

• Your subscription tier (free, premium, or trial)
• Days remaining in trial (if applicable)
• Trial status (active/inactive)
• This data helps us understand feature usage across different user segments and improve the app experience
• No payment information is included - that's handled separately by Apple/Google

What we DON'T collect:

• We never send your task titles, notes, or any content to analytics
• We don't track your location
• We don't access your contacts, photos, or other apps
• We don't collect your name, email, or phone number

3. Subscription Information

We use RevenueCat to manage in-app subscriptions (Premium features). RevenueCat collects:

• Your App Store or Google Play purchase receipts
• Subscription status (active, expired, cancelled)
• Anonymous device identifier (different from analytics ID)
• Purchase timestamps

Important: RevenueCat does not receive your payment information. Your credit card details are only handled by Apple or Google, never by us or RevenueCat.

4. Push Notification Data

If you enable notifications, we use Expo's notification service to send you reminders. The data involved:

Notification Content:

• Task counts (e.g., "You have 3 tasks today")
• Generic reminders (e.g., "Good morning!")
• Task titles when reminding you about specific tasks (e.g., "Buy groceries is due tomorrow")

Push Tokens:

• A unique token that allows us to send notifications to your device
• This token is stored by Expo and is not linked to your personal identity

How it works:

• Notifications are scheduled locally on your device when possible
• For remote notifications, task information may be temporarily sent through Expo's servers
• Expo does not store notification content long-term (logs kept ~30 days)
• You can disable notifications anytime in Settings

Data Processing Summary

Here's a clear breakdown of what data we collect, why, and who can access it:

How We Use Your Data

Local Data (Tasks, Notes, Settings)

• Purpose: To provide the core functionality of the app
• Usage: All processing happens on your device
• Storage Duration: Until you delete the app
• Sharing: Never shared with anyone

Analytics Data

• Purpose: To understand how the app is used and improve it
• Usage: Create aggregate statistics (e.g., "75% of users complete tasks daily")
• Storage Duration: Retained by Mixpanel indefinitely unless you request deletion
• Sharing: Only with Mixpanel (see Third-Party Services below)

Subscription Data

• Purpose: To manage your Premium subscription and grant access to paid features
• Usage: Verify subscription status when you use Premium features
• Storage Duration: Retained by RevenueCat per their retention policy (typically while subscription is active + legal retention period)
• Sharing: Only with RevenueCat and your payment provider (Apple/Google)

Notification Data

• Purpose: To send you reminders and motivational messages
• Usage: Deliver notifications at scheduled times
• Storage Duration: Temporary (processed through Expo servers, logs ~30 days)
• Sharing: Only with Expo for notification delivery

Third-Party Services

We use the following trusted third-party services. Each has their own privacy policy:

1. Mixpanel (Analytics)

• What they do: Collect anonymous usage analytics
• Data shared: Events (e.g., "task completed"), device type, app version, anonymous device ID
• Data NOT shared: Your tasks, notes, or any personal content
• Their privacy policy: https://mixpanel.com/legal/privacy-policy/
• Location: European Union (EU data residency - all data stored in EU)
• Safeguards: Standard Contractual Clauses (SCCs) for EU-US data transfers where applicable

2. RevenueCat (Subscriptions)

• What they do: Manage in-app purchase verification and subscription status
• Data shared: Purchase receipts, subscription status, anonymous device ID
• Data NOT shared: Your payment information (handled by Apple/Google only)
• Their privacy policy: https://www.revenuecat.com/privacy/
• Location: United States (GDPR-compliant)
• Safeguards: Standard Contractual Clauses (SCCs) for GDPR compliance

3. Expo Notifications (Push Notifications)

• What they do: Deliver push notifications to your device
• Data shared: Push notification tokens, notification content (task names, counts)
• Data NOT shared: Your full task list or notes
• Their privacy policy: https://expo.dev/privacy/
• Location: United States (GDPR-compliant)

4. Apple App Store / Google Play Store

• What they do: Handle payments and distribute the app
• Data shared: You provide payment info directly to them (we never see it)
• Their privacy policies:
  • Apple: https://www.apple.com/legal/privacy/
  • Google: https://policies.google.com/privacy

Your Privacy Rights

Depending on where you live, you may have the following rights:

🇪🇺 European Union (GDPR) and 🇵🇱 Poland (RODO)

You have the right to:

1. Access: Request a copy of all data we have about you
2. Rectification: Correct inaccurate data (though most data is on your device only)
3. Erasure ("Right to be Forgotten"): Request deletion of your analytics data
4. Data Portability: Export your tasks and notes in a standard format (JSON)
5. Restrict Processing: Limit how we use your analytics data
6. Object: Object to analytics data collection
7. Withdraw Consent: Stop analytics or notifications at any time
8. Lodge a Complaint: Contact the Polish supervisory authority (UODO) or your local data protection authority

Legal Basis for Processing:

• Local data: Necessary for contract (providing app functionality)
• Analytics: Legitimate interest (improving the app)
• Subscriptions: Necessary for contract (Premium features)
• Notifications: Your consent (can be withdrawn)

🇺🇸 United States

California (CCPA/CPRA):

• Right to know what personal information we collect
• Right to delete personal information
• Right to opt-out of "sale" (we don't sell data)
• Right to non-discrimination
• Right to correct inaccurate information

California "Shine the Light" Law (Civil Code Section 1798.83): California residents may request information about disclosure of personal information to third parties for direct marketing purposes. We do not share your personal information with third parties for their direct marketing purposes. To make a request, email productivica.help@gmail.com with "California Shine the Light Request" in the subject line. You may make one request per calendar year.

Other US States (Virginia, Colorado, Connecticut, Utah, Texas, etc.):

Similar rights may apply under your state's privacy law, including rights to access, delete, correct, and opt-out of certain data processing activities.

🌍 Other Countries

Even if not legally required, we respect your privacy rights. Contact us to:

• Request your data
• Delete your analytics data
• Ask questions about data handling

How to Exercise Your Rights

Export Your Data (Data Portability)

In the app:

1. Go to Settings → Data & Privacy
2. Tap "Export My Data"
3. Share the JSON file via email or save to files

This exports all your tasks, notes, completions, and statistics in a readable format.

Delete Your Analytics Data

Contact us:

1. Email: productivica.help@gmail.com
2. Subject: "Delete My Analytics Data"
3. Include: Your anonymous device ID (find it in Settings → Data & Privacy → View Device ID)

We'll delete your analytics data from Mixpanel within 30 days.

Delete All Data

Uninstall the app:

• All local data (tasks, notes, settings) is automatically deleted
• Analytics data remains in Mixpanel (contact us to delete)
• Subscription records remain with RevenueCat (required for refund/billing purposes)

Opt Out of Analytics

In the app:

1. Go to Settings → Data & Privacy
2. Toggle "Analytics" to OFF
3. No usage data will be collected after disabling

What happens when you disable:

• No new events are tracked
• Previously collected data remains in Mixpanel until you request deletion
• The app continues to work normally

To delete existing analytics data:

1. Go to Settings → Data & Privacy → View Device ID
2. Note your Device ID
3. Email us at productivica.help@gmail.com with subject "Delete My Analytics Data"
4. Include your Device ID in the email
5. We'll delete your data within 30 days

Verification Process

To protect your privacy, we must verify your identity before processing certain requests:

1. For analytics deletion: We'll match your Device ID from our records
2. For data export: The export happens directly on your device, no verification needed
3. For general inquiries: We may ask you to confirm details from your previous communications

We only use verification information for the purpose of confirming your identity and will not use it for any other purpose.

Response Timeline

• Standard requests: We respond within 30 days (GDPR) or 45 days (US state laws)
• Complex requests: We may extend by an additional 30-45 days and will notify you
• Denial of requests: We'll explain the legal basis for denial

Appeal Process

If we deny your request:

1. You may appeal within 60 days of receiving our denial
2. Email: productivica.help@gmail.com
3. Subject: "Privacy Request Appeal"
4. Include:
   • Your original request details
   • Why you believe our denial was incorrect
   • Any additional information supporting your request

Our response to appeals:

• We'll review your appeal within 60 days
• We'll explain our final decision in writing
• We'll describe any actions taken or not taken, and why

If you're still unsatisfied:

• EU/Poland residents: Contact UODO or your local data protection authority
• US residents: Contact your state Attorney General or relevant consumer protection agency

Fee Warning

We provide up to two (2) data subject rights requests per year free of charge. We reserve the right to charge a reasonable fee for:

• Excessive requests (more than 2 per year)
• Repetitive requests
• Manifestly unfounded requests

If a fee applies, we'll notify you of the cost estimate before processing your request. You can then decide whether to proceed.

Data Security

We take security seriously, even though most data never leaves your device:

On Your Device

• Data stored in secure AsyncStorage
• Protected by your device's encryption (iOS/Android)
• No transmission to external servers

In Transit (Third-Party Services)

• All connections use HTTPS/TLS encryption
• Analytics events encrypted in transit to Mixpanel
• Subscription verification encrypted via RevenueCat
• Notifications encrypted via Expo

No Account = No Account Breach

• Since we don't have user accounts, there's no password to steal
• No central database to hack
• Your data security depends primarily on your device security

Data Breach Notification

In the unlikely event of a data breach:

Since your tasks and notes are stored only on your device, they cannot be breached through our systems. However, if there's a breach involving:

• Analytics data (Mixpanel)
• Subscription data (RevenueCat)
• Notification tokens (Expo)

We will:

1. Notify affected users within 72 hours (EU law requirement) or as required by applicable law
2. Explain what happened: What data was affected and how the breach occurred
3. Describe our response: Steps we're taking to resolve the issue and prevent future breaches
4. Recommend actions: What you should do to protect yourself (if any action is needed)

How we'll notify you:

• Email (if we have it from subscriptions or support contacts)
• In-app notification banner
• Notice posted on productivica.com
• As required by applicable law (e.g., notice to regulatory authorities)

Reporting a suspected breach: If you believe your data has been compromised, please contact us immediately at productivica.help@gmail.com with "Security Incident" in the subject line.

Automated Decision-Making and Profiling

What this means:

• No algorithms automatically make decisions that affect your rights
• No profiling that could result in discrimination or unfair treatment
• No automated systems that limit your access to app features based on your behavior

App recommendations:

The app may provide suggestions based on your usage patterns (e.g., "Based on your completion rate, consider reducing your daily task load"). These are:

• Optional suggestions only (you can ignore them)
• Not based on sensitive personal information
• Do not affect your access to any features

Children's Privacy

Productivica is rated 13+. We do not knowingly collect data from children under 13.

If you're under 13:

• Please do not use this app
• If we discover a user is under 13, we'll delete their analytics data

For users aged 13-17:

• We recommend parental awareness and supervision
• All privacy rights apply equally to you
• Parents/guardians can exercise privacy rights on your behalf

Parents: If you believe your child under 13 has used this app, contact us at productivica.help@gmail.com and we'll delete their analytics data immediately.

Why 13+?

• Simplifies legal compliance (COPPA in US, GDPR in EU)
• Task management is designed for teens and adults
• No special parental controls needed

International Data Transfers

Where your data goes:

🇪🇺 EU to US Transfers:

When your data is transferred from the EU to the United States (for RevenueCat and Expo services), we ensure protection through:

1. Standard Contractual Clauses (SCCs): EU-approved contractual terms that require US providers to protect your data according to EU standards
2. GDPR Compliance: All our US service providers are GDPR-compliant and have implemented appropriate technical and organizational measures
3. Data Privacy Framework: Where applicable, providers participate in the EU-US Data Privacy Framework
4. Encryption: All data in transit is encrypted using TLS/HTTPS

Your consent: By using Productivica, you consent to these international data transfers as described. You can withdraw consent at any time by ceasing to use the app and requesting deletion of your analytics data.

Data Retention

Automatic Deletion:

• App uninstall → Local data deleted immediately from your device
• Analytics → Remains until you request deletion
• Subscriptions → Retained per legal requirements (accounting, tax law)

Why we retain data:

• Legal obligations: Tax laws, consumer protection laws, and financial regulations require us to retain transaction records
• Legitimate business purposes: Resolving disputes, preventing fraud, enforcing terms
• Product improvement: Understanding long-term usage patterns to make the app better

You control deletion: You can request deletion of your analytics data at any time (see "How to Exercise Your Rights" above).

Cookies and Tracking

What we do use:

• Mobile SDKs: Mixpanel, RevenueCat, and Expo SDKs are integrated into the app to provide analytics, subscriptions, and notifications
• Local Storage: AsyncStorage on your device (not shared with anyone)
• Anonymous identifiers: Device IDs for analytics (not linked to your personal identity)

Tracking:

• Analytics tracking: Mixpanel tracks usage events (opt-out available in Settings)
• NO advertising trackers: We don't use advertising or marketing trackers
• NO cross-app tracking: We don't track you across other apps on your device
• NO third-party tracking scripts: Since we're not a website, there are no tracking pixels or scripts

Do Not Track:

"Do Not Track" is a browser setting that doesn't apply to mobile apps. However, you can disable analytics tracking in the app Settings → Data & Privacy → Analytics (toggle off).

Changes to This Privacy Policy

We may update this policy as we add features or comply with new laws.

When we update:

• We'll change the "Last Updated" date at the top
• For significant changes, we'll notify you in the app with a banner or notification
• Continued use of the app after the effective date means you accept the updated policy

What constitutes a "significant change":

• Changes to what data we collect
• New third-party services that access your data
• Changes to data retention periods
• Changes to your privacy rights
• Changes to how we use your data

How to stay informed:

• Check this policy periodically at productivica.com/privacy
• Review update notifications in the app
• We'll highlight major changes in app update notes

Your options if you disagree:

• Stop using the app before the changes take effect
• Request deletion of your analytics data
• Contact us with concerns at productivica.help@gmail.com

Version history: Previous versions of this privacy policy are available upon request.

Your Choices Summary

Contact Us

Questions? Concerns? Data requests?

📧Email: productivica.help@gmail.com

Response time: Usually within 3 business days (I'm a solo developer!)

For data requests:

• Include "Privacy Request" in the subject
• Specify what you need (export, deletion, information, correction)
• Include your device ID if requesting analytics deletion (find it in Settings → Data & Privacy → View Device ID)

For security concerns:

• Include "Security Incident" in the subject
• Describe the issue in detail
• We'll respond as quickly as possible

Legal Compliance

This privacy policy complies with:

• 🇪🇺 GDPR (General Data Protection Regulation)
• 🇵🇱 RODO (Polish GDPR implementation - Rozporządzenie o Ochronie Danych Osobowych)
• 🇺🇸 CCPA/CPRA (California Consumer Privacy Act and California Privacy Rights Act)
• 🇺🇸 VCDPA (Virginia Consumer Data Protection Act)
• 🇺🇸 CPA (Colorado Privacy Act)
• 🇺🇸 CTDPA (Connecticut Data Privacy Act)
• 🇺🇸 UCPA (Utah Consumer Privacy Act)
• 🇺🇸 TDPSA (Texas Data Privacy and Security Act)
• 🇺🇸 COPPA (Children's Online Privacy Protection Act) - Age 13+ requirement
• 🇨🇦 PIPEDA (Personal Information Protection and Electronic Documents Act)
• 🇬🇧 UK GDPR (United Kingdom General Data Protection Regulation)
• 🇨🇭 Swiss Federal Act on Data Protection (FADP)

Final Notes

No data selling: We will never sell your data to third parties. We don't use your data for advertising. We only collect what's needed to provide and improve the app.

Open to feedback: This is my first app, and I'm learning. If you have suggestions for improving privacy practices, I'm all ears. Email me at productivica.help@gmail.com!

Thank you for trusting Productivica with your productivity journey. 🚀

Appendix: Definitions

• Personal Information/Personal Data: Information that identifies you as a specific individual (name, email, etc.) or that can be linked to you.
• Device Identifier: A random ID assigned to your device for analytics purposes, not linked to your personal identity.
• Local Storage: Data stored on your device, not transmitted to any server.
• Standard Contractual Clauses (SCCs): EU-approved contract terms that ensure data transferred outside the EU is protected according to EU standards.
• Data Controller: The entity that determines how and why personal data is processed (that's me, the app developer).
• Data Processor: Third-party services that process data on my behalf (Mixpanel, RevenueCat, Expo).
• GDPR: General Data Protection Regulation - EU law protecting personal data.
• CCPA: California Consumer Privacy Act - California law protecting consumer privacy.