Last updated: April 27, 2026
Privacy Policy
This Privacy Policy describes how Workalisation ("Service Provider," "we," "us," or "our") collects, uses, stores, and shares information when you use the Maybe application ("Application") for iOS and the associated web application. By using the Application, you consent to the practices described in this Policy.
1. Who This Policy Applies To
This Policy applies to all users of the Maybe application on iOS and the web. We do not knowingly collect personal data from children under the age of 13. Users between 13 and 16 years of age should obtain parental or guardian consent before using the Application or providing any personal information. In jurisdictions (including the European Economic Area) where the minimum age for data processing consent is 16, parental consent is required for users under 16.
2. Information We Collect
2.1 Information You Provide Directly
When you create a task:
- Task title (text you type)
- Task status (completed, active, archived, deferred)
- Task creation and modification timestamps
- Task display position (ordering within the list)
When you sign in (optional):
- User identifier issued by Apple ("Sign in with Apple") or Google (Google OAuth)
- Email address (provided by Apple or Google; Apple may provide a relay address)
We do not collect your name, phone number, date of birth, payment card details, or any information beyond what is listed above.
2.2 Information Collected Automatically
Crash and error data (via Sentry): When the Application crashes or encounters an unexpected error, we automatically collect device type and iOS version, application version, a stack trace (technical description of where the error occurred), and a pseudonymous session identifier. This data does not include task content, your name, or your email address.
Subscription status (via Adapty): Whether you have an active Pro subscription, your App Store receipt (processed by Adapty to verify your subscription), and dates of subscription start and renewal.
2.3 Information We Do Not Collect
- Precise or approximate geographic location
- Contacts, photos, microphone, or camera data
- Browsing history or cross-app tracking data
- Keystroke or behavioral analytics
3. Calendar Integration (Optional)
If you enable the Calendar Integration feature, the Application requests permission to read your device's calendars via Apple's EventKit framework. Calendar data is:
- Read locally on your device only;
- Displayed within the Application to show your events alongside tasks;
- Never uploaded to our servers or shared with third parties.
You can revoke this permission at any time in iOS Settings → Privacy & Security → Calendars → Maybe.
4. How We Use Your Information
| Information | Purpose |
|---|---|
| Task data | To display, store, and sync your tasks across devices |
| Account identifier & email | To authenticate your account and associate cloud data with you |
| Crash and error data | To identify and fix bugs, improve stability |
| Subscription status | To determine which features are available to you |
We use your information only for the purposes described in this Policy. We do not use your task content for advertising, profiling, or machine-learning training.
5. How Your Data Is Stored
5.1 On Your Device (Local Storage)
Task data is stored locally on your device using SwiftData (Apple's SQLite-based framework) in a shared App Group container. The home-screen widget reads a compact subset of this data from shared UserDefaults. This data is protected by iOS's built-in sandbox security.
5.2 In the Cloud (Supabase)
If you are signed in or have an active Pro subscription, your task data is stored and synchronized via Supabase (Supabase Inc., USA) with the following security measures:
- Row-Level Security (RLS): Each database row is protected by policies ensuring you can only access your own data.
- Authentication: Your identity is verified by Supabase Auth before any cloud operation.
- Encryption in transit: All communication is encrypted using TLS.
- Soft-deletion: When you delete a task, it is marked as deleted rather than immediately removed. Records older than 30 days are permanently purged by a scheduled cleanup routine.
5.3 Data Stored in the Cloud Per User
| Field | Type | Description |
|---|---|---|
| id | UUID | Unique task identifier |
| user_id | UUID | Your Supabase account ID |
| title | Text | Task title |
| is_completed | Boolean | Completion status |
| is_archived | Boolean | Archive status |
| is_later | Boolean | "Later" deferral status |
| completed_at | Timestamp | When the task was completed |
| due_date | Timestamp | Optional due date |
| created_at | Timestamp | Creation time |
| updated_at | Timestamp | Last modification time |
| deleted_at | Timestamp | Soft-delete marker (null if active) |
| position | Text | Display order index |
6. Data Sharing with Third Parties
We do not sell, rent, or trade your personal data. We share data only with the service providers listed below, strictly for the purposes described:
6.1 Supabase (Supabase Inc.)
Role: Cloud database and authentication provider.
Data shared: Task data, session data, account identifiers.
Why: To provide cloud synchronization between your devices.
6.2 Adapty (Adapty Inc.)
Role: Subscription and in-app purchase management.
Data shared: Subscription status, App Store receipt, anonymous device identifier.
Why: To verify and manage your Pro subscription.
6.3 Sentry (Functional Software, Inc.)
Role: Crash and error reporting.
Data shared: Device type, iOS version, app version, anonymized crash traces.
Why: To detect and fix technical issues.
6.4 Apple Inc.
Role: Authentication provider ("Sign in with Apple"), App Store payment processing.
Data shared: Authentication tokens processed by Apple's servers.
6.5 Google LLC
Role: Optional authentication provider (Google OAuth).
Data shared: OAuth token and email address if you choose to sign in with Google.
We may also disclose your information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of the Service Provider, our users, or the public.
7. Real-Time Synchronization
When you are signed in, the Application maintains a WebSocket connection to Supabase Realtime to deliver changes to your tasks in approximately 1 second across all your devices (iOS and web). This connection:
- Is established only while the Application is in the foreground (iOS) or the browser tab is active (web);
- Is filtered to your user ID — you only receive events related to your own data;
- Is encrypted in transit;
- Is closed automatically when you background the app or sign out.
8. Data Retention
| Data type | Retention period |
|---|---|
| Task data (active) | Until you delete the task or your account |
| Task data (soft-deleted) | Up to 30 days after deletion, then permanently purged |
| Local device data | Until you uninstall the app or sign out |
| Crash reports (Sentry) | 90 days (Sentry's default) |
| Subscription records (Adapty) | Per Adapty's policy |
9. Your Rights and Choices
Depending on your country of residence, you may have the following rights: access, correction, deletion, portability, restriction of processing, and objection to processing based on our legitimate interests.
To exercise any of these rights, please contact us at teamlead@workalisation.dev. We will respond within 30 days.
To delete your data immediately:
- Sign out of the Application (Settings → your account → Sign Out) — this clears all local data from your device.
- Email us at teamlead@workalisation.dev to request deletion of your cloud data from Supabase.
To stop all data collection: Uninstall the Application. Contact us to delete your cloud data.
10. Security
We take appropriate technical and organizational measures to protect your information:
- All data in transit is encrypted via TLS/HTTPS.
- Cloud data is protected by Supabase Row-Level Security policies — only you can access your rows.
- Local device data is protected by iOS's application sandbox and device encryption.
- Authentication tokens are stored in the device Keychain and managed by Supabase Auth.
No system is completely secure. If you believe your account has been compromised, please contact us immediately at teamlead@workalisation.dev.
11. Children's Privacy
The Application is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will delete that information promptly.
If you believe your child has provided us with personal information without your consent, please contact us at teamlead@workalisation.dev.
12. International Data Transfers
Your data may be stored and processed in countries other than your country of residence, including the United States, where Supabase, Adapty, and Sentry operate their infrastructure. These countries may have different data protection laws than your own. We rely on appropriate legal mechanisms (such as standard contractual clauses where applicable) to facilitate these transfers.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the date at the top of this Policy and, where appropriate, through in-app notifications. Your continued use of the Application after the effective date constitutes acceptance of the revised Policy.
14. Consent
By using the Application, you consent to the collection and use of your information as described in this Privacy Policy.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
Workalisation
Email: teamlead@workalisation.dev