Privacy
Data Privacy Laws
This page explains LifeSync's privacy position for laws such as the GDPR, UK GDPR, CCPA/CPRA, and similar privacy frameworks, based on the current LifeSync app functionality.
Current data processing
LifeSync uses account-based functionality. The app supports Firebase email/password authentication and Google Sign-In. The main in-app areas are protected by login and sync user data to Firebase Firestore.
LifeSync also stores some data locally on the device, including settings, device identifiers, OAuth/calendar connection state, notification-window settings, app-blocking settings, health cache data, and screen-time cache data.
Data LifeSync may process
- Account data: user ID, email address, display name, profile photo URL, account timestamps, and onboarding status.
- Onboarding preferences: goals, improvement areas, hobbies, skills, available daily time, work style, and active time preferences.
- Tasks and reminders: titles, descriptions, categories, priorities, tags, due dates, reminder times, completion status, generated onboarding tasks, and external calendar IDs.
- Health and wellness data, when permission is granted: steps, sleep, heart rate, calories, active minutes, health reminders, blocked app settings, and wellness settings.
- App usage and screen-time data: package/app names, executable names or paths on desktop, start/end times, duration, daily aggregates, session logs, and selected blocked apps.
- Focus timer data: Pomodoro settings, focus sessions, status, duration, start/completion times, and completed session counts.
- Whiteboard and mind map content: board names, drawings, text nodes, cursor/collaboration messages, mind map nodes, notes, edges, colors, and layout information.
- Calendar integration data: Google Calendar and Microsoft Outlook connection state, OAuth tokens stored in secure local storage, calendar event IDs, calendar IDs, task/event content sent to the selected calendar provider, and imported Google event metadata.
- Device data: a locally generated device UUID and platform name used to merge synced health data across devices.
Purposes
LifeSync processes this data to create and manage accounts, sync user content across devices, generate onboarding tasks, show dashboards and statistics, send reminders, read health and screen-time information with permission, block or limit selected apps, sync tasks with calendars, support live whiteboard collaboration, and maintain app reliability.
Third-party services
LifeSync uses Firebase Authentication and Firestore for accounts and cloud data. The codebase includes Firebase Analytics, Crashlytics, Messaging, Storage, and Cloud Functions dependencies, but no explicit app calls to Analytics, Crashlytics, Messaging, Storage uploads, or Cloud Functions were found in the reviewed code. Google Sign-In, Google Calendar APIs, Microsoft Graph/Outlook Calendar APIs, Health Connect or Apple Health, and a WebSocket whiteboard server may process data when those features are used.
Local permissions
On Android, LifeSync requests permissions related to Health Connect, activity recognition, app usage access, overlay display, foreground service, exact alarms, notifications, vibration, wake lock, boot completion, and notification listener access. Some permissions are optional feature permissions and are needed only for the related feature.
Privacy principles
- Use data for clear product purposes such as sync, reminders, statistics, health insights, app blocking, and calendar integration.
- Collect sensitive health, app usage, notification, and calendar data only when the user enables or authorizes the related feature.
- Limit access to user-specific Firestore data through authenticated user accounts.
- Keep OAuth/calendar credentials in secure local storage where the integration requires them.
- Give users a practical way to request access, correction, deletion, restriction, portability, or opt-out where applicable law grants those rights.
GDPR and UK GDPR
For EEA or UK users, personal data should be processed under an appropriate lawful basis, such as performance of the service requested by the user, consent for optional permissions or integrations, legitimate interests for security and reliability, or legal obligation where applicable. Health and similar sensitive data may require explicit permission or another valid legal basis depending on jurisdiction.
CCPA and CPRA
LifeSync does not currently include advertising SDKs, targeted advertising code, or payment checkout in the reviewed app. No sale or sharing of personal information for cross-context behavioral advertising was found. Eligible California residents may have rights to know, delete, correct, limit certain sensitive information, and opt out of sale or sharing if applicable.
Children's privacy
LifeSync is not directed to children under 13 and does not knowingly collect personal information from children through this website.
Official references
- European Commission GDPR overview
- California Privacy Protection Agency CCPA rights
- California Attorney General CCPA page
This page is informational and is not legal advice.