Privacy Policy

Effective Date: February 2, 2026  |  Last Updated: March 17, 2026

1. Introduction

Ivan Tsokol ("we," "us," or "our") operates the Ikytask mobile application ("the App"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the App.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using the App, you consent to the collection and use of your information as described in this Privacy Policy.

2. Data Controller

For the purposes of GDPR, the data controller is:

Name: Ivan Tsokol
Email: projectikeapp@gmail.com
App: Ikytask

3. Information We Collect

3.1 Information You Provide Directly

Account Information:

When you create an account, we collect different information depending on your chosen sign-in method:

Email and Password Sign-In:

• Email address

Sign in with Apple:

• Email address (which may be an Apple private relay email if you choose to hide your email)
• Name (if you choose to share it)
• Unique Apple user identifier (for authentication purposes)

Sign in with Google:

• Email address
• Name
• Unique Google user identifier (for authentication purposes)

Your account information is used for:

• Account authentication and login
• Account recovery
• Sending occasional marketing communications about app updates and features
• Subscription management

You can unsubscribe from marketing emails at any time using the unsubscribe link in each email.

Task Data: We collect and store:

• Tasks you create (titles, descriptions, due dates)
• Task completion status
• Task organization (lists, categories)

3.2 Automatically Collected Information

Device Information: We may collect:

• Device type and model
• Operating system version
• App version
• Unique device identifiers (for synchronization purposes only)

Push Notification Data: If you enable push notifications, we collect:

• Device push notification token
• Notification preferences and settings

Usage Data (Future): We plan to implement analytics to improve the App. When implemented, we may collect:

• Features used within the App
• Frequency of use
• In-app navigation patterns

We will update this Privacy Policy before implementing any analytics tools and notify you of these changes.

3.3 Information We Do NOT Collect

We do not collect:

• Your phone number or postal address (unless you voluntarily provide it)
• Profile photos or avatars from social accounts
• Payment information (processed securely by Apple App Store)
• Location data
• Contacts or other apps on your device
• Photos, camera, or media access
• Microphone or audio data
• Browsing history or activity outside the App
• Social media posts, friends lists, or other social graph data

4. How We Use Your Information

We use your information for the following purposes:

4.1 Provide and Maintain the App

• Create and manage your account
• Synchronize your tasks across your devices
• Provide the virtual buddy feature
• Process your Premium subscription
• Provide customer support

4.2 Communicate With You

• Send important notices about the App
• Send occasional marketing emails about new features, updates, and improvements
• Respond to your inquiries and support requests
• Notify you of changes to our policies

You can opt out of marketing communications at any time.

4.3 Improve the App (Future)

When analytics are implemented, we will:

• Analyze usage patterns to improve features
• Identify and fix bugs
• Develop new features based on user behavior

4.4 Legal Compliance

• Comply with legal obligations
• Protect our rights and prevent misuse
• Enforce our Terms and Conditions

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

• Contractual Necessity: Processing is necessary to provide the App's services (Article 6(1)(b) GDPR)
• Consent: We obtain your consent for marketing communications (Article 6(1)(a) GDPR)
• Legitimate Interests: We have legitimate interests in improving the App and preventing misuse (Article 6(1)(f) GDPR)
• Legal Obligation: Processing necessary for compliance with legal requirements (Article 6(1)(c) GDPR)

6. Data Storage and Security

6.1 Where We Store Your Data

Your data is securely stored using Supabase, a trusted cloud database platform that complies with international security standards including SOC 2 Type II and ISO 27001 certifications.

Data is stored on secure servers with:

• Industry-standard encryption
• Regular security audits
• Restricted access controls
• Automated backups

6.2 How We Protect Your Data

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication mechanisms
• Database access controls and role-based permissions
• Regular security updates
• Monitoring for unauthorized access

6.3 Data Retention

We retain your data:

• While your account is active: For as long as you use the App
• Upon account deletion:
  • Active database: Data is deleted immediately
  • Infrastructure backups: Data is removed within 30 days as backup systems rotate and expire

This 30-day period accounts for automated backup retention policies managed by our cloud infrastructure provider (Supabase).

7. Data Sharing and Disclosure

7.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for any purpose.

7.2 Service Providers

We share your data only with trusted service providers necessary to operate the App:

Supabase (Database Hosting): Stores your account information and task data securely. Supabase is GDPR-compliant and processes data according to their privacy policy.

Apple Sign-In: When you sign in with Apple, Apple provides us with your email (or private relay email) and name. Apple's privacy policy governs how they handle your authentication data. We do not receive your Apple ID password.

Google Sign-In: When you sign in with Google, Google provides us with your email and name. Google's privacy policy governs how they handle your authentication data. We do not receive your Google password.

Expo: We use Expo for app updates and push notification delivery. Expo may process device tokens and notification data according to their privacy policy.

Apple App Store: Processes Premium subscription payments. We do not have access to your payment information. Apple's privacy policy applies to payment data.

Future Analytics (When Implemented): We may use Firebase Analytics or similar services to understand app usage. This will be implemented only after updating this policy and notifying users.

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

7.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid court orders or legal processes
• Lawful requests from government authorities
• Protection of our rights, property, or safety
• Protection of users' safety
• Prevention of fraud or security threats

7.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or a prominent notice in the App before your data is transferred and becomes subject to a different privacy policy.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

8.1 Right of Access

You can request a copy of the personal data we hold about you.

8.2 Right to Rectification

You can update your email address and task information directly in the App, or contact us to correct inaccurate data.

8.3 Right to Erasure ("Right to be Forgotten")

You can delete your account at any time. Upon deletion, all your personal data is permanently removed immediately.

8.4 Right to Restrict Processing

You can request that we limit how we use your data.

8.5 Right to Data Portability

You can request your data in a structured, commonly used format (JSON or CSV).

8.6 Right to Object

You can object to:

• Marketing communications (use the unsubscribe link in emails)
• Processing based on legitimate interests

8.7 Right to Withdraw Consent

Where processing is based on consent (such as marketing emails), you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

8.8 How to Exercise Your Rights

To exercise any of these rights, contact us at projectikeapp@gmail.com. We will respond within 30 days.

9. Children's Privacy

The App is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13.

If you are under 13, you may not use the App under any circumstances.

If we become aware that we have collected data from a child under 13, we will delete that information immediately.

If you believe we have collected information from a child under 13, please contact us at projectikeapp@gmail.com.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States (where Supabase servers may be located).

We ensure that such transfers comply with GDPR requirements through:

• Use of service providers that comply with EU-US Data Privacy Framework
• Implementation of appropriate safeguards such as Standard Contractual Clauses
• Ensuring adequate protection mechanisms are in place

11. Marketing Communications

11.1 What We Send

We may send you occasional emails about:

• New features and app updates
• Tips for using the App effectively
• Special promotions or announcements
• Product improvements

11.2 How to Unsubscribe

You can opt out of marketing communications at any time by:

• Clicking the "Unsubscribe" link at the bottom of any marketing email
• Contacting us at projectikeapp@gmail.com
• Adjusting notification preferences in the App (if available)

Important account-related emails (password resets, subscription confirmations) cannot be opted out of as they are necessary for the App's operation.

12. Cookies and Tracking Technologies

The App does not currently use cookies or similar tracking technologies.

When we implement analytics tools in the future (such as Firebase Analytics), we will:

• Update this Privacy Policy
• Notify you through the App
• Provide options to manage your preferences where applicable

13. Data Breach Notification

In the unlikely event of a data breach that may affect your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Notify affected users without undue delay via email
• Provide information about the nature of the breach and steps taken
• Take immediate action to mitigate the breach and prevent future incidents

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons.

When we make changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email for significant changes
• Post a notice in the App
• For material changes, request your consent where required by law

Your continued use of the App after changes take effect constitutes acceptance of the updated Privacy Policy, unless additional consent is required.

15. Your California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information, so no opt-out is necessary
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at projectikeapp@gmail.com.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: projectikeapp@gmail.com
App Name: Ikytask
Developer: Ivan Tsokol

For GDPR Inquiries

Contact us at the email above with "GDPR Request" in the subject line.

Supervisory Authority

If you are located in the European Union and believe we have not complied with GDPR, you have the right to lodge a complaint with your local data protection authority.

17. Account and Data Deletion

17.1 How to Delete Your Account

You can delete your account at any time through the App:

1. Open Ikytask
2. Navigate to Other menu
3. Tap Delete Account
4. Follow the confirmation steps

Critical Subscription Notice:

Your Premium subscription (if any) is managed by Apple and tied to your Apple ID, NOT your Ikytask account. Deleting your Ikytask account does NOT cancel your subscription. Apple will continue billing you even after your account is deleted. You must cancel your subscription separately through the App Store settings to stop future charges. We strongly recommend checking and cancelling your subscription before deleting your account.

17.2 What Happens When You Delete Your Account

When you delete your account:

• Immediately: Your account is deactivated and you are signed out on all devices
• Immediately: Your personal data (email, name, tasks, preferences) is marked for permanent deletion in our active database
• Within 30 days: All your data is completely removed from our systems, including database backups maintained by our infrastructure provider (Supabase)
• Permanent: This action is irreversible - deleted data cannot be recovered
• Subscription Status: Your Apple subscription (if active) remains unchanged and continues to bill

Note for Social Login Users: Deleting your Ikytask account does not delete your Apple ID or Google account. If you signed in with Apple or Google, your authentication with those services remains separate and unaffected.

Note for Premium Subscribers:

• Deleting your account does NOT cancel your subscription
• You will NOT receive a refund for unused subscription time
• Apple continues billing until you manually cancel through App Store settings
• To cancel: App Store → Your Profile → Subscriptions → Ikytask Premium → Cancel

17.3 Data We May Retain

We do not retain any personal data after account deletion. However, we may retain:

• Anonymized, aggregated usage statistics that cannot identify you
• Records required by law (such as transaction records for tax purposes)

18. Data Minimization

We follow the principle of data minimization and collect only the data necessary to provide the App's functionality:

• We only ask for your email address (and name if you use social login)
• We only store the tasks and data you create
• We do not collect profile photos, social connections, or other unnecessary data from social accounts
• We do not collect excessive or unnecessary information

19. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

The virtual buddy feature uses pre-programmed responses and does not involve AI or machine learning that makes decisions about you.

20. Future Features

20.1 Analytics (Planned)

We plan to implement Firebase Analytics or similar tools to better understand how users interact with the App. Before implementing analytics:

• We will update this Privacy Policy
• We will notify all users via email and in-app notification
• We will provide options to opt-out where applicable
• Analytics will be used solely to improve the App experience

20.2 Transparency Commitment

We commit to informing you before implementing any new features that involve data collection or processing beyond what is described in this current policy.

21. Language

This Privacy Policy is provided in English. In case of any conflict between the English version and any translation, the English version shall prevail.

---

By using Ikytask, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein.

Effective Date: February 2, 2026
Last Updated: March 17, 2026

© 2026 Ivan Tsokol. All rights reserved.