This Privacy Policy describes how Listly ("we", "our", or "us") collects, uses, and shares information when you use the Listly mobile application (the "App"). By using Listly, you agree to the practices described below.
If you have any questions about this policy, contact us at: Orbitralabs@gmail.com
1. Who We Are
Listly is operated by Parmar Bharatkumar Govindbhai, based in India. We are the data controller for the personal information we collect through the App.
2. Information We Collect
2.1 Information You Provide
- Account information. When you sign up, we collect your email address, password (stored securely as a hash, never in plain text), and the display name you choose.
- Lists and items. When you create or join a list, we store the list name, items you add (name, quantity, unit, category, notes, urgency flag), and purchase history (prices, dates, who purchased).
- Expenses and splits. If you use the splitting feature, we store expense amounts, descriptions, dates, who paid, and how the amount is split between members.
- Settlements. Money movements you record between members.
- List memberships. Which lists you belong to, your role (admin or member), and when you joined.
2.2 Information Collected Automatically
- Anonymous usage analytics. We use PostHog to understand how the App is used in aggregate — which screens are visited, which features are used, how often the App is opened. Sensitive text inputs (item names, expense descriptions, notes) are NOT captured. PostHog also derives your approximate location (country and region) from your IP address; your precise location is never collected.
- Device and session info. Operating system, App version, language, time zone, and an anonymous session identifier.
2.3 Information We Do NOT Collect
We do not collect: your precise location (GPS), contacts, photos, camera or microphone access, calendar, SMS messages, call logs, or advertising identifiers. The App does not show ads.
3. How We Use Your Information
We use your information to:
- Provide the core App functionality (create lists, sync data across your devices and other list members, calculate splits and balances)
- Authenticate you when you sign in
- Show you and other list members your activity within shared lists
- Diagnose crashes and fix bugs
- Understand which features are useful and improve the App
- Communicate with you about important account or service changes (we do not send marketing emails)
We do not sell your personal information to anyone.
4. Who We Share Your Information With
4.1 Other List Members
When you join a shared list, the other members of that list can see:
- Your display name
- Items you add or mark as purchased
- Prices you record
- Expenses, splits, and settlements involving you
- Activity history within that list
This is core to the App's purpose. You can leave a list at any time to stop sharing further activity.
4.2 Service Providers
We use the following third-party services to operate the App. Each acts as a data processor on our behalf:
- Supabase (data hosting & database). Stores your account, lists, items, expenses, and related data. Servers are located in Singapore. Supabase Privacy Policy
- PostHog (product analytics). Receives anonymous usage events and derives approximate location from IP address. PostHog Privacy Policy
4.3 Legal Requirements
We may disclose information if required by law, court order, or to protect our rights, safety, or the safety of others.
5. Data Retention
- Account data (email, display name) is retained while your account is active.
- List and item data is retained while the list exists and you are a member.
- Analytics events are retained by PostHog for up to 12 months.
If you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required by law. Lists you created may remain accessible to other members; you can transfer ownership before leaving.
6. Your Rights
Depending on where you live, you may have the following rights:
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate information
- Deletion — ask us to delete your account and personal data
- Withdraw consent — stop using the App at any time
- Portability — request your data in a machine-readable format
- Object — object to certain processing of your data
- Lodge a complaint with your local data protection authority
To exercise these rights, email us at Orbitralabs@gmail.com. We respond within 30 days.
India (DPDP Act 2023)
If you are an Indian user, you have rights under the Digital Personal Data Protection Act, 2023, including the right to information, correction and erasure, grievance redressal, and nomination.
European Economic Area / United Kingdom (GDPR / UK GDPR)
If you are in the EEA or UK, the legal bases we rely on are: (a) contract — to provide the App you signed up for; (b) legitimate interests — to keep the App secure and improve it; and (c) consent — where you have given it (you can withdraw at any time).
7. Security
We protect your data with:
- HTTPS encryption for all data transmitted between your device and our servers
- Passwords hashed using industry-standard algorithms (never stored in plain text)
- Row-Level Security in our database, so each user can only access lists and data they have permission to see
- Limited access to production data, only for diagnosing critical issues
No system is perfectly secure. If we discover a data breach affecting your personal data, we will notify you and the relevant authorities as required by law.
8. Children's Privacy
Listly is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can delete it.
9. International Data Transfers
Your data is processed primarily on servers located in Singapore (Supabase) and may also be processed in the United States or European Union (PostHog). By using the App, you consent to your data being transferred to and processed in these regions.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. For significant changes, we will notify you within the App or by email. Continued use of the App after changes means you accept the updated policy.
11. Contact Us
If you have questions, concerns, or requests about this Privacy Policy or your data:
For grievances under the Indian DPDP Act, you may also contact the Data Protection Board of India.