Back to App

Privacy Policy

Last Updated: 7/1/2026

Effective Date: 7/1/2026

Introduction

ShareList ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our ShareList mobile application and web service (collectively, the "Service").

Information We Collect

Personal Information You Provide

  • Account Information : Username, email address (optional), first name, last name
  • Profile Information : Profile pictures, display preferences
  • Content Data : Shopping lists, list items, notes, and shared content you create
  • Communication Data : Messages and interactions within shared lists and groups

    • Authentication and Account Creation

    You can create a ShareList account using one of the following methods:

  • Email/Password Registration : Traditional sign-up with your email address and a password you create
  • Sign in with Google : OAuth authentication using your Google account. We receive your name, email address, and profile picture from Google
  • Sign in with Apple : OAuth authentication using your Apple ID. We receive your name and email address (you may choose to hide your email)

    • When using OAuth providers (Google or Apple), we do not receive or store your password. Authentication is handled securely by the respective provider through Firebase Authentication.

    Media and Attachments

  • Profile Images : Photos you upload as your profile picture, group images, and template cover images
  • List Item Attachments : Images and photos uploaded to lists and items
  • Template Item Attachments : Images and photos uploaded to templates and template items
  • Image Metadata : EXIF data including device information, timestamps (GPS location data is automatically stripped from public uploads)
  • File Information : File size, format, upload date

    • Automatically Collected Information

  • Usage Data : How you interact with the Service, features used, time spent
  • Device Information : Device type, operating system, app version, device identifiers
  • Technical Data : IP address, browser type, session information, crash reports
  • Push Notification Tokens : Expo Push Tokens to deliver notifications to your device
  • Location Data : Only if explicitly permitted for location-based features

    • Payment and Subscription Information

  • Subscription Data : Subscription tier (Free or Pro), subscription status, trial eligibility, billing cycle dates
  • Payment Method : We do not store your full credit card numbers. Payment details are processed and stored securely by our payment processors (Stripe, Apple, Google)
  • Transaction History : Records of subscription payments, template purchases, and creator payouts
  • Creator Payout Information : If you sell templates, we collect banking details through Stripe Connect for earnings payouts
  • Purchase Identifiers : Transaction IDs, subscription IDs, and customer IDs from payment processors

    • How We Use Your Information

    We use your personal data to:

  • Provide the Service : Create and manage your account, sync your lists across devices
  • Enable Collaboration : Share lists and collaborate with other users you invite
  • Process Payments : Process subscription payments, template purchases, and creator payouts through our payment processors
  • Manage Subscriptions : Track subscription status, trial periods, billing cycles, and provide access to premium features
  • Template Marketplace : Facilitate template purchases, calculate creator earnings, and process payouts
  • Process Media : Store, display, and deliver uploaded images and attachments
  • Send Notifications : Deliver push notifications about group activities, invitations, updates, and payment-related alerts
  • Translation Services : Translate content to support multiple languages (English, Vietnamese, Chinese)
  • Improve the Service : Analyze usage patterns, fix bugs, develop new features
  • Communications : Send service-related notifications, updates, and support responses
  • Security : Detect and prevent fraud, abuse, and security threats
  • Legal Compliance : Comply with applicable laws and regulations

    • Media Files and Storage

    Image Upload and Storage

  • Storage Provider : All images are stored securely using Firebase Cloud Storage (Google Cloud Platform)
  • Accepted Formats : JPG, PNG, WEBP
  • File Size Limits : Maximum 10MB per image
  • Metadata Handling : We automatically strip GPS location data from images before public sharing to protect your privacy
  • Processing : Images may be processed for display optimization (thumbnails, compression)

    • Media Retention

  • Active Account : Images retained while your account is active and for 30 days after deletion request
  • Deleted Images : Permanently removed from all servers within 30 days of deletion (90 days for backup systems)
  • Shared Content : When you delete media from shared lists, it may remain visible to other group members who previously accessed it

    • Data Storage and Security

    Storage Locations

  • Profile Images & Attachments : Stored securely using Firebase Cloud Storage (Google servers)
  • Application Data : Stored in secure cloud databases with encryption (PostgreSQL)
  • Session Data : Temporarily stored for authentication purposes
  • Server Locations : Data may be stored in servers located in the United States and other regions

    • Security Measures

  • All data transmissions are encrypted using industry-standard SSL/TLS protocols
  • Passwords are securely hashed using industry-standard encryption
  • Access controls and regular security audits protect your data
  • Data backups are encrypted and stored securely
  • Push notification tokens are encrypted and stored separately from personal data

    • Third-Party Services

    We use the following third-party services to operate ShareList. Each service has its own privacy policy and may process your data according to their terms:

    Service Providers

  • Firebase Storage (Google Cloud) : Media file storage and delivery for images and attachments
  • PostgreSQL : Secure database hosting for application data
  • OpenAI : Language translation services
  • SendGrid : Transactional email delivery for notifications and communications
  • Expo Push Notification Service : Mobile push notification delivery when app is closed

    • Authentication Providers

  • Firebase Authentication (Google) : Manages user authentication, account creation, and session management
  • Google Sign-In : OAuth provider for "Sign in with Google" functionality. We receive your name, email, and profile picture
  • Apple Sign-In : OAuth provider for "Sign in with Apple" functionality. We receive your name and email (you may choose to hide your email)

    • Payment Processors

  • Stripe : Payment processing for web subscriptions, template purchases, and creator payouts. See Stripe's Privacy Policy
  • Stripe Connect : Used for template creator payouts. Creators connect their bank accounts through Stripe Express
  • RevenueCat : Subscription and in-app purchase management for mobile apps
  • Apple App Store : Processes iOS subscription and template purchases. Apple handles all payment details for iOS users
  • Google Play Store : Processes Android subscription and template purchases. Google handles all payment details for Android users

    • Data Processing by Third Parties

  • Service providers process data only as necessary to provide their specific services
  • We do not sell, rent, or trade your personal information to third parties
  • Third-party access is limited to what's required for service functionality
  • We ensure service providers have adequate security measures in place
  • Payment processors (Stripe, Apple, Google) are PCI-DSS compliant and handle financial data according to industry standards

    • Payment Data and Financial Information

    What We Store

  • Subscription Status : Current tier, status (active, trialing, canceled), billing period dates
  • Payment Processor IDs : Customer IDs and subscription IDs from Stripe/RevenueCat
  • Transaction Records : Purchase history, amounts, dates (for accounting and support)
  • Trial Information : Whether you have used your free trial

    • What We Do NOT Store

  • Credit Card Numbers : Full card numbers are never stored on our servers
  • CVV/Security Codes : These are processed by payment providers only
  • Bank Account Details : Stored only by Stripe Connect for creator payouts

    • Creator Payout Data

    If you sell templates on ShareList:

  • Stripe Connect : Your banking information is collected and stored by Stripe, not ShareList
  • Earnings Records : We track pending and paid earnings amounts
  • Payout History : Transfer IDs and dates for completed payouts
  • Tax Information : Stripe may collect tax identification for compliance in your jurisdiction

    • Data Sharing and Disclosure

    We do not sell, rent, or trade your personal information. We may share your data only in these limited circumstances:

    With Your Consent

  • List Sharing : When you share lists with other users, they can see shared content and your profile information
  • Group Collaboration : Group members can see your profile picture, name, and activities within shared groups
  • Media Sharing : Uploaded images become visible to users you've shared lists with

    • Legal Requirements

    We may disclose your information when required by:

  • Valid legal process (court orders, subpoenas)
  • Law enforcement or government requests
  • Protection of our rights, safety, or property
  • Prevention of fraud or abuse
  • Compliance with applicable laws and regulations

    • Push Notifications

    ShareList uses push notifications to keep you informed about important activities:

    What We Collect

  • Push Notification Tokens : Expo Push Tokens from your mobile device
  • Device Identifiers : To deliver notifications when the app is closed
  • Notification Preferences : User-level and per-list notification settings

    • Notification Types

    We send push notifications for:

  • Group invitations and membership changes
  • List updates and new items added
  • Item completion and list status changes
  • Item and list reminders and deadlines
  • Group member activities and collaborations

    • Control Your Notifications :

  • User-Level Settings : Enable/disable all notifications in app Settings
  • Per-List Control : Toggle notifications for individual lists
  • Device Settings : Manage notifications through your device's notification settings
  • Opt-Out : You can disable push notifications at any time without affecting other app features

    • Cookies and Similar Technologies

    We use cookies and similar technologies to operate the Service and improve your experience:

    Technologies We Use

  • Session Cookies : To keep you logged in and maintain your authenticated session
  • Authentication Tokens : Securely stored for account security and access control
  • Local Storage : App preferences, settings, and cached data stored on your device
  • Browser Storage : Temporary data to improve performance and user experience

    • Managing Cookies

  • You can clear cookies through your browser or device settings
  • Disabling cookies will log you out and may affect app functionality
  • Some features require cookies to function properly
  • Cookie data is not shared with third parties for advertising

    • Your Privacy Rights

    All Users

  • Access : Request copies of your personal data, including uploaded images
  • Correction : Update or correct inaccurate information through app Settings
  • Deletion : Request deletion of your account and associated data (includes all uploaded media)
  • Portability : Download your data in a portable format
  • Objection : Object to certain data processing activities
  • Media Control : Delete individual images or all uploaded content at any time

    • EU Residents (GDPR)

  • Legal Basis : We process data based on consent, contract performance, or legitimate interests
  • Withdrawal : Withdraw consent at any time where processing is based on consent
  • Supervisory Authority : Right to lodge complaints with data protection authorities
  • Data Minimization : We collect only data necessary for service functionality
  • International Transfers : Standard contractual clauses protect data transferred outside EU

    • California Residents (CCPA/CPRA)

  • Right to Know : Categories and specific pieces of personal information collected, including images and metadata
  • Right to Delete : Request deletion of personal information within specified timeframes
  • Right to Opt-Out : Opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to Correct : Request correction of inaccurate personal information
  • Non-Discrimination : We will not discriminate against you for exercising your rights
  • Sensitive Information : Images may contain sensitive data (location metadata) - we strip GPS data automatically

    • Data Breach Notification

    In the event of a data breach affecting your personal information, we will:

  • Notify affected users within 72 hours via email and in-app notification
  • Provide details about the nature of the breach and what data was affected
  • Explain steps taken to address the breach and prevent future occurrences
  • Recommend actions you can take to protect your account and data
  • Report to authorities as required by applicable laws (GDPR, CCPA, etc.)
  • Maintain transparency by providing regular updates as the situation evolves

    • What You Should Do : If you receive a breach notification, immediately change your password and review your account activity for any unauthorized access.

    Children's Privacy

    ShareList is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us immediately and we will take steps to delete such information and terminate the child's account.

    International Data Transfers

    Your information may be transferred to and processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards are in place to protect your data during such transfers, in compliance with applicable data protection laws:

  • GDPR Compliance : Standard contractual clauses approved by the European Commission
  • Adequate Safeguards : Encryption, access controls, and security measures during transfer
  • Third-Party Services : Firebase (Google), OpenAI, SendGrid may process data in various locations globally
  • Your Rights : International transfers do not diminish your privacy rights

    • Data Retention

    We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

    Retention Periods

  • Active Account Data : Retained while your account is active
  • Uploaded Images : Deleted within 30 days of account deletion request (90 days for backup systems)
  • List Data : Permanently removed within 30 days of deletion
  • Template Data : Templates you created are removed; purchased templates remain accessible to buyers
  • Session Data : Cleared when you log out or after 30 days of inactivity
  • Notification Tokens : Removed immediately upon app uninstall or notification opt-out
  • Payment Transaction Records : Retained for 7 years as required for tax and accounting compliance
  • Subscription History : Retained for 7 years for dispute resolution and compliance
  • Creator Earnings Records : Retained for 7 years for tax reporting and audit purposes
  • Legal Compliance Data : Retained for minimum periods required by law (e.g., transaction records, abuse reports)

    • Deletion Process

    When you delete your account:

  • Immediate : Account access is disabled, active subscriptions are canceled
  • Within 7 days : Active data removed from production servers
  • Within 30 days : All personal data and images permanently deleted
  • Within 90 days : Backup copies completely erased
  • Shared Content : Your contributions to shared lists become anonymized but may remain visible to group members
  • Payment Records : Transaction history retained for 7 years per legal requirements (anonymized where possible)
  • Creator Earnings : Pending earnings will be paid out before account deletion; earning records retained for tax compliance

    • Changes to This Privacy Policy

    We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on this page
  • Updating the "Last Updated" date at the top of this policy
  • Sending email notifications to registered users (if you provided an email)
  • Displaying in-app notifications for significant changes

    • Your Continued Use : Continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically for any changes.

    Contact Information

    If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

    General Privacy Inquiries :

    Email: admin@sharelist.live

    Address: Melbourne, VIC, Australia

    We aim to respond to all privacy inquiries as soon as possible. For urgent matters, please mark your email as "URGENT".