Privacy Policy
1. Data Controller
Makoto Studio is the data controller responsible for processing your personal data in connection with essentia. Contact details:
- Trade name: Makoto Studio
- Email: developer@makotostudio.dev
As Makoto Studio is an individual developer without a large-scale processing operation and without processing special categories of data on a large scale, the appointment of a Data Protection Officer (DPO) is not required under Article 37 GDPR. For all privacy-related enquiries, contact us directly at the email address above.
2. Scope
This Privacy Policy applies to:
- The essentia application for iPhone, iPad, and Mac;
- Our website at essentia.makotostudio.dev;
- Any related services, APIs, or backend systems operated by Makoto Studio in connection with essentia.
It does not apply to third-party services that you may access through or in connection with essentia (e.g., Apple services), which are governed by their own privacy policies.
3. Data We Collect
The following tables describe the personal data essentia collects, consistent with Apple's App Privacy nutrition label.
3.1 Account Data (Linked to You)
| Data | Details | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Email address | Provided at registration | Authentication, account recovery | Performance of contract | Until account deletion |
| Password | Hashed (bcrypt) by Supabase; never stored in plaintext | Authentication | Performance of contract | Until account deletion |
3.2 User Content (Linked to You — essentia Pro only)
| Data | Details | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Tasks and notes | Titles, note bodies, due dates, priorities, completion status, recurrence rules | Core app functionality, cross-device sync | Performance of contract | Until account deletion |
| Collections | Collection names and task membership | Core app functionality, cross-device sync | Performance of contract | Until account deletion |
| Checklists | Checklist items associated with tasks | Core app functionality, cross-device sync | Performance of contract | Until account deletion |
| Locations | Location name (text label) and geographic coordinates (latitude and longitude) of places associated with tasks | Location-based reminders, core app functionality, cross-device sync | Performance of contract | Until account deletion |
Free tier users: all content remains on-device only in a local SQLite database and is never uploaded to our servers.
3.3 Device Data (Linked to You)
| Data | Details | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Push token (APNs) | Apple-issued token for this device | Delivery of push notifications | Performance of contract | Until account deletion or token invalidation |
| Device name | e.g., "Javier's iPhone" | Multi-device identification (Pro) | Performance of contract | Until account deletion |
| Platform | iOS, iPadOS, or macOS | Multi-device sync (Pro) | Performance of contract | Until account deletion |
| Device ID | Vendor-scoped identifier (UIDevice.identifierForVendor) — not shared with third parties | Multi-device identification (Pro) | Performance of contract | Until account deletion |
3.4 Analytics Data (Not Linked to You)
| Data | Details | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Usage events | Screen views, feature interactions — no user content, no personal identifiers, no user IDs | App improvement, understanding feature usage | Legitimate interests | 14 months (Firebase default) |
| Subscription tier | Free or Pro (anonymous, not linked to account) | Usage analytics | Legitimate interests | 14 months (Firebase default) |
3.5 Crash Data (Not Linked to You)
| Data | Details | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Crash reports | Stack traces, device model, OS version — no user content, no personal identifiers | Crash diagnosis and bug fixing | Legitimate interests | 90 days (Firebase Crashlytics default) |
3.6 Purchase Data (Linked to You)
| Data | Details | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Subscription history | essentia Pro purchase and renewal history via Apple / RevenueCat — payment card details are never accessible to us | Subscription management, entitlement verification | Performance of contract; legal obligation (6 years — Spanish Commercial Code) | 6 years from the date of the transaction |
4. Data We Do NOT Collect
- Advertising identifiers (IDFA) — we do not use or request ad tracking
- Cross-app or cross-site tracking data
- Real-time GPS location (we do not request runtime location permission)
- The content of your tasks or notes within analytics events
- Contact lists, photos, camera, microphone, or media
- Browsing history or web activity
- Health or biometric data
- Any data sold, licensed, or shared with advertisers or data brokers
- User profiles for advertising or profiling purposes
essentia's Privacy Manifest declares NSPrivacyTracking: false and lists no tracking domains.
5. Lawful Basis for Processing
Under Article 6 of the GDPR, we process your personal data on the following legal bases:
| Legal Basis | When We Rely On It |
|---|---|
| Performance of a contract (Art. 6(1)(b)) | Account creation, authentication, user content sync, device management, push notifications, subscription management |
| Legitimate interests (Art. 6(1)(f)) | Anonymous analytics and crash reporting to improve the App. Our interest in understanding usage and fixing bugs is balanced against your minimal privacy impact (no PII involved) |
| Legal obligation (Art. 6(1)(c)) | Retention of purchase/transaction data for 6 years under the Spanish Commercial Code |
Where we rely on legitimate interests, you have the right to object to that processing at any time. See Section 12 for your rights.
6. How We Use Your Data
- Authentication: To create and secure your account and verify your identity.
- Core functionality: To store, organise, and display your tasks, notes, and collections.
- Cloud sync (Pro): To synchronise your data across your Apple devices.
- Push notifications: To deliver reminders you configure, including task titles sent via APNs.
- Analytics: To understand how features are used and guide product improvements (anonymous, no PII).
- Crash reporting: To identify, diagnose, and fix bugs and crashes (anonymous).
- Subscription management: To verify and maintain your essentia Pro entitlement.
- Security: To detect, investigate, and prevent abuse, fraud, and security incidents.
- Legal compliance: To comply with applicable laws, regulations, and legal process.
7. Third-Party Processors
We share your data only with trusted processors that help us operate the Service. We have data processing agreements in place with each processor where required by GDPR.
| Processor | Purpose | Data Shared | Processing Location | Safeguards | Privacy Policy |
|---|---|---|---|---|---|
| Supabase | Authentication and cloud database (Pro sync) | Email, hashed password, user content, device data | EU (Frankfurt, Germany) | EU-hosted; Supabase DPA | supabase.com/privacy |
| Firebase Analytics (Google) | Anonymous usage analytics | Anonymous usage events; no PII, no user IDs | USA (and other Google regions) | EU-US Data Privacy Framework; Standard Contractual Clauses (SCCs) | policies.google.com/privacy |
| Firebase Crashlytics (Google) | Crash reporting and diagnosis | Crash reports (stack traces, device model, OS); no user content | USA (and other Google regions) | EU-US Data Privacy Framework; Standard Contractual Clauses (SCCs) | policies.google.com/privacy |
| RevenueCat | Subscription management and entitlement verification | Subscription history, purchase events | USA | Standard Contractual Clauses (SCCs) | revenuecat.com/privacy |
| Apple (APNs) | Push notification delivery | Push token, notification payload (may include task title) | Apple's global infrastructure | Apple's standard terms; Apple DPA | apple.com/legal/privacy |
| Apple (StoreKit) | In-app purchase processing | Purchase and subscription events (managed by Apple) | Apple's global infrastructure | Apple's standard terms | apple.com/legal/privacy |
| Apple (MapKit) | Place search for location labels | Search text you type when adding a location to a task | Apple's global infrastructure | Apple's standard terms | apple.com/legal/privacy |
| Apple (EventKit) | Calendar integration (local only) | Calendar data stays on-device; not transmitted to us | On-device only | Apple's system-level access controls | apple.com/legal/privacy |
| Apple (LinkPresentation) | URL preview generation for links in notes | URLs you include in notes (fetched by your device) | On-device / Apple CDN | Apple's standard terms | apple.com/legal/privacy |
8. International Data Transfers
Our primary backend (Supabase) is hosted in the European Union (Frankfurt, Germany) and your data does not leave the EU in that context.
However, we use the following third-party services that process data outside the EU/EEA:
- Firebase Analytics and Firebase Crashlytics (Google): Data may be processed in the United States and other countries where Google operates. Transfers to the USA are covered by: (a) Google's participation in the EU-US Data Privacy Framework; and (b) the execution of Standard Contractual Clauses (SCCs) approved by the European Commission.
- RevenueCat: Data is processed in the United States. Transfers are covered by Standard Contractual Clauses (SCCs).
You have the right to request a copy of the applicable SCCs. To do so, contact us at developer@makotostudio.dev.
9. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data (email, password hash) | Until account deletion |
| User content (tasks, notes, collections, locations) | Until account deletion (cascade deletion via delete-account Edge Function) |
| Device data (push tokens, device info) | Until account deletion or token invalidation |
| Analytics data | 14 months (Firebase Analytics default retention) |
| Crash reports | 90 days (Firebase Crashlytics default) |
| Purchase / subscription history | 6 years from transaction date (Spanish Commercial Code, Art. 30) |
Account deletion is permanent and irreversible. You can delete your account at any time from essentia's Settings. All remote data is deleted immediately upon account deletion via cascading database deletion.
10. Data Security
We implement the following security measures to protect your data:
- Password hashing: Passwords are hashed using bcrypt via Supabase Auth and never stored in plaintext.
- Encrypted transit: All data in transit between the App and our servers is protected by HTTPS/TLS.
- Encryption at rest: Remote data in Supabase is encrypted at rest using AES-256.
- Row-Level Security (RLS): Database access policies ensure users can only access their own data.
- Auth tokens: We use PKCE (Proof Key for Code Exchange) for secure authentication token exchange.
- Local storage: Data is stored in the app's sandboxed container on-device, accessible only to essentia. Sensitive auth tokens are stored in the system Keychain.
- Access control: Direct database access is restricted; all access goes through authorised API layers.
While we implement industry-standard security measures, no system can guarantee absolute security. We encourage you to use a strong, unique password for your account.
11. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the Spanish Data Protection Authority (AEPD) within 72 hours of becoming aware of the breach, where feasible, in accordance with Article 33 GDPR;
- Notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms, in accordance with Article 34 GDPR.
Breach notifications to users will be sent to the email address associated with your account and will include: a description of the nature of the breach, the categories and approximate number of records affected, the likely consequences, and the measures taken or proposed to address the breach.
If you suspect that your account has been compromised, please contact us immediately at developer@makotostudio.dev.
12. Your Rights (GDPR)
If you are located in the European Economic Area (or the UK), you have the following rights regarding your personal data under the GDPR:
- Access (Art. 15): Request a copy of the personal data we hold about you.
- Rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Erasure (Art. 17): Request deletion of your data (right to be forgotten), subject to legal retention obligations.
- Data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
- Restriction of processing (Art. 18): Request that we limit processing of your data in certain circumstances.
- Objection (Art. 21): Object to processing based on legitimate interests (Section 5). We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- No automated decision-making: We do not use your data for solely automated decisions that produce legal or similarly significant effects.
- Lodge a complaint: You have the right to lodge a complaint with the supervisory authority in your country of residence (see Section 18 for AEPD contact details).
To exercise any of these rights, contact us at developer@makotostudio.dev. We will respond within one month of receiving your request. Exercising your rights is free of charge. We may ask you to verify your identity before processing your request.
13. Children's Privacy
essentia is not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at developer@makotostudio.dev and we will delete that information promptly.
If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete such data from our records.
14. Cookie Policy
Our website at essentia.makotostudio.dev does not use cookies, tracking pixels, or any other persistent tracking technologies. No analytics or advertising trackers are deployed on the website.
The essentia App itself does not use web cookies. If this changes in the future, we will update this policy and obtain your consent where required by applicable law before deploying any tracking technologies.
15. Local-First Architecture
essentia is designed local-first. All tasks, notes, collections, and other content are stored on your device in a local SQLite database. Cloud sync is an optional feature available exclusively to essentia Pro subscribers.
Sync operates on a field-level Last-Write-Wins (LWW) basis: only the fields that have changed since the last sync are transmitted to Supabase. The cloud database acts as a supplementary backup and sync layer, not the primary data store.
If you use the free tier, none of your personal content is ever transmitted to our servers. The app is fully functional offline, with no degradation in core features.
16. Permissions: Calendar, Location & Others
Calendar (EventKit)
If you grant calendar permission, essentia can display existing calendar events alongside your tasks and create new calendar events from tasks. This data stays entirely on-device and is never transmitted to our servers.
Locations & MapKit
essentia supports adding named locations to tasks for location-based reminders. When you use this feature:
- The location name and geographic coordinates (latitude and longitude) of places you select are stored locally on your device and, for Pro users, synchronised to Supabase.
- When you search for a place using the search field, the text you type is sent to Apple's MapKit services per Apple's privacy policy.
- essentia does not request runtime GPS / precise location permission (
NSLocationWhenInUseUsageDescription/NSLocationAlwaysUsageDescription). Coordinates are derived from places you explicitly select from MapKit search results, not from your real-time GPS position.
Push Notifications
If you grant push notification permission, essentia delivers task reminders via Apple Push Notification service (APNs). Notification payloads may include the title of the task being reminded. Push tokens are stored in Supabase and used solely for notification delivery.
Permissions We Do NOT Request
essentia never requests: Camera, Microphone, Photos library, Contacts, Precise GPS location (runtime), Health data, or App Tracking Transparency (ATT). Background processing is used only for App Refresh and background task scheduling.
17. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes (e.g., new data categories, new third-party processors, or changes to your rights), we will provide at least 30 days' advance notice by sending an email to the address associated with your account and/or displaying a prominent in-app notification.
Minor changes (corrections, clarifications) may be made without advance notice. We will always update the "Last updated" date at the top of this page.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.
18. Contact & Complaints
For any questions, requests, or concerns about this Privacy Policy or how we handle your data, contact us:
Makoto Studio
developer@makotostudio.dev
If you are not satisfied with our response, or believe we are processing your data in violation of GDPR, you have the right to lodge a complaint with the competent supervisory authority:
Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6
28001 Madrid, Spain
Web: aepd.es
Phone: +34 901 100 099
If you are resident in another EU member state, you may also contact the supervisory authority in your country of residence.