Privacy policy
Last updated · 18 May 2026
Ticklyst (the iPhone shopping-list app) is built and run by Mykaah Studio in the United Kingdom. This page explains what data we collect when you use Ticklyst, why we collect it, who else gets to see it, and how you control it. Plain language, no dark patterns.
What we collect
| Account data | Your email address, display name, and (if you sign up with an email/password) a Firebase-hashed password. We never see your plaintext password. If you sign in with Apple or Google, we receive whatever those providers share — typically name and email. |
|---|---|
| Lists and items | The names of lists you create, the items you add, quantities, notes, categories you assign, and timestamps for when you add or check things off. This is the product. |
| Invite data | When you invite someone by email, we store their email address against your invite so we can deliver it. Invites are deleted when accepted, declined, or revoked. |
| Push notification token | A unique identifier from Apple's notification service so we can send you a push when, for example, someone invites you to a shared list. Cleared the moment you sign out or delete your account. |
| Usage analytics | Anonymised events showing which features people use (e.g. “an item was added”, “shopping mode opened”). Helps us decide what to build next and find bugs faster. No personally identifying information is sent with these. |
| Session recordings | We use Microsoft Clarity to record how people interact with the app — what they tap, where they get stuck. Passwords and other sensitive fields are automatically masked. We pause recording entirely during the sign-in flow. |
| Location | Only when you actively use “Find nearby stores”— we read your phone's approximate location to look up supermarkets near you from a list bundled inside the app. Your location never leaves your phone and is not stored on our servers. |
| Device and crash data | Standard information like your device model, iOS version, and any crashes the app experiences. Used to keep the app working on the devices people actually use. |
Why we collect it
- To run the app. Identifying you across devices, syncing your lists, delivering invites, sending the push when someone shares with you.
- To make the app better.Usage analytics and session recordings show us what works and what doesn't.
- To fix things. Crash data tells us when something broke for you so we can patch it.
We don't use your data to build advertising profiles, we don't sell it, and we don't share it with data brokers. There are no ads in Ticklyst.
Who else sees it
| Google Firebase | Hosts the backend: authentication, the cloud database that stores your lists, push notification delivery, the function that sends invite notifications. Google's privacy policy: policies.google.com/privacy. |
|---|---|
| Apple | If you sign in with Apple, Apple handles authentication. Apple's policy: apple.com/legal/privacy. |
| Google Sign-In | If you sign in with Google, Google handles authentication. Same Google privacy policy as above. |
| Microsoft Clarity | Processes anonymised usage analytics and session recordings. Microsoft's policy: privacy.microsoft.com/privacystatement. |
| People you invite | Members of a shared list can see the items, quantities, notes, and who added or checked off each one. They can also see other members' display names and email addresses. They cannot see lists you haven't shared with them. |
Where your data is stored
Your data is processed by Google Firebase in the United States under their standard contractual clauses. By using Ticklyst you consent to your data being transferred to and processed in the US. Microsoft Clarity may also process your interaction data in regions outside the UK.
Your rights (UK GDPR)
You can do all of the following at any time. Most are one tap inside the app:
- See what we have — email ticklyst@outlook.com and we'll send you an export of your account and lists.
- Delete your account — Account → Delete account inside the app. This removes your account, your private lists, and your data from Firebase. Shared lists are transferred to another member so their work survives.
- Edit your information — change your display name in Account inside the app.
- Stop analytics — deleting your account stops all data collection on you from that moment.
- Complain to the ICO— you can complain to the UK Information Commissioner's Office at ico.org.uk if you think we've mishandled your data.
How long we keep it
Account data: until you delete your account. Lists and items: until you delete them, or until you delete your account. Deleted items are tombstoned for a few minutes for sync purposes and then permanently removed. Analytics and session recordings: retained by Microsoft Clarity for up to 13 months from the most recent visit.
Children
Ticklyst is not directed at children under 13 and we don't knowingly collect data from them. If you believe a child has created an account, contact us and we'll remove it.
Security
Data is transmitted over HTTPS. Passwords are hashed by Firebase Authentication — we never see or store the plaintext. Firestore's security rules enforce that only members of a list can read its contents. No online service is 100% secure, but we apply industry-standard practices and patch quickly when issues are found.
Changes to this policy
If we change anything material we'll update the date at the top and, where appropriate, surface a notice inside the app. Continued use after a change means you've accepted the updated policy.
Contact
Email ticklyst@outlook.com with anything privacy-related — data requests, deletion questions, complaints. We'll respond within 30 days, usually much sooner.
© Mykaah Studio · Ticklyst is an iOS app