Privacy policy
Last updated: September 26, 2025
Privacy Summary
listo is a digital checklist application that helps hosts and team members streamline property management through customizable checklists and verification workflows. We collect only the data necessary to provide our checklist application and protect your privacy with industry-standard security measures.
1. Information We Collect
Account information
When you create an account with listo, we collect:
- Name: Your full name for account identification
- Email address: Used for account login, notifications, and communications
- Phone number: Optional contact information
- Profile photo: Optional profile picture
- User role: Whether you're a host or team member
- Language preference: For app localization (defaults to English)
Property and checklist data
To provide our digital checklist application, we collect:
- Property information: Property names, addresses, and basic details
- Verification photos: Images taken during property checklist completion
- Checklist records: Inspection completion status, timestamps, and item verification data
- Team assignments: Host and team member roles with property access permissions
Technical information
We automatically collect certain technical data to improve our services:
- Device information: Device type, operating system, app version
- Usage analytics: App usage patterns and feature interactions (via Amplitude)
- Push notification tokens: To send important updates and notifications
- Authentication data: Login timestamps and session information
2. How We Use Your Information
We use the collected information for the following purposes:
Service Provision
- Creating and managing your account
- Providing digital checklist tools for property management workflows
- Storing and organizing verification photos and checklist data
- Managing host and team member access permissions
- Sending important notifications about checklist assignments, checklist updates, and team activities
Service Improvement
- Analyzing usage patterns to improve app functionality
- Identifying and fixing technical issues
- Developing new features based on user behavior
- Ensuring app performance and reliability
Communication
- Sending account-related notifications
- Providing customer support
- Sharing important service updates
3. Third-Party Services
We use the following third-party services to provide and improve our platform:
| Service | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Google Sign-In | User authentication | Name, email address | Google privacy policy |
| Firebase Messaging | Push notifications | Device tokens, user ID | Firebase privacy |
| Amplitude | Usage analytics | Anonymous usage data, device info | Amplitude privacy policy |
| Supabase | Database and file storage | All application data | Supabase privacy policy |
| Google Maps API | Address verification | Property addresses (for validation only) | Google Maps terms |
4. App Permissions
Our mobile apps request the following permissions:
Camera access (iOS/Android)
Required to take verification photos during checklist completion. Photos are only captured when you actively use the camera feature for item verification.
Photo library access (iOS)
Allows you to select existing photos for checklist verification and save verification photos to your device.
Push notifications (iOS/Android)
Enables us to send important updates about checklist assignments, team notifications, and checklist reminders.
Internet access (Android)
Required for all app functionality including data sync, authentication, and file uploads.
Important: We do not request or use location services, contact access, microphone access, or any other sensitive device permissions beyond those listed above.
5. Data Storage and Security
Where Your Data Is Stored
Your data is securely stored using Supabase (a GDPR-compliant cloud database service built on PostgreSQL and AWS infrastructure). All data is encrypted in transit and at rest.
Security Measures
- Encryption: All data transmission uses HTTPS/TLS encryption
- Access controls: Role-based access controls limit data access to authorized users
- Authentication: Secure authentication via Google Sign-In with industry-standard OAuth 2.0
- Regular security updates: We regularly update our systems and dependencies
- Data backup: Regular automated backups ensure data integrity and availability
Data Retention
We retain your personal data only as long as necessary to provide our services or as required by law. You can request data deletion at any time by contacting us.
6. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal data:
General rights
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data
- Data portability: Request your data in a portable format
- Opt-out: Opt out of marketing communications and analytics
GDPR rights (EU residents)
If you're in the European Union, you have additional rights under GDPR including the right to object to processing and data portability.
CCPA rights (California residents)
California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information (note: we do not sell personal information).
Exercising your rights
To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days.
7. Children's Privacy
Our service is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.
8. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:
- Use of GDPR-compliant service providers
- Standard contractual clauses for data protection
- Adequate security measures during data transmission
9. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices or for legal reasons. When we make changes, we will:
- Update the "Last updated" date at the top of this policy
- Notify you of significant changes via email or in-app notification
- Post the updated policy on our website
We encourage you to review this policy periodically to stay informed about how we protect your information.
Questions about privacy?
Email: privacy@checklis.to
Support: support@checklis.to
We're committed to protecting your privacy and will respond to your questions promptly.