Privacy Policy

Last Updated: January 1, 2026

Welcome to Critical Choice (formerly known as "Todo 4Q"). This privacy policy explains how we collect, use, store, and protect your personal information when you use our mobile application.

By using Critical Choice, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our app.

1. Information We Collect

1.1 Personal Information You Provide

When you create an account or use our app, we collect the following information:

Email Address: Used for account authentication and communication
Profile Photo: Your profile picture from Apple Sign-In or Google Sign-In (if provided)
User ID: A unique identifier assigned to your account

1.2 Authentication Information

We support multiple sign-in methods:

Apple Sign-In: We receive your Apple ID and email (which may be private relay)
Google Sign-In: We receive your Google account email and profile picture

1.3 Task and Project Data

For Local Projects: The following data is stored locally on your device only:

Tasks (title, description, deadline, quadrant assignment, tags, assignee)
Local projects (name, color, mission statement)
Task completion status and timestamps
Achievement progress and statistics
App preferences and settings

For Cloud/Team Projects (Premium Feature): If you create or join team projects, the following data is stored on Firebase Firestore:

Team project name, color, mission statement, and metadata
Tasks within team projects (title, description, deadline, quadrant, tags, assignee ID, creator ID)
Project membership information (host user ID, member user IDs)
Task completion status for team tasks

Important: Local project data remains only on your device. Cloud/team project data is synchronized in real-time across all team members' devices via Firebase. Local data will be lost if you uninstall the app without backing up.

1.4 Subscription and Payment Data

If you purchase a premium subscription:

RevenueCat Customer ID: A unique identifier for your subscription status
Subscription status: Whether you have an active premium subscription
Entitlements: Which premium features you have access to
Transaction information: Processed by Apple App Store or Google Play Store (we do not store payment card details)

Note: All payment processing is handled by Apple or Google. We do not have access to your payment card information.

1.5 Usage Information

We automatically collect certain information about your device and how you use the app:

Device type and operating system version
App version and language preferences
Feature usage statistics (anonymous)
Crash reports and error logs

1.6 Google Calendar Data (Optional)

If you choose to enable Google Calendar integration:

We access your Google Calendar events to import them as tasks
This data is only used within the app and not shared with third parties
You can revoke this permission at any time through the app settings or your Google account settings

1.7 Voice Input Data (Optional)

If you use the voice input feature to create tasks:

Your voice is processed by your device's speech-to-text system (iOS Speech Recognition)
Audio is processed locally on your device or by Apple's servers (depending on device capabilities)
We do not store or have access to your voice recordings
Only the transcribed text is used to create tasks
You can disable microphone access through your device settings

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 To Provide App Services

Create and manage your user account
Authenticate your identity securely
Display your profile information
Enable Google Calendar integration features
Facilitate team collaboration on cloud projects (Premium feature)
Synchronize tasks and projects across your devices via cloud storage
Process subscription purchases and manage premium entitlements
Enable voice-to-text task creation

2.2 To Improve the App

Analyze usage patterns to improve features
Identify and fix bugs and technical issues
Develop new features based on user needs
Optimize app performance

2.3 To Communicate with You

Send important app updates and announcements
Respond to your support requests
Notify you about changes to our policies

2.4 For Security and Fraud Prevention

Protect against unauthorized access
Detect and prevent fraudulent activities
Maintain the security of our services

3. Data Storage and Security

3.1 Where Your Data is Stored

Your data is stored in multiple locations depending on the features you use:

Firebase Authentication: Stores your authentication credentials (email, user ID, profile photo)
Firebase Firestore: Stores cloud/team project data including tasks, project details, and membership information (only for team projects)
Your Device Storage: Local projects, achievements, app preferences, and settings are stored on your device
RevenueCat: Stores your subscription status and entitlements (anonymous customer ID)

All cloud data is stored on Firebase servers (Google Cloud Platform) located in secure data centers. Google Firebase complies with industry-standard security practices and certifications including SOC 2, ISO 27001, and GDPR.

Important: Local project data is not backed up to the cloud. Only team/cloud projects are synchronized. We recommend backing up your device regularly to prevent loss of local data.

3.2 How We Protect Your Data

Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL
Encryption at Rest: Data stored in Firebase is encrypted at rest
Access Control: Only you can access your personal data through authentication
Secure Authentication: We use industry-standard OAuth 2.0 for Apple and Google sign-in
Regular Security Audits: We rely on Firebase's security infrastructure which undergoes regular third-party audits

            Important: While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.
        

4. Third-Party Services

We use the following third-party services that may collect information about you:

4.1 Firebase Authentication & Firestore (Google Cloud Platform)

Purpose: User authentication and cloud data storage for team projects
Data Collected:
- Authentication: Email, user ID, profile photo
- Firestore: Team project data, tasks, member lists, project metadata (only for cloud/team projects)
Privacy Policy: https://firebase.google.com/support/privacy

4.2 Google Sign-In

Purpose: User authentication
Data Collected: Email, profile picture
Privacy Policy: https://policies.google.com/privacy

4.3 Apple Sign-In

Purpose: User authentication
Data Collected: Apple ID, email (may be private relay)
Privacy Policy: https://www.apple.com/legal/privacy/

4.4 Google Calendar API (Optional)

Purpose: Import calendar events as tasks (only if you enable this feature)
Data Collected: Calendar event titles, dates, times, descriptions
Privacy Policy: https://policies.google.com/privacy
Permissions: Read-only access to your calendar events

4.5 Google Calendar API - Limited Use Disclosure

Critical Choice's use of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We only request access to Google Calendar data when you explicitly enable calendar sync
Calendar data is only used to display events within the app as tasks
We do not transfer calendar data to third parties
Calendar data is not used for serving advertisements
You can revoke access at any time through app settings or your Google account

4.6 RevenueCat

Purpose: Subscription management and payment processing
Data Collected: Anonymous customer ID, subscription status, purchase receipts, device identifiers
Privacy Policy: https://www.revenuecat.com/privacy
Note: RevenueCat does not have access to your payment card details; all payments are processed by Apple or Google

4.7 iOS Speech Recognition (Apple)

Purpose: Voice-to-text for task creation (optional feature)
Data Collected: Voice audio for transcription (processed by Apple)
Privacy Policy: https://www.apple.com/legal/privacy/
Note: We do not store voice recordings; only the transcribed text is used

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5.2 When We May Share Your Data

We may share your information only in the following limited circumstances:

With Your Consent: When you explicitly give us permission to share specific information
Team Collaboration (Premium): When you create or join a team project, your user ID and tasks you create are visible to all project members
Service Providers: With trusted third-party services (Firebase, RevenueCat) that help us operate the app
Legal Requirements: When required by law, court order, or government request
Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your data may be transferred (you will be notified)
Protection of Rights: To protect our rights, privacy, safety, or property, and that of our users

5.3 Team Project Data Sharing

When you participate in team projects (Premium feature):

Visible to Team Members: Your user ID, tasks you create, and task updates are visible to all project members
Project Host Controls: The project creator (host) can invite or remove members
Real-Time Sync: Changes to team projects are synchronized in real-time across all members' devices
Leaving Projects: You can leave team projects at any time, which removes your access to that project's data

Note: Team collaboration is optional. You can use the app entirely with local projects if you prefer to keep all data on your device.

6. Your Rights and Choices

You have the following rights regarding your personal data:

6.1 Access Your Data

View your profile information in the app settings
Access all your tasks and projects within the app (stored locally on your device)
Request a copy of your authentication data by contacting us

6.2 Update Your Data

Edit your profile information through app settings
Modify or delete tasks and projects at any time
Update your email through your Apple or Google account settings

6.3 Export Your Data

Your local tasks and projects are stored on your device and can be backed up via device backup
Team project data is stored in Firebase Firestore and visible within the app
You can request an export of your authentication data and cloud project data by contacting us
We will provide your data in a portable format (JSON or CSV) within 30 days of request

6.4 Delete Your Data

Delete individual tasks and projects directly in the app (local deletion from your device)
Uninstall the app to remove all local data from your device
Delete your account through app settings - your data is immediately removed from our systems (see section 7.2 for details)
Account deletion is immediate and irreversible - you cannot recover your data once deleted

6.5 Manage Google Calendar Access

Disconnect Google Calendar sync through app settings
Revoke access through your Google Account Permissions page

6.6 Opt-Out of Communications

Disable notifications through your device settings
Unsubscribe from emails using the link in any email we send

7. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this privacy policy.

7.1 Active Accounts

Your authentication data is retained in Firebase as long as your account is active
Local tasks and projects remain on your device until you delete them or uninstall the app
Cloud/team project data is retained in Firestore as long as you're a member of the project
Subscription data is retained by RevenueCat as long as you have an active or expired subscription
You can delete your account at any time through app settings

7.2 Deleted Accounts

When you delete your account, the following happens:

Immediately deleted from our systems:
- Your account data (email, user ID, profile photo) is removed from Firebase Authentication
- All your cloud/team project data is permanently deleted from Firestore
- Team projects you hosted are deleted (members will be notified)
- You are removed from all team projects you joined
- Your account cannot be recovered after deletion
Third-party service provider data:
- Firebase/Google backup systems may retain copies for up to 30-90 days for disaster recovery purposes (this is managed by Firebase, not by our app)
- RevenueCat subscription data is marked as deleted
Your device: Local project data remains on your device until you uninstall the app

Important: From your perspective, account deletion is immediate and irreversible. You will lose access instantly and cannot recover your data. However, Firebase's internal backup systems (beyond our control) may retain copies for disaster recovery for up to 90 days.

7.3 Inactive Accounts

We may delete accounts that have been inactive for an extended period (e.g., 3+ years)
You will receive advance notice before deletion via email

8. App Age Rating

App Store Age Rating: 4+ (Suitable for All Ages)

Critical Choice is designed for users of all ages and does not contain any objectionable content, violence, gambling, mature themes, or inappropriate material. The app is rated 4+ on the Apple App Store, meaning it is suitable for children and adults.

Children's Privacy: While Critical Choice is rated 4+ and suitable for all ages, we do not knowingly collect personal information from children under the age of 13 (or the minimum age in your jurisdiction) in accordance with privacy laws such as COPPA. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately. We will take steps to delete such information from our systems.

9. International Data Transfers

Your information may be transferred to and stored on servers located outside of your country of residence. These countries may have different data protection laws than your country.

By using Critical Choice, you consent to the transfer of your information to countries outside of your country of residence, including the United States where Firebase servers are located.

We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy and applicable laws, including:

GDPR compliance for European users
Standard contractual clauses for international transfers
Adherence to the EU-US and Swiss-US Privacy Shield frameworks (where applicable)

10. Your California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

Right to Know

You have the right to request information about the personal data we collect, use, and disclose.

Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out

You have the right to opt-out of the sale of your personal information. Note: We do not sell personal information.

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, please contact us using the information in the Contact section below.

11. European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

We process your personal data based on:

Consent: When you agree to use our services
Contract: To provide the services you've requested
Legitimate Interests: To improve our services and ensure security
Legal Obligations: To comply with applicable laws

Your GDPR Rights

Right of Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate personal data
Right to Erasure: Request deletion of your personal data
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a structured format
Right to Object: Object to certain types of processing
Right to Withdraw Consent: Withdraw consent at any time
Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, please contact us using the information below.

12. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make significant changes, we will:

Update the "Last Updated" date at the top of this policy
Notify you through the app or via email
Request your consent if required by law

We encourage you to review this privacy policy periodically. Your continued use of the app after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

App Name: Critical Choice (Todo 4Q)
Developer: Michael Shen
Email: webmic1209@gmail.com
Website: https://michael-shen.github.io/critical-choice/
GitHub: https://github.com/Michael-Shen

We will respond to your inquiry within 30 days.

14. Consent

By using Critical Choice, you acknowledge that you have read and understood this privacy policy and agree to the collection, use, and disclosure of your personal information as described herein.

If you do not agree with this privacy policy, please do not use our app.