Privacy Policy

Last updated: February 2025

Overview

TinySteps ("the App") is a task management application for macOS and iOS. We take your privacy seriously. This policy explains what data we collect, how we use it, and your rights regarding that data.

Data We Collect

Task data. Your tasks, lists, notes, and settings are stored locally on your device using SwiftData. If you enable iCloud sync, this data is also stored in your private iCloud container (iCloud.com.lkl2050.TinySteps). We do not have access to your iCloud data — it is encrypted and managed entirely by Apple.

Authentication. If you sign in (via email/password or Apple Sign In), Firebase Authentication stores your email address and a unique user identifier. This is used solely to authenticate your account and enforce AI feature rate limits.

AI feature usage. When you use Smart Steps (AI task breakdown), your task title and optional context are sent to our Firebase Cloud Functions, which forward the request to a third-party AI provider (Groq). We store a request count per user (for rate limiting: 20/day, 100/week) but do not store the content of your AI requests or responses.

Calendar data. If you enable calendar integration, the App reads events from your system calendar via EventKit. This data is accessed locally and is never transmitted to any server.

Data We Do Not Collect

• We do not use analytics or tracking frameworks
• We do not collect device identifiers or advertising IDs
• We do not sell, share, or rent your personal data to third parties
• We do not store the content of your tasks on our servers

Third-Party Services

• Apple iCloud / CloudKit — For cross-device sync. Governed by Apple's Privacy Policy.
• Firebase (Google) — For authentication and cloud functions. Governed by Firebase's Privacy Policy.
• Groq — For AI inference (Smart Steps feature). Task titles sent for processing are not stored by us. Refer to Groq's Privacy Policy for their data handling practices.

Data Storage and Security

Local data is stored in a shared App Group container on your device. iCloud data is encrypted in transit and at rest by Apple. Firebase Authentication tokens are stored securely in the device Keychain.

Data Retention

Completed tasks are automatically deleted based on your retention setting (configurable from 1 to 60 days). You can delete your account and all associated authentication data at any time through the App's settings.

Children's Privacy

TinySteps is not directed at children under 13. We do not knowingly collect personal information from children under 13.

Your Rights

You can:

• Delete your local data by removing the App
• Delete your iCloud data through Apple's iCloud settings
• Delete your Firebase account through the App's settings
• Request information about your data by contacting us

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by an updated "Last updated" date at the top of this page.

Contact

If you have questions about this Privacy Policy, please open an issue on our GitHub repository or contact us at the email provided in the App Store listing.