Last updated: June 6, 2026
Just-A-Sec is a recurring-reminder app built with a focus on people with ADHD and executive dysfunction. It gives you gentle, persistent nudges on a schedule you set. Reminders, intervals, sounds, and all other personal settings are stored locally on your device using Android's standard storage APIs. Just-A-Sec specifically tries to minimize any data that leaves your device, and the to-do list sharing feature is entirely optional and opt-in.
The following never leaves your phone under any circumstances:
All communication uses HTTPS.
| Feature | Data sent | Sent to | Why |
|---|---|---|---|
| Address search (location picker) | The text you type into the search box, plus the approximate map viewport | Nominatim (OpenStreetMap) | To enable searching for locations on the map |
| To-do list sharing features | A randomly-generated anonymous user ID; a bearer token (stored as a hash on the server, never in plain text) | Just-A-Sec Server | To enable to-do list sharing and contacts features |
| Sending to-do items directly to a contact | The text of the in-flight to-do item | Just-A-Sec Server | To sync shared to-do list items between you and people you've chosen to share with |
| Shared collaborative to-do lists | The contents of the to-do list, including who added/edited each item and the completion status of each item | Just-A-Sec Server | To sync the shared to-do list items and any updates between you and people you've chosen to share with |
| Display name | The display name you choose for yourself | Just-A-Sec Server | Completely optional. To show other users a default display name for you instead of your randomly generated ID. |
| Shared todo push notifications | An FCM device token | Just-A-Sec server, then Google Firebase | To deliver a notification when someone shares an item to your to-do list |
| Crash reporting | Crash logs and relevant diagnostic data | Crashlytics | To help identify and fix issues in the app |
| "Contact the developer" form | Your message text, app version, platform (iOS/Android), and the optionally provided email address | Just-A-Sec server, forwarded to the development team via Resend | To allow you to send feedback or report issues. Submitting feedback is optional. |
Google Firebase never sees your actual to-do item text or any other personal data, only a couple of ID values.
The to-do item sharing feature is opt-in. If you never open the shared-todo list or scan/share an invite code, no account is created and nothing is sent to any server.
The to-do item sharing feature itself is opt-in, but an initial randomly-generated anonymous account is created on login.
Due to differences between iOS and Android, iOS requires a much more complex system for keeping the reminders running. This means that even if you don't use the to-do sharing feature, some data still needs to be sent to the server to ensure reminders work reliably. Sorry! I wish it wasn't the case! Blame Apple!
| Feature | Data sent | Sent to | Why |
|---|---|---|---|
| Reminders (iOS only) | Two "refresh frequency" numbers that allow the server to send occasional silent push messages to cause your device to properly keep reminders running. No actual reminder data ever leaves your device. | Just-A-Sec server | To ensure reminders work reliably on iOS devices. |
These "refresh frequency" values are not personally identifiable in any way (aside from being associated with your randomly-generated anonymous account ID) and are used solely to determine how often the server should send silent push notifications to your device to keep the app's background processes alive. They do not contain any information about your reminders, location, or any other personal data.
If you have added items to other people's to-do lists, those items remain on their lists after you delete your account, but your account ID is replaced with a placeholder of all zeros so your identifier no longer appears anywhere.
All local data is removed when you uninstall the app. Server-side data (account, FCM token, shared todos, grants) is deleted immediately and permanently when you use the Delete account option in Settings → Account. There is no recovery after deletion.
If you have further questions about data retention or deletion, please contact me at justasecapp@gmail.com and I'll help you however I can.
Just-A-Sec is not directed at children under 13 and does not knowingly collect data from them.
If this policy changes in a material way, an updated version will be posted at the same URL with a new "Last updated" date. Continued use of the app after a policy update constitutes acceptance of the new terms.
Questions or concerns about privacy can be sent to justasecapp@gmail.com.