Two Do: Shared To-Do List

1. Information We Collect

We collect the minimum information needed to provide the Two Do shared list experience.

1.1 Account Information

• Email address — used to create your account and send partner invitations
• Display name — shown to partners within shared lists
• Profile photo (optional) — displayed to your partners

1.2 App Content

• Tasks and to-do lists — titles, descriptions, due dates, completion status, and assignments you create
• In-app messages — messages sent within shared lists
• Partner relationships — email addresses of partners you invite or accept

1.3 Device & Usage Data

• Device identifiers — push notification tokens for delivering reminders
• App usage logs — feature usage for crash reporting and app improvement (anonymised)
• IP address — collected automatically when you connect to our servers

1.4 Payment Information

Purchases for the Pro Plan are processed entirely by Google Play or Apple App Store. We do not receive or store your credit card or payment details.

2. How We Use Your Information

We use collected information solely to operate and improve Two Do:

• Create and manage your account
• Sync tasks and lists in real-time across your devices and with your partners
• Send partner invitations via email
• Deliver push notifications for reminders and partner activity
• Provide in-app messaging within shared lists
• Diagnose crashes and fix bugs
• Prevent fraud and abuse
• Respond to your support requests

We do not use your data for advertising, profiling, or any purpose not listed above.

3. Information Sharing

We do not sell, rent, or trade your personal information. Limited sharing occurs only in these circumstances:

3.1 With Your Partners

When you share a list with a partner, they can see the tasks, messages, and your display name and profile photo within that shared list. Your email address is used to identify your account but is not displayed to partners in the app interface.

3.2 Service Providers

We use trusted third-party services to operate the app. These providers process data only on our behalf and under strict confidentiality agreements:

• Firebase (Google) — database, authentication, and push notifications
• Google Play / Apple App Store — app distribution and in-app purchases

3.3 Legal Requirements

We may disclose information if required by law, court order, or to protect the rights and safety of our users or the public.

4. Data Storage & Security

Your data is stored on Firebase (Google Cloud infrastructure). Firebase provides industry-standard security including encryption in transit (TLS) and encryption at rest.

We implement the following measures:

• All data transmitted between the app and our servers uses HTTPS/TLS encryption
• Firebase Security Rules restrict access so users can only read/write their own data and data in lists they are authorised to access
• Passwords are managed by Firebase Authentication and never stored in plain text

No method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

5. Data Retention

We retain your data as long as your account is active. When you delete your account:

• Your profile, tasks, and messages are deleted from our systems within 30 days
• Shared list data you created may remain visible to partners until they also delete that list
• Anonymised usage logs may be retained for up to 12 months for analytics purposes

6. Your Rights & Choices

6.1 Access & Correction

You can view and edit your account information (display name, email, profile photo) directly within the app settings at any time.

6.2 Data Deletion

You can delete your account through the app settings. This permanently removes your account and associated data. Alternatively, contact us at twodolist.app@gmail.com to request deletion.

6.3 Notifications

You can enable or disable push notifications at any time through your device's system settings or within the app.

6.4 Regional Rights

Depending on your location, you may have additional rights under applicable law (e.g., GDPR for EU residents, CCPA for California residents) including the right to access, port, restrict, or object to processing of your data. Contact us to exercise these rights.

7. Children's Privacy

Two Do is rated for users aged 3 and above on Google Play. However, the app requires account creation with an email address. We do not knowingly collect personal information from children under the age of 13 (or the applicable age of digital consent in your jurisdiction).

If you believe a child under 13 has provided us with personal information, please contact us immediately at twodolist.app@gmail.com and we will take steps to delete such information.

8. Third-Party Services

Two Do integrates with the following third-party services. Each has its own privacy policy:

• Firebase / Google — firebase.google.com/support/privacy
• Google Play — policies.google.com/privacy
• Apple App Store — apple.com/legal/privacy

We are not responsible for the privacy practices of these third parties.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

• Update the "Last updated" date at the top of this page
• Notify users via a notice within the app or by email for material changes

Continued use of Two Do after changes are posted constitutes acceptance of the revised policy.

10. Contact Us

Questions, requests, or concerns about this Privacy Policy or your data: