Privacy Policy for One Thing

An app by Danimate LLC

Effective date: May 14, 2026

This Privacy Policy explains what information Danimate LLC (“we”, “us”) collects when you use the One Thing app and our related web properties (collectively, the “Service”), how we use that information, and the choices you have.

1. What we collect

We collect only the information needed to run the Service. We do not sell personal information, and we do not use third-party advertising or analytics SDKs.

1.1 Account information

• A randomly generated anonymous account identifier issued by Firebase Authentication when you first open the app. This identifier lets your tasks and streaks travel with you across app launches and devices you’ve paired.
• If you choose to Sign in with Apple or Sign in with Google, we additionally receive the credential token issued by that provider and link it to your anonymous account. Depending on the provider, this may include your name and an email address (which may be a private relay address you control).

1.2 Content you create

• The task text you enter for each day (your “One Thing”).
• Completion state for each day, including completion time and whether completion occurred on time or within the grace period.

1.3 Settings and device metadata

• Reminder times and day-rollover preferences you configure.
• The IANA time-zone name reported by your device, used so reminders fire at the correct local time.
• A platform tag (e.g. ios, android, web) for each device joined to your account.
• On the web only: a Firebase Cloud Messaging (FCM) token, so the Service can deliver browser push notifications. This token is rotated periodically by your browser.

1.4 What we do NOT collect

• We do not embed third-party advertising SDKs, ad identifiers (IDFA / GAID), or marketing trackers.
• We do not collect contacts, photos, calendars, location, or any other system data not listed above.
• The QR-code pairing flow uses the camera only to scan a short pair code. The camera image is processed on-device by the platform’s barcode reader and is not transmitted or stored.

2. How we use the information

We use your information to:

• Display your One Thing each day and let you mark it complete.
• Compute and display streaks and completion statistics.
• Schedule and deliver local notifications (on mobile) or web push reminders (on the web) at the times you configure.
• Sync your tasks between devices that you have explicitly paired.
• Respond to support requests you send us.

3. Where data is stored

Your data is stored in Google Cloud’s Firestore database, accessed through Firebase, in the region 'nam5' in North America. Firestore writes are encrypted in transit (TLS) and at rest. Authentication is provided by Firebase Authentication.

We use Cloud Functions (also on Google Cloud) for housekeeping tasks such as account deletion, device pairing, and (on the web) sending scheduled reminder pushes via Firebase Cloud Messaging.

4. Third parties

The Service relies on the following processors, each of which has their own privacy commitments:

• Google Firebase / Google Cloud — hosting, authentication, database, functions, push delivery.
• Apple — only if you choose Sign in with Apple.
• Google Identity — only if you choose Sign in with Google.

We do not share your information with any other third party.

5. Local storage on your device

On your device, One Thing stores a small offline cache so the app remains usable without an internet connection:

• A Firestore offline cache of your own data, written by the Firebase SDK.
• A small key/value store (SharedPreferences on iOS/Android, localStorage on the web) that holds your onboarding state and a queue of pending notification actions to be flushed on the next launch.

Uninstalling the app or clearing site data removes these local copies. Your server-side data remains until you delete your account.

6. Your rights and choices

• Export your data. In Settings → Export my data, you can generate a JSON file containing every task and completion record on your account.
• Delete your account. In Settings → Delete my account, you can permanently delete your authentication record, all of your task data, and any devices you’ve paired. This action cannot be undone.
• Stop notifications. You can revoke notification permission at any time in your device’s system settings.
• Access, correction, and other rights. Depending on where you live (for example, the EU/UK under the GDPR, California under the CCPA/CPRA), you may have additional rights such as the right to access, correct, or restrict processing of your personal information. You can exercise these by contacting us at daniel@danimate.net.

7. Children

The Service is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, please contact us at daniel@danimate.net and we will delete it.

8. Data retention

We retain your data for as long as your account is active. When you delete your account, your task records, household memberships, and authentication record are removed within a few seconds; backups and infrastructure logs that may contain identifiers are rotated out within 30 days.

9. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Effective date” above and, when practical, notify you in the app the next time you open it. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

10. Contact

Questions, requests, or feedback? Email us at daniel@danimate.net.