Privacy Policy

Last updated: March 10, 2026

issho ("we", "us", "our") is a household management app for couples. We take your privacy seriously. This policy explains what data we collect, why we collect it, how we process it, and your rights under the EU General Data Protection Regulation (GDPR/DSGVO).

1. Data Controller

Leon Pawelzik
Email: privacy@issho.app

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

Email address
Display name
ADHD profile selection (e.g. "I have ADHD", "My partner has ADHD")
Accent color preference

If you sign in via Apple or Google, we receive your name and email from the respective provider. We do not receive or store your password for social sign-ins.

2.2 Household Data

Data you create while using the app:

Household name and partner information
Areas/rooms in your household
Tasks, subtasks, and their metadata (title, effort level, priority, tags, status)
Energy check-ins (energy level, mood)
Focus sessions and co-clean sessions
Gamification data (points, virtual home level)
Appreciation messages between partners

2.3 Photos

When you use the photo-to-tasks feature, your photo is uploaded to our servers and sent to Google's Gemini AI for analysis (see Section 4). Photos are stored on our backend infrastructure. You can delete photos by deleting the associated tasks.

2.4 Feedback

If you submit in-app feedback, we collect your emoji rating, text comment, the screen you were on, and your app/iOS version.

2.5 Alpha Signup Data

When you sign up for the alpha via our website, we collect your email address and your optional questionnaire responses (ADHD relationship, household challenge, feature wishes, device type).

2.6 Automatically Collected Data

Analytics: Screen views and usage events (anonymized). We use PostHog with EU data residency (eu.i.posthog.com).
Crash reports: If the app crashes, we collect error data, device information, and a screenshot of the app at the time of the crash. This may include visible task names or household information. We use Sentry for crash reporting.
Push notification token: If you enable notifications, we store your device push token to send reminders.

3. How We Use Your Data

Provide the service: Store your tasks, sync between partners, manage your household (legal basis: contract performance, Art. 6(1)(b) GDPR).
AI task enrichment: When you create a task, we send the task title to Google Gemini to estimate effort, suggest an area, and generate micro-steps. When you use photo-to-tasks, the photo is sent to Google Gemini for room detection and task generation (legal basis: consent, Art. 6(1)(a) GDPR). You can disable AI features in your settings.
Send notifications: Gentle reminders and partner activity updates, max 3–5 per day (legal basis: consent, Art. 6(1)(a) GDPR).
Improve the app: Anonymized analytics help us understand which features are used and fix issues (legal basis: legitimate interest, Art. 6(1)(f) GDPR).
Alpha communications: If you signed up for the alpha, we use your email to send access invitations and development updates, max once per week (legal basis: consent, Art. 6(1)(a) GDPR).

4. Third-Party Services

We use the following third-party services to operate issho:

Clerk (Authentication)

Handles sign-in and identity verification. Receives your email, name, and OAuth tokens. Clerk Privacy Policy

Convex (Backend & Database)

Stores all app data including tasks, households, and photos. Convex Privacy Policy

Google Gemini (AI Processing)

Processes task titles and photos for AI enrichment. Task titles and photos are sent to Google's servers. Google may retain input data for up to 30 days. Gemini API Terms

PostHog (Analytics)

Collects anonymized usage events. EU data residency (Frankfurt). PostHog Privacy Policy

Sentry (Crash Reporting)

Receives crash reports including error data, device info, and app screenshots at the time of a crash. Sentry Privacy Policy

Expo (Push Notifications)

Delivers push notifications to your device. Receives your device push token. Expo Privacy Policy

We do not sell your data to any third party.

5. Data Retention

Account & household data: Stored as long as your account is active. Deleted upon request.
Photos: Stored as long as the associated task exists. Deleted when you delete the task.
Crash reports: Retained by Sentry for up to 90 days.
Analytics data: Retained by PostHog for up to 12 months.
Alpha signup data: Retained until the alpha program ends, then deleted unless you become a user.

6. Your Rights (GDPR/DSGVO)

Under the GDPR, you have the right to:

Access — Request a copy of all data we hold about you.
Rectification — Correct inaccurate data.
Erasure — Request deletion of your data ("right to be forgotten").
Data portability — Receive your data in a machine-readable format.
Restrict processing — Limit how we use your data.
Object — Object to processing based on legitimate interest.
Withdraw consent — Withdraw consent for AI processing or notifications at any time, without affecting prior processing.

To exercise any of these rights, email privacy@issho.app. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

7. Data Security

All data is transmitted over HTTPS. Authentication tokens are stored in your device's secure keychain (Expo SecureStore). API keys for third-party services are stored server-side and never exposed to the client. We use Convex's managed infrastructure which includes encryption in transit.

8. Children's Privacy

issho is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via the app or email. The "last updated" date at the top of this page reflects the most recent revision.

10. Contact

Questions about this privacy policy or your data?
Email: privacy@issho.app