Privacy Policy
Effective date: June 1, 2026
Jackie's List (“the App”, “we”, “us”) is committed to protecting your privacy. This policy explains what data we collect, why, and how we handle it, in accordance with the General Data Protection Regulation (GDPR).
1. Data Controller
The data controller responsible for your personal data is Jackie's List. For any privacy-related enquiries, contact us at [email protected].
2. Data We Collect
Account data: If you sign in with Google, we receive your name, email, and profile photo from Google. This is used solely for authentication and displaying your profile.
Shopping list data: The lists, items, recipes, meal plans, and pantry items you create are stored locally on your device and, if you sign in, synced to Google Cloud Firestore for cross-device access and sharing.
Preferences: Your app settings (theme, language, currency, AI opt-in) are stored locally on your device only.
AI features (opt-in only): If you enable the AI assistant and provide your own API key, text prompts and photos you submit are sent directly to Google's Generative AI (Gemini) service. We do not store, log, or have access to your AI interactions.
Google Assistant (optional): If you use the optional Google Assistant voice shortcuts (for example, “Hey Google, add milk to my list”), your spoken request is processed by Google Assistant under Google's Privacy Policy. The App only receives the resulting action (such as the list name and item) to carry it out; we do not record or store your voice or the audio of your request.
3. Data We Do NOT Collect
• We do not use analytics or tracking services
• We do not collect device identifiers or advertising IDs
• We do not sell, share, or monetize your data in any way
• We do not display ads or use ad-related SDKs
• We do not track your location
4. Legal Basis for Processing
Under GDPR Article 6, we process your personal data on the following legal bases:
• Contract performance (Article 6(1)(b)): Processing your account data and shopping list data is necessary to provide the app's core functionality — authentication, sync, and list sharing.
• Legitimate interest (Article 6(1)(f)): Push notifications for changes to shared lists you participate in.
• Consent (Article 6(1)(a)): AI features are strictly opt-in. You may withdraw consent at any time by disabling the AI assistant in settings.
5. How We Use Your Data
• Authentication: To sign you in and identify your account
• Sync: To sync your lists across devices and enable sharing with people you choose
• Push notifications: To notify you of changes to shared lists (you control this per-list)
6. Data Retention
We retain your personal data for as long as your account is active. If you delete your account, all your data is permanently deleted from our servers within 30 days. Guest users' data is stored only on their device and is deleted when the app is uninstalled or its data is cleared.
7. International Data Transfers
Your data is stored in Google Cloud Firestore, which may process and store data on servers located outside the European Economic Area (EEA), including in the United States. Google LLC participates in and complies with the EU Standard Contractual Clauses (SCCs) as the legal mechanism for these transfers, ensuring your data receives an equivalent level of protection. For more information, see Google's Privacy Policy.
8. Data Storage & Security
Your data is stored in Google Cloud Firestore, which provides encryption at rest and in transit. Access is controlled by Firebase Security Rules that ensure you can only access your own data and lists shared with you.
Guest users' data is stored only on their device and is never uploaded to any server.
9. Data Sharing
We do not share your data with third parties. The only sharing that occurs is when you explicitly choose to share a shopping list with another user via a share code.
10. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
• Right of access (Article 15): Request a copy of the personal data we hold about you.
• Right to rectification (Article 16): Request correction of inaccurate or incomplete data.
• Right to erasure (Article 17): Request deletion of your personal data. You can do this directly from Profile → Delete My Account.
• Right to restriction (Article 18): Request that we limit how we process your data in certain circumstances.
• Right to data portability (Article 20): Request your data in a structured, machine-readable format.
• Right to object (Article 21): Object to processing based on legitimate interest, including for push notifications.
• Right to withdraw consent: Where processing is based on consent (AI features), you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
11. Right to Lodge a Complaint
If you believe we are handling your data unlawfully, you have the right to lodge a complaint with your local supervisory authority. In Greece, this is the Hellenic Data Protection Authority (HDPA):
12. Data Deletion
You can delete your account at any time from Profile → Delete My Account. This permanently removes:
• Your user profile and authentication data
• All shopping lists you own
• All associated items, recipes, meal plans, and pantry data
Guest users can clear all data by clearing the app's data or uninstalling the app.
13. Children's Privacy
Jackie's List is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us at [email protected] and we will delete it promptly.
14. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated effective date. For significant changes, we will notify signed-in users via the app.
15. Contact
Questions? Reach us at [email protected].