Privacy Policy
This Privacy Policy explains how Cartly+ (“the App”, “we”, “us”, “our”) collects, uses, and shares information when you use the App. If you have questions, contact us at support@s10solutions.com.
Summary
- We collect account and app content data to provide the core functionality (shared shopping lists and household features).
- We do not collect precise location data.
- We use product analytics, crash diagnostics, and advertising/measurement tools as described below.
- Free-tier users may see ads served by Google AdMob. Premium subscribers do not see ads.
- Subscription processing is handled through Apple In-App Purchases or Google Play Billing, with entitlements managed by RevenueCat.
- On iOS, we ask for your permission via Apple’s App Tracking Transparency (ATT) prompt before any cross-app/web tracking is enabled.
Information We Collect
Account Information
When you create an account or sign in, we collect identifiers necessary to provide authentication and account management. Depending on the sign-in method, this may include:
- Email address (for email/password sign-in, and possibly from provider sign-in depending on your settings)
- Provider identifiers from Sign in with Apple and/or Google Sign-In (e.g., a user ID token / subject identifier)
- Basic profile fields you choose to provide (e.g., display name)
User Content (User-Generated Content)
The App stores content you create and manage, such as shopping list items, household data, and related text-based content. This content is visible to you and, if you use shared households, to members you invite.
Subscription and Purchase Information
If you purchase a subscription, the platform store (Apple or Google) processes the payment. We and our subscription provider (RevenueCat) may receive subscription status information (e.g., active/expired) and transaction identifiers required to validate access. We do not receive your full payment card details.
Usage and Diagnostics
We use the following tools to operate, secure, and improve the App. These services may collect device identifiers and technical metadata as part of their normal operation:
-
Firebase Analytics (Google Analytics for Firebase) — anonymous app usage events (e.g., screen views,
paywall views, completed purchases), a randomly generated app instance ID, app version, OS version, and device model.
We also set a
is_premiumuser property to distinguish free vs. premium cohorts. We may set your account ID as the analytics user ID so we can attribute events across devices when you’re signed in. We do not upload your email, name, list contents, or other user content to analytics. - Firebase Crashlytics (Google) — crash and unhandled-error reports, including stack traces, device model, OS version, app version, and a random installation UUID. Used solely to diagnose stability issues. Crashlytics is enabled in our staging and production builds and disabled in development builds.
- Meta SDK / Facebook App Events — install attribution and purchase measurement so we can evaluate the effectiveness of any advertising campaigns we run on Meta platforms. When permitted (see ATT below), we send a hashed version of your email address (“Advanced Matching”) so Meta can match attributed events. We use Meta’s automatic purchase logging for paid subscriptions; we do not send list contents or household data to Meta.
- Google Mobile Ads (AdMob) — for free-tier users, we display ads served by AdMob. Depending on your consent and tracking choices, ads may be personalized or non-personalized. AdMob may collect device identifiers (including the Advertising Identifier when available) for ad delivery, frequency capping, and fraud prevention. Premium subscribers do not see ads.
- Operational logs — basic backend error logs strictly for maintaining service reliability.
App Tracking Transparency (iOS)
On iOS 14.5+, before any advertising/measurement tools track you across other apps and websites, we show Apple’s standard App Tracking Transparency prompt. If you decline, the Meta SDK is initialized in a non-tracking mode, AdMob is asked to serve non-personalized ads, and the iOS Advertising Identifier (IDFA) is not shared with these SDKs. You can change this at any time in Settings → Privacy & Security → Tracking.
Data used for tracking. When you allow tracking, the following categories may be linked with third-party data for advertising and measurement, consistent with our Apple App Store privacy disclosures:
- Device ID — the iOS Advertising Identifier (IDFA), used by AdMob and Meta
- Email address — a hashed copy sent to Meta for Advanced Matching
- User ID — your account identifier, used to match attributed events
- Product interaction — events such as paywall views and app sessions
- Purchase history — subscription purchase events
- Advertising data — ad impressions and interactions
If you decline the ATT prompt, this data is not used for tracking.
How We Use Information
- To authenticate you and maintain your account
- To provide core app features (create, store, sync, and share lists/households)
- To process and validate subscription entitlements (Premium access)
- To serve and measure ads to free-tier users
- To analyze app usage in aggregate, monitor stability, and improve the App
- To measure the effectiveness of marketing campaigns we run on third-party platforms
- To secure the service and prevent abuse
- To provide customer support and respond to inquiries
How We Share Information
We share information only as needed to operate the App:
- Supabase (backend infrastructure): authentication, database storage, and synchronization for your account and content.
- Apple and Google (In-App Purchases / Google Play Billing): subscription purchase processing.
- RevenueCat (subscription management): receipt validation, subscription status, and entitlement handling.
- Google (Firebase Analytics, Firebase Crashlytics, AdMob): product analytics, crash diagnostics, and advertising delivery as described above.
- Meta Platforms (Facebook): ad attribution and campaign measurement via the Meta SDK as described above.
We do not sell your personal information and do not share it with third parties for their own independent marketing purposes.
Data Retention
We retain your information for as long as your account is active or as needed to provide the service. You may request deletion as described below.
Your Choices and Rights
- Access/Correction: You can update certain account information within the App.
- Deletion: You can delete your account and associated data directly from Settings → Delete account in the App. You may also request deletion by contacting support@s10solutions.com.
- Meta data deletion: To request deletion of data Meta has received from the App via the Meta SDK, use the same channel: support@s10solutions.com with the subject “Meta data deletion request”.
- Tracking choices (iOS): Manage the App Tracking Transparency permission in Settings → Privacy & Security → Tracking.
- Ad personalization (Android): Manage the Advertising ID and personalization in Settings → Google → Ads.
- Household sharing: If you invite others, they can access shared household content according to your sharing settings.
Security
We implement reasonable technical and organizational measures to protect information. No method of transmission or storage is 100% secure.
Children’s Privacy
The App is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). If you believe a child has provided personal information, contact us and we will take appropriate steps to remove it.
International Availability
The App may be available in multiple countries/regions. Data may be processed where our service providers operate, consistent with applicable law.
Contact (Including DSA Contact Point)
For privacy questions, user reports, or legal/DSA inquiries, contact:
support@s10solutions.com
Changes to This Policy
We may update this Privacy Policy from time to time. We will update the “Last updated” date above and, when appropriate, provide additional notice.
