Privacy Policy

Effective Date: February 13, 2026 · Last Updated: March 22, 2026
App: Listido · Developer: Max Gerling Digital Solutions
Max Gerling, Tudorfer Str. 13, 33178 Borchen, Germany

---

1. Introduction

Welcome to Listido ("the App"). Your privacy is important to us. This Privacy Policy explains what data the App collects, how it is used, and your rights regarding your personal information.

This policy complies with the EU General Data Protection Regulation (GDPR), the German Bundesdatenschutzgesetz (BDSG), the German Digitale-Dienste-Gesetz (DDG), the ePrivacy Directive (2002/58/EC), the U.S. Children's Online Privacy Protection Act (COPPA), and the California Consumer Privacy Act (CCPA).

2. Data Controller

The data controller responsible for processing your data is:

Max Gerling Digital Solutions
Max Gerling
Tudorfer Str. 13
33178 Borchen, Germany
Email: mxgrlng@gmail.com

3. Data We Collect

3.1 Data Stored Locally on Your Device

Listido stores all user-created data locally on your device. This includes:

• Habit names, icons, colors, and configurations
• Habit completion history and streak data
• Mood and health entries (mood level, symptoms, notes, health metrics)
• App settings and preferences
• Achievement and gamification progress
• Focus timer session logs

This data never leaves your device unless you explicitly choose to export it using the in-app export feature.

3.2 Crash and Error Reporting

We use Sentry (sentry.io) to collect anonymous crash reports and error data. This data is processed under Art. 6(1)(f) GDPR (legitimate interest in maintaining app stability). Crash reports may include:

• Device type and operating system version
• App version and build number
• Stack traces and error messages
• Anonymous session identifiers

Crash reports do not contain any of your personal habit data, mood entries, health information, or any other user-created content.

3.3 Advertising Data (Google AdMob)

The App displays advertisements via Google AdMob, including banner ads, interstitial ads, and rewarded interstitial ads. The data collected by AdMob depends on your age group and consent choices:

Data Type	Users Under 13	Users 13+ (No Consent)	Users 13+ (With Consent)
Advertising ID (AAID/IDFA)	Not collected	Not used for personalization	Collected for personalized ads
IP address (truncated)	Contextual only	Contextual only	Ad targeting & analytics
Device info (model, OS)	Contextual only	Contextual only	Ad targeting & analytics
Ad interaction data	Aggregated only	Aggregated only	Individualized profiling

Legal basis: Personalized advertising is processed under Art. 6(1)(a) GDPR (consent). Non-personalized advertising is processed under Art. 6(1)(f) GDPR (legitimate interest in funding the free tier of the App).

3.4 Subscription and Purchase Data

When you purchase a subscription (weekly, monthly, or yearly), the transaction is processed entirely by Google Play (Google Payments) or Apple App Store (Apple In-App Purchase). We do not receive or store your payment card details, billing address, or bank information. We only receive:

• A purchase confirmation token (to verify your subscription is active)
• Subscription status (active, expired, grace period, cancelled)
• Product identifier (which plan you subscribed to)

This data is processed under Art. 6(1)(b) GDPR (performance of a contract).

3.5 Data We Do NOT Collect

• We do not collect your name, email address, or contact information
• We do not require account creation or login
• We do not track your location
• We do not collect or access your photos, contacts, or other personal files
• We do not sell your personal data to third parties

4. Children's Privacy and Age-Appropriate Ads

4.1 Neutral Age Screen

Listido is designed for a general audience, including children. To ensure a safe experience and compliance with COPPA and GDPR, we implement a neutral age screen upon the first launch of the App. We do not store your exact date of birth; we only use this information locally on your device to determine the appropriate privacy settings for your age group.

4.2 Users Under 13 (or Local Age of Consent)

For users identified as being under the age of 13 (or the applicable age in their jurisdiction), we take the following protective measures:

• No Personal Data Collection: We do not collect, use, or disclose any personal information from children.
• Non-Personalized Ads: We use Google AdMob to serve advertisements. For children, we technically flag all ad requests (using the TFCD tag) to ensure that only non-personalized, contextual advertising is displayed.
• No Behavioral Tracking: Identifiers such as the Advertising ID (AAID/IDFA) are not transmitted or used for profiling or remarketing purposes for this user group.
• COPPA Compliance: We comply with the U.S. Children's Online Privacy Protection Act and do not knowingly collect personal information from children under 13.

4.3 Users 13 and Older

For users above the age of consent, the App may collect pseudonymous identifiers to provide personalized features and advertisements, provided the user has given their explicit consent through our Consent Management Platform (Google UMP). Without consent, only non-personalized, contextual ads are served.

5. Consent Management

We use the Google User Messaging Platform (UMP) as our Consent Management Platform (CMP) to obtain, record, and manage your advertising consent in accordance with the IAB Transparency and Consent Framework (TCF) v2.2.

• On first launch (for users 13+), a consent dialog is presented explaining how your data may be used for advertising.
• You can accept personalized ads, reject them (receiving only contextual ads), or manage individual purposes.
• You may withdraw or change your consent at any time from the App's Settings screen.
• Your consent choice is stored locally on your device and transmitted to AdMob with each ad request.

6. Data Storage and Security

All personal data (habits, completions, mood, health metrics) is stored exclusively on your device using local storage (AsyncStorage / MMKV). We have no servers that store your personal data and no ability to access it remotely.

We implement reasonable technical measures, including encrypted HTTPS connections for all network requests to third-party services (Sentry, AdMob).

7. Data Retention

• Local data: Retained on your device indefinitely until you delete it (via "Reset All Data" in Settings) or uninstall the App.
• Sentry crash reports: Automatically deleted after 90 days.
• AdMob data: Retained by Google according to Google's data retention policy.
• Subscription tokens: Retained locally only while the subscription is active; cleared upon expiration or uninstall.

8. Data Export and Import

The App provides a manual export/import feature that allows you to:

• Export all your data as a JSON file for backup purposes
• Import previously exported data to restore your information

These actions are initiated entirely by you, and data is shared only through the device's native sharing capabilities.

9. Third-Party Services

9.1 Google AdMob (Advertising)

We use Google AdMob to serve banner ads, interstitial ads, and rewarded interstitial ads. AdMob may collect device identifiers, IP addresses, and interaction data as described in Section 3.3. Google's privacy policy: https://policies.google.com/privacy.

Google AdMob partner list: https://support.google.com/admob/answer/9012903.

9.2 Sentry (Crash Reporting)

We use Sentry for crash and error monitoring. Sentry's privacy policy: https://sentry.io/privacy/.

9.3 Google Play / Apple App Store (Subscriptions)

Subscription purchases are processed by Google Play or Apple App Store. We only receive subscription status tokens; we never receive payment details. See: Google Privacy Policy · Apple Privacy Policy.

9.4 Expo / EAS (Build Infrastructure)

The App is built using Expo Application Services. Expo's privacy policy: https://expo.dev/privacy.

10. International Data Transfers

Some of the third-party services we use (Google, Sentry, Expo) may process data outside the European Economic Area (EEA). These transfers are safeguarded by:

• EU–U.S. Data Privacy Framework (for services certified under the framework)
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable

11. Your Rights

Under the GDPR and other applicable laws, you have the following rights:

11.1 GDPR Rights (EEA Residents)

• Right of Access (Art. 15): View all your data directly within the App.
• Right to Rectification (Art. 16): Edit your habits and entries at any time within the App.
• Right to Erasure (Art. 17): Use "Reset All Data" in Settings, or uninstall the App to permanently delete all local data.
• Right to Data Portability (Art. 20): Use the export feature in Settings to download all your data in machine-readable JSON format.
• Right to Restrict Processing (Art. 18): Withdraw ad consent via Settings to restrict advertising data processing.
• Right to Object (Art. 21): Object to processing based on legitimate interest by contacting us.
• Right to Withdraw Consent (Art. 7(3)): Withdraw advertising consent at any time via the App's Settings. Withdrawal does not affect the lawfulness of prior processing.
• Right to Lodge a Complaint: You may file a complaint with a supervisory authority, e.g., the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).

11.2 CCPA Rights (California Residents)

• Right to Know: Request disclosure of data collected about you.
• Right to Delete: Request deletion of your data (uninstall the App or use "Reset All Data").
• Right to Opt-Out of Sale: We do not sell personal information. Personalized advertising is consent-based and can be disabled in Settings.
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

11.3 Data Deletion

Since all user data is stored locally on your device, you can delete all data at any time by:

• Using "Reset All Data" in the App's Settings screen
• Uninstalling the App from your device
• Clearing the App's storage via your device's system settings

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last Updated" date at the top of this page. For material changes, we will notify users through an in-app notice. Continued use of the App after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy, or wish to exercise your data protection rights, please contact us at:

Max Gerling Digital Solutions
Max Gerling
Tudorfer Str. 13, 33178 Borchen, Germany
Email: mxgrlng@gmail.com

---

← Back to Listido