Privacy Policy
What We Collect
WizeList collects only the data needed to provide its features:
- Account info: email address, display name, and profile photo
- Shopping data: lists, items, shops, aisle layouts, groups, and category preferences
- To-do data: to-do lists, tasks, priorities, due dates, and categories
- Session data: shopping trip history and statistics
- Photos: avatar images and loyalty card photos you upload
- Push notification tokens (if you enable notifications)
How We Use It
Your data is used exclusively to:
- Sync your shopping lists and to-do lists across devices
- Share lists, to-do lists, and groups with people you invite
- Categorize items using AI (item names only, no personal data)
- Send push notifications you opted into
We do not use your data for advertising, profiling, or analytics.
Data Storage
Your data is stored securely on Google Cloud infrastructure through Firebase services:
- Firebase Authentication (account credentials)
- Cloud Firestore (lists, items, to-do lists, tasks, groups, preferences)
- Firebase Storage (photos)
- Firebase Cloud Messaging (notification delivery)
Data is encrypted in transit and at rest.
Loyalty Card Images
If you upload photos of loyalty card barcodes or QR codes, they are stored in Firebase Storage under your user account. Access is restricted by Firebase security rules to your account only, and the files are encrypted in transit and at rest.
However, these images are NOT end-to-end encrypted. If Firebase Storage were compromised, or if your account credentials were stolen, the card images could be accessed.
If you'd rather keep this data off our servers entirely, add your cards to Apple Wallet or Google Wallet instead. WizeList does not need the images to function.
Local-Only Data
Some preferences are stored only on your device and are never sent to our servers:
- Language preference
- Theme and accent color
- Biometric lock setting
- Haptic feedback preference
- Offline cache of your lists
Data Sharing
We do not sell, rent, or share your personal data with third parties.
We do not use third-party analytics or advertising SDKs.
Your data is only shared with other WizeList users when you explicitly invite them to a list or group.
Crash Reporting
WizeList uses Sentry to capture crashes and errors so we can fix bugs. The crash reports include:
- Stack traces and error messages
- App version and operating system version
- Anonymous device class (e.g. "Pixel 7", "iPhone 14")
- A masked replay of the screen leading up to the crash (text and images are blurred at capture time)
The reports do not include your IP address, advertising ID, email, name, item names, or list contents. Sentry stores reports for 90 days; we use them only to triage crashes.
Data Deletion
You can request deletion of your account at any time. There is no self-service delete inside the app — deletion is handled by email request. When your account is deleted:
- Your profile and authentication data are permanently removed
- Shopping lists and to-do lists you own are deleted
- Your membership in shared lists, to-do lists, and groups is removed
- Uploaded photos are deleted from storage
To request account deletion, email [email protected] from your registered address. See our account deletion page for full details.
Children
WizeList is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. For substantive changes (new data types collected, changed retention, new sharing partners) we will notify you in-app before the change takes effect.
Contact
If you have questions about this privacy policy or your data, contact us at: