Privacy Policy

Effective date: 8 June 2026

This Privacy Policy explains how Home Task processes personal data. It is drafted for compliance with the EU General Data Protection Regulation (GDPR) and related privacy laws.

1. Who we are

Home Task is an app for managing shared household tasks. Users can create or join groups, create chores, mark chores as completed, view group statistics, upload profile pictures, take task-related photos, and receive push notifications.

For GDPR purposes, the data controller is Carlo Dottor. Google Firebase acts as a service provider/data processor for the backend services used by the app.

2. Personal data we process

We do not intentionally collect special-category data under Article 9 GDPR. However, users may upload photos or free-text descriptions that include personal or sensitive information. Users should avoid uploading unnecessary sensitive information.

3. Why we process personal data and our legal bases

Where processing is based on consent, you may withdraw consent at any time. Withdrawing consent does not affect processing that happened before withdrawal.

4. How the app shares data with other users

Home Task is a shared group app. Some information is visible to other authenticated members of your groups, including your nickname and profile photo, groups you joined, tasks you create or complete, completion dates, photos/reports connected to group members, and statistics showing task completions and reports sent or received.

Do not add personal data about someone else unless you have a lawful reason and the information is appropriate for the group context.

5. Service providers and recipients

We use Google Firebase and related Google Cloud services to operate the app, including Firebase Authentication, Cloud Firestore, Firebase Storage/Google Cloud Storage, Firebase Cloud Messaging, Firebase Cloud Functions, Firebase App Check, Remote Config, Firebase Analytics, and Firebase In-App Messaging.

Google may process personal data as our processor/service provider under its applicable Firebase and Google Cloud terms. We may also disclose data if required by law, to protect rights and security, or in connection with a business transfer such as a merger or acquisition.

6. International data transfers

Firebase and Google Cloud services may process personal data in countries outside the European Economic Area, including the United States. Where required, transfers are protected by appropriate safeguards such as European Commission Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms made available by Google.

7. Retention

We keep personal data only as long as needed for the purposes described in this policy. Account and profile data are kept while your account exists. Group, task, and report data are kept while needed to provide shared group history and statistics. Uploaded photos are kept while the related account, profile, or report exists. FCM tokens are kept while your account exists or until replaced by a new token. Local preferences remain on your device until you delete the app data, uninstall the app, or sign out where the app clears the relevant preference.

When you delete your account, the app deletes your Firebase Authentication account. Backend cleanup then removes your profile, removes your membership from groups, deletes task completion records associated with your user ID, deletes report records where you were the reported person, and deletes related profile/report images stored under your user paths. Some shared group content may remain if needed by other group members, but it should no longer identify your account where the cleanup applies.

Backups and logs may persist for a limited period according to Google/Firebase backup and security practices.

8. Your GDPR rights

Subject to legal limits, you have the right to access your personal data, correct inaccurate data, request deletion, restrict processing, object to processing based on legitimate interests, receive a portable copy of data you provided, withdraw consent where processing is based on consent, and lodge a complaint with your local data protection authority.

To exercise these rights, contact us at [email protected]. We may need to verify your identity before responding.

If you are in Italy, you may contact the Garante per la protezione dei dati personali. If you are in another EU/EEA country, you may contact your local supervisory authority.

9. Account deletion

You can delete your account from the app settings by selecting Delete Account. This permanently deletes the Firebase Authentication account and triggers backend cleanup for associated data.

If account deletion fails because Firebase requires recent login, sign in again and retry. You may also use the account deletion request page or contact [email protected] for assistance.

10. Camera, photo library, and notifications

The app asks for camera access to take task/report photos. It asks for photo library access to choose profile photos or other images where supported. The app asks for notification permission to send push notifications.

You can control these permissions through your device settings. If you disable a permission, the related feature may not work.

11. Children

Home Task is not intended for children under 16. If you believe a child has provided personal data, contact us at [email protected] so we can review and delete it where appropriate.

12. Security

We use Firebase Authentication, Firestore security rules, Firebase App Check, and Firebase/Google Cloud security controls to protect personal data. Access to group tasks and reports is limited to group members by app and database rules.

No system is completely secure. If we become aware of a personal data breach requiring notification, we will notify affected users and/or supervisory authorities as required by law.

13. Changes to this policy

We may update this Privacy Policy when the app, legal requirements, or our processing practices change. The updated version will show a new effective date. If changes are material, we will provide appropriate notice.

14. Contact

Data controller: Carlo Dottor

Address: Via Matteotti, Canzo (CO)

Email: [email protected]