Privacy Policy for Allist

Last updated: June 8, 2026
Allist ("the App," "we," "our," or "us") is a collaborative grocery-list and pantry-management app. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. By creating an account or using Allist, you agree to the practices described here. information.
If you have any questions, contact us at [email protected]

1. Information We Collect

1.1 Account Information
When you sign up or log in (via email & password, Google Sign-In, or Sign in with Apple), we collect:
- Your name and email address
- A unique account identifier (User ID)
- Authentication tokens needed to keep you securely signed in
- Your chosen profile photo (if you upload one)
- A personal "household code" used to invite others to share lists with you
1.2 Grocery & List Data
To provide the core functionality of the App, we store:
- The lists you create (names, stores, items, quantities, categories, notes, due dates)
- Whether items are marked as "to buy," "in your pantry," or completed
- Reminders and notification times you configure for your lists
- Information about lists shared with you, and the household members ("Shared with") associated with those lists
1.3 Household & Sharing Information
If you join or create a shared household/list, we store:
- The names and avatars of members in your shared lists
- Who owns a list and who it has been shared with
- Activity needed to keep shared lists in sync in real time (e.g., who checked off an item)
1.4 Notifications
If you enable push notifications or daily shopping reminders, we collect a device push token (via Firebase Cloud Messaging / Apple Push Notification service) and store your notification preferences (on/off, reminder time) so we can deliver reminders to you.
1.5 Device & Technical Information
We automatically collect limited technical information needed to run and secure the App, including:
- Device type and operating system version
- App version and crash/diagnostic signals (via Firebase App Check, used to verify that requests to our backend come from genuine, untampered copies of the App)
- General usage data needed for the App to function (e.g., which screens load, error logs)
1.6 Advertising Data (where applicable)
Allist may show ads provided by Google AdMob to free-tier users. AdMob may collect device identifiers (such as the advertising ID), approximate location, and usage data to display and measure ads. You can manage ad personalization through your device's privacy settings, and we present a consent dialog (in line with GDPR/UMP requirements) before any personalized ads are shown in regions where this is required. Note: ads are currently disabled in the App while we refine the experience; this section will continue to apply if/when ads are re-enabled.
1.7 Photos
The App requests access to your photo library or camera (via the system image picker) in two situations:
- When you choose to set or change your profile picture (Settings → Manage account)
- When you choose to attach a photo to an item on one of your grocery lists (e.g., to show what a product looks like or remember a specific brand)
In both cases, access is requested solely so you can select an existing photo or take a new one, and only the image you actively choose is uploaded and stored (in Firebase Cloud Storage) in connection with your profile or the relevant list item. We do not otherwise access, scan, or collect images from your photo library.
1.8 Notification Permission
On iOS, the App requests permission to send you notifications (as shown in the system prompt) so it can deliver the push notifications and shopping reminders described in section 1.4. You can change this permission at any time in your device's Settings.

2. How We Use Information

We use the information described above to:
- Create and manage your account and authenticate you securely
- Sync your lists and pantry data across your devices in real time
- Enable list-sharing and collaboration with household members you invite
- Send you reminders and notifications you've opted into
- Personalize your experience (e.g., remembering your language and preferences)
- Maintain the security and integrity of the App (e.g., App Check, fraud prevention)
- Improve and troubleshoot the App (diagnostics, crash reports)
- Show advertising to free-tier users, where applicable, and measure ad performance
- Comply with legal obligations
We do not sell your personal information.

3. How We Share Your Information

We share information only in the following circumstances:Household members: If you share a list, the members of that shared list can see the list's contents, items, and the names/avatars of people in that household.
Service providers: We use trusted third-party providers to operate the App, including:
- Google Firebase (Authentication, Cloud Firestore database, Cloud Storage for profile photos, Cloud Messaging for push notifications, App Check) — see Google's Privacy Policy
- Google Sign-In and Sign in with Apple — used only if you choose these login methods, and governed by Google's and Apple's respective privacy policies
- Google AdMob — used to display ads to free-tier users (see section 1.6); see Google's Privacy & Terms
- Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Allist, our users, or others.
- Business transfers: If Allist is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction; we will notify you of any such change.
We do not share your personal data with third parties for their own independent marketing purposes.

4. Data Storage & Security

Your data is stored on Google Firebase's secure cloud infrastructure (Cloud Firestore and Cloud Storage), which applies industry-standard encryption in transit and at rest. We use Firebase Authentication and App Check to help ensure that only you (and people you explicitly invite) can access your lists.While we take reasonable measures to protect your information, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

5. Data Retention

We retain your account and list data for as long as your account is active or as needed to provide you the App's services. If you delete your account, we will delete or anonymize your personal data within a reasonable period, except where we are required to retain it to comply with legal obligations, resolve disputes, or enforce our agreements.

6. Your Rights & Choices

Depending on where you live (e.g., the EU/EEA under GDPR, California under CCPA/CPRA), you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data (e.g., editing your name/email in "Manage account")
- Delete your account and associated data
- Export your data
- Object to or restrict certain processing (e.g., turning off notifications or ad personalization)
- Withdraw consent at any time where processing is based on consent (e.g., via the in-app Privacy/consent settings)
You can exercise most of these rights directly in the App:
- Settings → Manage account — update your name, email, password, or profile photo
- Settings → Privacy settings — manage consent, GDPR choices, and ad preferences
- Settings → Notifications — turn push notifications and reminders on or off
To request deletion of your account and all associated data, or to exercise any other rights, email us at [email protected]. We will respond within the timeframe required by applicable law.

7. Contact Us

If you have any questions about this Privacy Policy, please contact us at:📧 [email protected]

8. International Data Transfers

Because we use global service providers such as Google Firebase, your information may be transferred to, stored, and processed in countries other than your own, including the United States. We rely on appropriate safeguards (such as standard contractual clauses) where required by law to protect your information when it is transferred internationally.

9. Cookies & Similar Technologies

The App itself does not use browser cookies (it is a native mobile app), but third-party SDKs we rely on — particularly Google AdMob and Firebase — may use device identifiers, advertising IDs, or similar technologies to operate, secure, and (where applicable) monetize the App. Where required (e.g., under GDPR/ePrivacy or similar laws), we present a consent dialog before enabling any non-essential tracking, and you can change your choices at any time in Settings → Privacy settings.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will post the updated policy in the App and update the "Last updated" date above. If changes are significant, we will provide additional notice (e.g., an in-app message).

11. Contact Us

TextIf you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Email: [email protected]