This Privacy Policy explains how Zenist Todo (the "App") handles user data. The provider of the App ("we", "us", or "our") processes data only to the extent necessary to provide the service, synchronize data, operate AI features, display ads, manage purchase status, and maintain security.

1. Information We Do Not Collect

Under the current specifications, the App does not collect the following information through our own features.

  • Precise device location using GPS, Wi-Fi, Bluetooth, or similar technologies
  • Current location or movement history through location permissions
  • Our own analytics logs intended to track page-by-page browsing history, viewing time, or dwell time in the App
  • Camera, microphone, or contact contents
  • Payment method details such as credit card numbers
  • Plaintext login passwords
  • Other similar information

Third-party services used for ads, authentication, billing, cloud sync, AI, model delivery, and similar functions may process IP addresses, device information, identifiers, usage information, and similar data for service delivery, security, fraud prevention, advertising, diagnostics, and related purposes.

2. Information We Handle

Depending on how the App is used, we handle the following information.

Account Information

  • Supabase Auth user ID
  • Email address
  • Basic profile information provided by Google when Google Sign-In is used, such as display name and profile image URL
  • Nickname
  • Profile image optionally set by the user, stored as compressed image data in the App
  • Management information such as account creation time, update time, and deletion status

We do not store plaintext passwords. Email and password authentication is processed by Supabase Auth.

Tasks, Projects, Calendar, and Notifications

  • Task titles, descriptions, status, priority, due dates, times, repeat settings, notification settings, and time zones
  • Project names, descriptions, status, due dates, colors, parent-child relationships, sort order, and progress rate
  • Individual recurring task instances, changes, and completion status
  • Task completion counts, daily completion counts, and total completion counts
  • Metadata needed for sync, conflict resolution, deletion, and ordering, such as IDs, owner IDs, and update times

Notifications are scheduled on the device using the local notification functions of the operating system. The App uses the device time zone for notifications, but it does not use location permissions.

AI, Chat, and Memory

  • Chat content entered by the user
  • AI responses, conversation history, and chat drafts
  • AI character settings, dialogue text, icons, and initial messages
  • User-created functions and tool settings
  • Memories saved or referenced by AI, including text, creation time, time zone, importance, generation, and last access time
  • Embedding vectors for memory search and coordinate information for map display
  • Gemini usage, including purpose, input character count, output character count, and daily usage

When online AI mode using Gemini is used, prompts, conversation history, system instructions, necessary context, tool results, recalled memories, and similar data are sent to the Google Gemini API through our Supabase Edge Function.

When OpenRouter is used, the API key entered by the user is stored in secure storage on the device. Chat content, conversation history, tool definitions, tool results, and similar data are sent to OpenRouter and the selected model provider. OpenRouter is used on a BYOK basis, meaning the user provides their own API key.

When a local model is used, model inference runs on the supported device. However, network communication occurs when retrieving the model list or downloading model files.

Purchases and Subscriptions

  • RevenueCat app user ID
  • Subscription events such as purchases, restores, renewals, and expirations
  • Product IDs, entitlement IDs, premium status, expiration dates, and environment information
  • Subscriber information obtained from RevenueCat

Payments are processed by the App Store, Google Play, RevenueCat, and similar providers. We do not receive payment method details such as credit card numbers.

Advertising

The App uses Google AdMob / Google Mobile Ads SDK. Ads are mainly shown to free users and are not shown to premium users or in some local-use situations. However, because the mobile version uses the ads SDK, Google may process IP addresses, advertising IDs, App interaction information, diagnostic information, device identifiers, account identifiers, and similar data for ad delivery, measurement, fraud prevention, diagnostics, and related purposes.

We do not request location permissions for ad delivery. Google and other third-party services may estimate an approximate region from IP addresses and similar data.

Device, Settings, and Local Storage

  • App mode (online / local)
  • Theme, display settings, notification settings, sort order, filters, and AI settings
  • OpenRouter API keys and MCP server bearer tokens, stored in secure storage on the device
  • Non-sensitive MCP server settings such as URL, name, and enabled status, stored on the device
  • Imported local model files and downloaded model information
  • Local state stored in the in-app database, SharedPreferences, and secure storage

For memory map and constellation display, the App may use motion information such as the device accelerometer and magnetic sensor for screen interaction. These sensor data are not stored or synchronized to our servers.

In local mode, main data such as tasks, projects, and memories are stored on the device and are not sent to our Supabase for account sync. If the user switches to online mode, local data is uploaded to Supabase and associated with the logged-in account. Depending on the features used, communications with third parties may still occur, including ads SDK, model downloads, external links, OpenRouter, and MCP.

Link Previews, External Sites, and MCP

When URLs are included in task, project, or other text, the App may retrieve metadata for those URLs to display link previews. In that case, communication information such as IP address may be sent to the target site server.

If the user configures an MCP server, the App connects to the configured MCP server and sends and receives user-approved arguments, context, results, and similar data to retrieve tool lists and execute tools. Data processing by the connected MCP server is governed by that server provider terms and privacy policy.

3. Purposes of Use

We use the information we obtain for the following purposes.

  • Account registration, login, authentication, and identity verification
  • Saving, displaying, editing, and synchronizing tasks, projects, memories, AI characters, and similar data
  • Cloud sync across multiple devices, conflict resolution, and deletion processing
  • Generating AI responses, saving and recalling memories, and managing AI usage limits
  • Determining premium status and managing purchases, restores, and subscriptions
  • Displaying ads, preventing ad fraud, and diagnosing the ads SDK
  • Scheduling local notifications, displaying widgets, and retaining App settings
  • Retrieving model file lists, downloading models, and running local inference
  • Maintaining security, preventing misuse, investigating failures, and complying with laws
  • Responding to user inquiries

4. Third-Party Services

The App uses the following third-party services. These services may process information under their own privacy policies, terms of use, and data processing terms.

5. Sharing and Disclosure of Data

We do not sell personal data or user-created data. We also do not disclose such data outside the server operators and service providers we use, except in the following cases.

  • When the user explicitly instructs or consents to disclosure
  • When processing is entrusted to service providers necessary to provide the App, such as Supabase, Google, RevenueCat, Cloudflare, and OpenRouter
  • When data is sent based on user operations to MCP servers, external URLs, external AI providers, or similar destinations configured by the user
  • When necessary to respond to valid orders or requests from laws, courts, government agencies, investigative agencies, or similar authorities
  • When necessary to respond to misuse, security issues, rights infringement, violations of terms, or similar matters
  • When a business transfer, merger, asset transfer, or similar event occurs and data is transferred to a successor within the necessary scope

6. Encryption and Security

The App works to protect information through communication protection, access control, device secure storage, Supabase Row Level Security, and similar measures.

For online accounts, end-to-end encryption can be enabled optionally. Under the current specifications, titles and descriptions of cloud-synced tasks, projects, and individual recurring task instances are encrypted. Metadata required for synchronization, such as due dates, status, parent-child relationships, sort order, owner, and update time, is stored in plaintext. Memories, AI characters, functions, profiles, and similar data are not currently included in the encryption scope.

Even when encryption is enabled, if the user uses cloud AI (Gemini or OpenRouter), prompts and related context may be sent to external AI services. The App provides a setting to block cloud AI while encryption is enabled.

No method of internet communication or device storage can be guaranteed completely secure. Users should protect their accounts and devices by using strong passwords, device locks, OS and App updates, and similar measures.

7. Data Retention and Deletion

We retain user data while the account is active or for the period necessary to provide the App.

When the user deletes their account, account information, tasks, projects, recurring instances, memories, AI characters, functions, AI usage events, RevenueCat-related events, purchase status, and the Supabase Auth user stored in our Supabase are deleted. Local data can be retained or deleted through choices in the App.

Some information may be retained for a certain period after deletion for backups, logs, security, fraud prevention, legal compliance, accounting, and similar reasons. Retention and deletion of information stored by third-party services are governed by each service policy.

Users can stop collection and use of much local data on the device by uninstalling the App. However, separate deletion procedures may be required for the OS, app stores, third-party services, and cloud account data.

8. User Choices

Users can adjust the scope of data use in the following ways.

  • Use local mode and do not use cloud sync
  • Do not switch to online mode
  • Disable notifications in the App settings or deny OS notification permission
  • Subscribe to premium to remove ads
  • Reset or delete the device advertising ID
  • Do not use optional features such as OpenRouter, MCP, external URLs, or cloud AI
  • Enable encryption and block cloud AI when needed
  • Use the account deletion function in the App
  • Uninstall the App

9. Children Privacy

The App is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that personal information of a child under 13 has been provided, we will delete the information within a reasonable scope.

10. International Data Processing

Services used by the App, such as Supabase, Google, RevenueCat, Cloudflare, and OpenRouter, may process and store data in multiple countries or regions, including outside Japan. By using the App, users are deemed to agree that information may be processed in those countries or regions.

11. Changes to This Policy

We may update this Privacy Policy due to feature additions, changes to services used, responses to laws or terms, and similar reasons. Important changes will be announced through in-app notices, distribution pages, or updates to this page. If the user uses the App after a change, the user is deemed to have agreed to the updated policy.

12. Contact

For questions about this Privacy Policy or the handling of data in the App, please contact the following email address.

[email protected]