Privacy Policy

1. Scope and Compliance

This Privacy Policy applies to all users of the App worldwide. We aim to protect your privacy regardless of your location and to comply with applicable laws including, where relevant:

• General Data Protection Regulation (GDPR) — European Economic Area (EEA) and United Kingdom
• California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) — California, United States
• Lei Geral de Proteção de Dados (LGPD) — Brazil
• Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP, as updated March 2025) — Mexico
• Other applicable national and regional privacy laws in markets where the App is available

If local law provides you additional rights beyond those described here, those rights apply.

2. Information We Collect and Store

2.1 Data You Create (Local-First)

The App stores information you enter, such as:

• Reminder items: titles, categories/subcategories, due/expiry dates, repeat/renewal settings, reminder schedules, status (e.g., completed/renewed), favorites/pins
• Optional fields: performed/purchased-on dates, amounts, notes
• Trash: deleted items you can restore until permanently deleted (or auto-deleted after 30 days if enabled)

By default, this data is stored exclusively on your device.

2.2 Attachments (Optional)

If you add attachments (photos, files, receipts):

• They are stored locally by default
• If you enable cloud sync/backup, attachments may be uploaded and stored in the cloud with your synced data

2.3 Account Data (Optional)

If you create an account, we process:

• Email address (if you use email sign-in)
• Authentication identifiers and tokens from sign-in providers (to maintain your session)
• Country/region (for localization and compliance purposes)

2.4 Subscription and Purchase Data

If you subscribe to ReMinder Premium, the following data is processed through our subscription management provider, RevenueCat, Inc.:

• Purchase history and store receipts (from Google Play or Apple App Store)
• Subscription status, plan type, and renewal dates
• App user ID (anonymized internal identifier)
• Country code (derived from store account)

RevenueCat acts as a data processor (GDPR) and service provider (CCPA) on our behalf. RevenueCat does not sell your data and processes it solely to manage your subscription. For more information, see RevenueCat's Privacy Policy at https://www.revenuecat.com/privacy.

2.5 Analytics and Diagnostics (Limited)

We use Firebase Analytics and Firebase Crashlytics (provided by Google LLC) to understand usage and improve reliability. This data may include:

• App interactions (e.g., feature usage, screens viewed, session duration)
• Device and app information (device model, OS version, app version, language/region)
• Crash and performance diagnostics (e.g., stack traces, crash UUIDs, app state at crash time)
• Firebase installation IDs and Analytics instance IDs

We do not intentionally send your reminder content (titles, notes, attachments) to Analytics or Crashlytics. In the EEA/UK, analytics and crash reporting SDKs do not initialize until you provide consent through our Consent Management Platform.

2.6 Tracking Technologies and Device Identifiers

The App and its third-party SDKs may access the following identifiers and technologies on your device. These serve a similar function to cookies in a browser context:

• Android Advertising ID (AAID) or Apple Identifier for Advertisers (IDFA): used by AdMob for advertising purposes, subject to your consent where required
• Firebase Installation ID: a per-app-install identifier used by Firebase services for analytics, crash reporting, and messaging
• Crashlytics Installation UUID: a per-install identifier used solely for crash reporting
• Local storage (SharedPreferences / UserDefaults): used to store your app preferences and settings locally

You can reset or limit advertising identifiers through your device's system settings (Settings > Privacy > Advertising on Android/iOS). Disabling the advertising ID will result in non-personalized or contextual advertising where supported.

For more information on how Google uses data from apps that use its services, see: How Google uses data when you use our partners' sites or apps.

2.7 Waitlist Signups

When you join our pre-launch waitlist by submitting your email address on our landing page, we store:

• Your email address
• The date and time of signup
• The section of the page where you signed up (for analytics)

We use this data only to send you a single notification email when ReMinder launches on Android and iOS. We do not share it with third parties or use it for any other marketing purpose.

You can request deletion of your waitlist entry at any time by emailing support@radianpixelapps.com.

3. Permissions and Device Features

The App requests permissions only when needed:

• Notifications: to alert you of upcoming due dates and renewals
• Files/Camera: only if you choose to add attachments
• Calendar: only if you enable calendar export/sync

Providing these permissions is voluntary. You can change permissions at any time in your device settings. Revoking a permission may limit the corresponding App feature, but will not affect core reminder functionality.

4. How We Use Information (Purposes)

We use information to:

• Provide core functionality (create, manage, and deliver reminders)
• Deliver notifications at times you configure (subject to OS/device controls)
• Enable optional cloud sync/backup, account login, and multi-device access
• Enable optional sharing spaces and calendar export
• Manage subscriptions and process purchases (via RevenueCat)
• Show advertisements in the free version and measure ad performance (via AdMob)
• Analyze app usage to improve features and user experience (via Firebase Analytics)
• Detect and resolve crashes, bugs, and performance issues (via Firebase Crashlytics)
• Maintain security, prevent abuse, and comply with legal obligations

5. Processing Activity Table

The following table maps each category of data to its purpose, legal basis (for EEA/UK users), retention period, and recipients:

Data Category	Purpose	Retention	Recipients
Reminder content	Core app functionality	Until deleted by user or app uninstalled	Local only (or Firebase if sync enabled)
Account email	Authentication, account management	Until account deletion (within 180 days of request)	Firebase Authentication (US)
Purchase history	Subscription management, receipt validation	While subscription active + 90 days	RevenueCat, Google Play / App Store
Analytics events	Product improvement, feature usage insights	14 months (Firebase default)	Firebase Analytics (Google)
Crash diagnostics	Bug detection, stability improvement	90 days	Firebase Crashlytics (Google)
Advertising ID	Ad serving, ad measurement	Until reset by user or consent withdrawn	Google AdMob and ad partners
IP address	Approximate location for ads, fraud prevention	Not stored long-term; used transiently	AdMob, Firebase
Sharing data	Enable shared reminder spaces	Until space deleted or user leaves	Firebase Firestore (shared participants)

6. Cloud Sync and Backup (Optional)

If you enable cloud sync/backup, your data is transmitted over encrypted connections (TLS) and stored with Google Firebase services (Google LLC and/or affiliates) acting as our data processor. Cloud sync/backup may include:

• Reminder items and their settings
• Sync metadata (timestamps, version numbers)
• Attachments (if you enable attachment syncing)

If you do not enable sync/backup, reminder data remains exclusively on your device (subject to device-level backups you control through your operating system).

7. Sharing Spaces (Optional)

If you use sharing features (inviting others to view or edit reminders), we may process:

• Invitee email addresses
• Access roles (Owner, Editor, Viewer)
• The shared items you choose to make visible
• Per-item visibility settings (Private vs. Everyone)

You are responsible for sharing only what you intend to share. Private items within a shared space are visible only to the item creator and specifically designated users.

8. Calendar Export/Sync (Optional)

If enabled, the App may create or update calendar events in the calendar you choose. We only request calendar access necessary to perform the export behavior you enable. Calendar data is not transmitted to our servers.

9. Advertising (Free Version Only)

The App may display advertisements using Google AdMob. AdMob and its advertising partners may process:

• Advertising identifiers (AAID on Android, IDFA on iOS, depending on settings and consent)
• IP address (often used for approximate location such as country/region)
• Ad interaction events (impressions, clicks)
• Device and app information (model, OS version, app version)

9.1 AdMob's Role

Google acts as a data processor for certain publisher-facing data but may also act as an independent data controller for some ad-related processing. This means AdMob may use certain data (such as IP addresses and device identifiers) for Google's own advertising optimization purposes, subject to Google's Privacy Policy.

9.2 Consent (EEA/UK and Similar Regions)

In the EEA, UK, and Switzerland, we use a Google-certified Consent Management Platform (CMP) integrated with the IAB Transparency and Consent Framework (TCF v2.2+) to obtain your consent before using identifiers for personalized advertising or tracking. No advertising or analytics SDKs initialize before your consent is obtained.

We implement Google's Consent Mode v2, which transmits four consent signals: analytics_storage, ad_storage, ad_user_data, and ad_personalization. If you do not consent, we will show non-personalized or contextual ads where supported.

9.3 Opt-Out Controls

You can manage advertising preferences through:

• Your device settings: reset or limit your advertising identifier (Settings > Privacy on Android/iOS)
• The in-app consent dialog: withdraw consent at any time through Settings > Privacy within the App
• For California users: see Section 15 (CCPA/CPRA) for additional opt-out rights

10. Third-Party Service Providers

We use the following service providers to operate and improve the App:

Provider	Purpose
Firebase Analytics (Google)	Usage analytics and feature insights
Firebase Crashlytics (Google)	Crash reporting and diagnostics
Firebase Authentication (Google)	Account features and sign-in (data processed in the US)
Firebase / Google Cloud	Optional cloud sync, backup, and Firestore database
Google AdMob	Advertising in the free version
RevenueCat, Inc.	Subscription management, receipt validation, and purchase analytics
Google Play / Apple App Store	App distribution, payment processing, reviews

These providers process data under contractual obligations (Data Processing Agreements/Addenda) and appropriate security measures.

11. Data Retention and Deletion

• Local data: remains on your device until you delete it or uninstall the App
• Trash items: remain until restored, permanently deleted, or auto-deleted (e.g., after 30 days if enabled)
• Cloud data (if sync enabled): retained while your account is active and deleted upon account deletion, within 180 days of request (subject to limited legal or operational retention requirements)
• Firebase Analytics data: retained for 14 months from collection (configurable)
• Crashlytics data: retained for 90 days
• Firebase Authentication IP logs: retained for a few weeks
• RevenueCat purchase data: retained while subscription is active plus 90 days after cancellation
• AdMob data: retained according to Google's data retention policies

11.1 Account Deletion

You can request deletion of your account and all associated cloud data through:

• The in-app "Delete Account" feature (Profile > Account > Delete Account)
• Contacting us at support@radianpixelapps.com
• Visiting https://reminder-tracker.com/delete-account for full instructions

Upon account deletion, we will delete your cloud-synced data, shared space memberships, and authentication records. Local data on your device is not affected by account deletion and remains under your control.

12. Security

We use reasonable safeguards designed to protect information, including:

• Encryption in transit (TLS) for all data transmitted to and from our servers
• Encryption at rest for cloud-stored data via Firebase/Google Cloud infrastructure
• Authentication tokens with automatic expiration
• Principle of least privilege for service provider access

No system can be guaranteed 100% secure. In the event of a data breach that poses a high risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33) and will notify affected users without undue delay where required (GDPR Article 34).

13. International Data Transfers

Your information may be processed in countries other than where you live. Specifically:

• Firebase Authentication processes data exclusively in the United States
• Firebase Analytics, Crashlytics, and Cloud Firestore may process data in Google's global infrastructure
• RevenueCat processes data in the United States
• AdMob may process data globally depending on ad partner locations

For transfers from the EEA/UK to countries without an adequacy decision, we rely on:

• The EU-US Data Privacy Framework (where applicable)
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Google's Data Processing Terms, which include SCCs for Firebase and AdMob services
• RevenueCat's Data Processing Addendum with SCCs

14. Your Privacy Rights

14.1 Rights Available to All Users

Regardless of where you live, you may request to:

• Access your data (request a copy of information we hold about you)
• Correct your data (often directly within the App)
• Delete your data (locally and/or from cloud if sync is enabled)
• Export your data in a portable, machine-readable format
• Object to or restrict certain processing where applicable

We may verify your identity before processing a request. We will respond within 30 days, or within any shorter period required by applicable law.

14.2 EEA/UK (GDPR) — Additional Rights and Legal Bases

Legal Bases for Processing

For EEA/UK users, we process personal data under the following legal bases:

• Contract (Article 6(1)(b)): to provide features you request, including core reminders, optional sync, sharing, and subscription management
• Legitimate Interests (Article 6(1)(f)): for security, fraud prevention, crash detection and resolution, and general product improvement. We conduct balancing tests to ensure our interests do not override your rights. Our legitimate interest in crash reporting is balanced by data minimization (no reminder content is sent) and short retention (90 days).
• Consent (Article 6(1)(a)): for personalized advertising, non-essential analytics, and tracking via advertising identifiers. You can withdraw consent at any time through the in-app consent dialog (Settings > Privacy), and withdrawal is as easy as giving consent — a single tap.

Additional GDPR Rights

• Right to data portability (Article 20): receive your data in a structured, commonly used, machine-readable format (JSON export available in-app)
• Right to lodge a complaint with a supervisory authority (Article 77): if you believe we have violated your data protection rights, you may file a complaint with the relevant supervisory authority in your country of residence. For example, the ICO in the UK (ico.org.uk), CNIL in France (cnil.fr), or your local Data Protection Authority.
• Right to information about automated decision-making (Article 22): AdMob's personalized advertising uses automated profiling to select ads based on your device characteristics, approximate location, and interaction history. You are not subject to decisions with legal or similarly significant effects based solely on automated processing. You can opt out of personalized ads entirely through the consent dialog.

Mandatory vs. Optional Data Provision

Providing personal data is not a statutory or contractual requirement for using the App's core features (reminders work without an account). However, certain optional features require specific data: cloud sync requires account creation (email); sharing requires invitee email addresses; Premium requires purchase data processing. If you choose not to provide this data, the corresponding features will be unavailable, but core functionality is unaffected.

14.3 Brazil (LGPD) — Additional Rights

If you are located in Brazil, you have the following additional rights under the Lei Geral de Proteção de Dados (LGPD):

• Confirmation of the existence of data processing
• Access to your data
• Correction of incomplete, inaccurate, or outdated data
• Anonymization, blocking, or elimination of unnecessary or excessive data, or data processed in violation of the LGPD
• Data portability to another service provider
• Deletion of personal data processed with your consent
• Information about public and private entities with which your data has been shared
• Information about the possibility and consequences of not providing consent
• Revocation of consent

Legal bases for processing under the LGPD include: consent, legitimate interests, contract performance, legal/regulatory compliance, credit protection, and the regular exercise of rights in judicial, administrative, or arbitration proceedings.

Data Protection Officer (Encarregado): For LGPD-related inquiries, contact our Data Protection Officer at privacy@radianpixelapps.com.

14.4 Mexico (LFPDPPP, Updated March 2025) — Additional Rights

If you are located in Mexico, you have the following ARCO rights plus Portability under the updated Ley Federal de Protección de Datos Personales:

• Access (Acceso): know what personal data we hold about you
• Rectification (Rectificación): correct inaccurate or incomplete data
• Cancellation (Cancelación): request deletion of your data when it is no longer necessary
• Opposition (Oposición): object to the processing of your data for specific purposes
• Portability: receive your data in a structured format for transfer to another controller

This Privacy Policy also serves as the Aviso de Privacidad (Privacy Notice) required under Mexican law. We distinguish between:

• Required purposes: providing core app functionality, managing your account, processing subscriptions, delivering notifications, and maintaining security
• Optional purposes: analytics, personalized advertising, and marketing communications. You may opt out of optional purposes without affecting required services.

New consent is required for any new processing purpose not described in this policy. To exercise your rights, contact privacy@radianpixelapps.com. We will respond within 20 business days as required by law.

15. California Privacy Rights (CCPA/CPRA)

This section applies to California residents and supplements the rest of this Privacy Policy.

15.1 Your California Rights

As a California resident, you have the right to:

• Know and access the categories and specific pieces of personal information we collect
• Delete your personal information (subject to certain exceptions)
• Correct inaccurate personal information
• Opt out of the "sale" or "sharing" of your personal information
• Limit the use of sensitive personal information (if applicable)
• Not be discriminated against for exercising your privacy rights

15.2 Do Not Sell or Share My Personal Information

We do not sell personal information for monetary consideration. However, the use of advertising technology (Google AdMob) may involve disclosure of certain identifiers and activity information that constitutes "sharing" for cross-context behavioral advertising under CPRA.

You can opt out of this sharing through:

• The in-app privacy control: Settings > Privacy > "Do Not Sell or Share My Personal Information"
• Contacting us at support@radianpixelapps.com with subject line "CCPA Opt-Out"
• Global Privacy Control (GPC): we honor GPC browser/device signals as valid opt-out requests

When you opt out, we implement Google's Restricted Data Processing (RDP) mode for your account, which limits AdMob's data processing to contextual advertising only.

After you opt out, we will not ask you to opt back in for at least 12 months.

15.3 Financial Incentive Notice

The App offers a free tier (with advertising) and a Premium paid tier (without advertising). The free tier is supported by advertising revenue, which relies on processing certain personal information (advertising identifiers and usage data). The paid Premium tier removes advertising and the associated data processing. The value of the personal information processed for advertising is approximately equal to the difference in cost between the free and Premium tiers. You are not required to participate in the free tier; you may choose Premium to avoid advertising-related data processing.

15.4 Notice at Collection

At or before the point of collection, we inform you of the categories of personal information being collected and the purposes for which they will be used. See the Processing Activity Table in Section 5 and Appendix A for detailed category-level disclosures.

16. Children's Privacy

The App is not directed to children under 13 (or the minimum age required in your jurisdiction, such as 16 in some EU member states). We do not knowingly collect personal data from children. If we learn that we have inadvertently collected personal data from a child, we will promptly delete that information. If you believe a child has provided us with personal data, please contact us at support@radianpixelapps.com.

17. Automated Decision-Making and Profiling

The App does not make decisions that produce legal or similarly significant effects based solely on automated processing. However, our advertising partner (AdMob) uses profiling to deliver personalized advertisements based on factors such as device type, approximate location, and browsing/interaction history across apps. You can opt out of this profiling by:

• Withdrawing consent through the in-app consent dialog (EEA/UK)
• Resetting your advertising identifier in device settings
• Opting out of "selling/sharing" under CCPA (California residents)

18. Apple iOS-Specific Disclosures

For the iOS version of the App, the following additional provisions apply:

18.1 App Tracking Transparency (ATT)

Before accessing your Apple Identifier for Advertisers (IDFA) or linking your data with data from other companies' apps for advertising purposes, we will display Apple's App Tracking Transparency prompt requesting your permission. If you decline, we will show only contextual (non-personalized) advertisements and will not access your IDFA.

18.2 Privacy Nutrition Labels

Our App Store listing includes Privacy Nutrition Labels that accurately describe all data types collected by the App and each third-party SDK, categorized as "Data Used to Track You," "Data Linked to You," or "Data Not Linked to You." These labels are consistent with the disclosures in this Privacy Policy.

18.3 Privacy Manifests

The App includes Privacy Manifest files (PrivacyInfo.xcprivacy) as required by Apple, declaring the APIs used and the reasons for their use. All third-party SDKs included in the App provide their own privacy manifests with valid signatures.

19. Google Play Data Safety Section

Our Google Play listing includes a Data Safety Section that accurately describes:

• What data is collected and shared
• Whether data collection is optional or required
• The purpose of each data type collected
• Our data handling practices including encryption, deletion options, and account deletion

The Data Safety Section declarations are consistent with this Privacy Policy and the actual behavior of the App and its SDKs.

20. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

• Update the "Effective Date" and "Last Updated" dates at the top of this document
• Publish the revised policy on our website and within the App
• For material changes affecting your rights, notify you via in-app notification or email (if you have an account)

We review and update this policy at least once every 12 months.

21. Contact

For privacy questions, data access requests, or to exercise any of your rights:

Reason	Contact
General support	support@radianpixelapps.com
Privacy and data requests	privacy@radianpixelapps.com
CCPA opt-out requests	support@radianpixelapps.com (subject: CCPA Opt-Out)
LGPD / DPO inquiries	privacy@radianpixelapps.com
Mexico ARCO rights	privacy@radianpixelapps.com

We will acknowledge receipt of your request within 3 business days and respond substantively within 30 days (or sooner if required by applicable law).

Appendix A — California Notice at Collection (CCPA/CPRA)

This Appendix applies to California residents and describes (a) categories of personal information we collect, (b) why we collect it, (c) whether we "sell" or "share" it, and (d) how long we retain it.

A.1 Categories of Personal Information

• Identifiers: email address (if you create an account), app instance identifiers, advertising ID (where enabled), Firebase/Analytics identifiers, RevenueCat app user ID
• Commercial information: purchase history and subscription status (via RevenueCat and Google Play / App Store)
• Internet or electronic network activity: screens viewed, feature usage, session information, analytics events, ad impressions/clicks
• Geolocation data (approximate): country/region inferred from IP address. We do not collect precise GPS location.
• Device and usage information: device model, OS version, app version, language/region settings, performance signals
• User content you choose to provide: reminder titles, categories, dates, notes, attachments. Stored locally by default; uploaded only if you enable sync/backup or sharing.
• Inferences (limited): aggregated insights such as feature popularity. We do not use analytics to infer sensitive traits about you.

A.2 Categories of Sources

• You: when you enter reminder items, notes, attachments, or create an account
• Your device/app environment: device and app signals, permission choices
• Service providers: Firebase, AdMob, and RevenueCat in connection with analytics, crash reporting, ads, subscriptions, and optional sync features

A.3 Disclosure of Personal Information

• Service providers/processors: Firebase services (analytics, crash reporting, authentication, cloud sync), AdMob (advertising), RevenueCat (subscriptions)
• Legal/compliance recipients: if required by law or to protect rights/safety

We do not disclose your reminder content (titles, notes, attachments) to ad providers. Reminder content remains local by default and is transmitted only if you enable cloud sync/backup or sharing.

A.4 'Sale' and 'Sharing' Under CPRA

We do not sell personal information for monetary consideration. However, using advertising technology (Google AdMob) may involve disclosure of advertising identifiers and activity information that could constitute "sharing" for cross-context behavioral advertising under CPRA.

Categories potentially "shared": Identifiers (advertising ID), Internet/electronic network activity (ad interactions).

Opt-out: Use the in-app "Do Not Sell or Share My Personal Information" control, send a request to support@radianpixelapps.com, or enable Global Privacy Control (GPC) on your device/browser. See also: oag.ca.gov/privacy.

A.5 Retention Summary

• Reminder content: stored locally until you delete it or uninstall the App
• Cloud sync data: retained while your account is active; deleted within 180 days of account deletion request
• Purchase/subscription data: retained while subscription active plus 90 days (RevenueCat)
• Analytics data: retained for 14 months (Firebase Analytics)
• Crash data: retained for 90 days (Firebase Crashlytics)
• Advertising data: retained per Google's policies; identifiers reset upon user request

Appendix B — Supervisory Authorities

If you believe your data protection rights have been violated, you may lodge a complaint with the relevant supervisory authority. Below are some key authorities for our target markets:

Region / Country	Authority
United Kingdom	Information Commissioner's Office (ICO) — ico.org.uk
France	Commission Nationale de l'Informatique et des Libertés (CNIL) — cnil.fr
Germany	Federal and State Data Protection Authorities (BfDI and LfDIs)
Italy	Garante per la protezione dei dati personali — garanteprivacy.it
Spain	Agencia Española de Protección de Datos (AEPD) — aepd.es
Poland	Urząd Ochrony Danych Osobowych (UODO) — uodo.gov.pl
Romania	Autoritatea Națională de Supraveghere (ANSPDCP) — dataprotection.ro
Hungary	Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) — naih.hu
Portugal	Comissão Nacional de Proteção de Dados (CNPD) — cnpd.pt
Brazil	Autoridade Nacional de Proteção de Dados (ANPD) — gov.br/anpd
Mexico	Secretaría de Anticorrupción y Buen Gobierno (SABG)
California, USA	California Attorney General — oag.ca.gov/privacy