Just-A-Sec Privacy Policy

Last updated: June 6, 2026

Short version: Just-A-Sec is designed to work almost entirely on your device. Your reminders, location, voice clips, and settings never leave your phone. The only data that reaches a server is what's needed for the optional to-do item sharing feature, push notifications, and crash reports, and is entirely anonymized — described in full below. iOS also sends a couple of non-identifying "refresh frequency" values to the server to ensure reminders work reliably, but these values do not contain any personal data.

What this app does

Just-A-Sec is a recurring-reminder app built with a focus on people with ADHD and executive dysfunction. It gives you gentle, persistent nudges on a schedule you set. Reminders, intervals, sounds, and all other personal settings are stored locally on your device using Android's standard storage APIs. Just-A-Sec specifically tries to minimize any data that leaves your device, and the to-do list sharing feature is entirely optional and opt-in.

Data that stays on your device

The following never leaves your phone under any circumstances:

Data that leaves your device

All communication uses HTTPS.

Feature Data sent Sent to Why
Address search (location picker) The text you type into the search box, plus the approximate map viewport Nominatim (OpenStreetMap) To enable searching for locations on the map
To-do list sharing features A randomly-generated anonymous user ID; a bearer token (stored as a hash on the server, never in plain text) Just-A-Sec Server To enable to-do list sharing and contacts features
Sending to-do items directly to a contact The text of the in-flight to-do item Just-A-Sec Server To sync shared to-do list items between you and people you've chosen to share with
Shared collaborative to-do lists The contents of the to-do list, including who added/edited each item and the completion status of each item Just-A-Sec Server To sync the shared to-do list items and any updates between you and people you've chosen to share with
Display name The display name you choose for yourself Just-A-Sec Server Completely optional. To show other users a default display name for you instead of your randomly generated ID.
Shared todo push notifications An FCM device token Just-A-Sec server, then Google Firebase To deliver a notification when someone shares an item to your to-do list
Crash reporting Crash logs and relevant diagnostic data Crashlytics To help identify and fix issues in the app
"Contact the developer" form Your message text, app version, platform (iOS/Android), and the optionally provided email address Just-A-Sec server, forwarded to the development team via Resend To allow you to send feedback or report issues. Submitting feedback is optional.

Google Firebase never sees your actual to-do item text or any other personal data, only a couple of ID values.

For Android users

The to-do item sharing feature is opt-in. If you never open the shared-todo list or scan/share an invite code, no account is created and nothing is sent to any server.

For iOS users

The to-do item sharing feature itself is opt-in, but an initial randomly-generated anonymous account is created on login.

Due to differences between iOS and Android, iOS requires a much more complex system for keeping the reminders running. This means that even if you don't use the to-do sharing feature, some data still needs to be sent to the server to ensure reminders work reliably. Sorry! I wish it wasn't the case! Blame Apple!

Feature Data sent Sent to Why
Reminders (iOS only) Two "refresh frequency" numbers that allow the server to send occasional silent push messages to cause your device to properly keep reminders running. No actual reminder data ever leaves your device. Just-A-Sec server To ensure reminders work reliably on iOS devices.

These "refresh frequency" values are not personally identifiable in any way (aside from being associated with your randomly-generated anonymous account ID) and are used solely to determine how often the server should send silent push notifications to your device to keep the app's background processes alive. They do not contain any information about your reminders, location, or any other personal data.

What the Just-A-Sec server stores

If you have added items to other people's to-do lists, those items remain on their lists after you delete your account, but your account ID is replaced with a placeholder of all zeros so your identifier no longer appears anywhere.

Third-party services

Data retention and deletion

All local data is removed when you uninstall the app. Server-side data (account, FCM token, shared todos, grants) is deleted immediately and permanently when you use the Delete account option in Settings → Account. There is no recovery after deletion.

If you have further questions about data retention or deletion, please contact me at justasecapp@gmail.com and I'll help you however I can.

Children

Just-A-Sec is not directed at children under 13 and does not knowingly collect data from them.

Changes to this policy

If this policy changes in a material way, an updated version will be posted at the same URL with a new "Last updated" date. Continued use of the app after a policy update constitutes acceptance of the new terms.

Contact

Questions or concerns about privacy can be sent to justasecapp@gmail.com.