Legal

Privacy Policy

Last updated: March 15, 2026

Life Canvas ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use life-canvas.me and our associated mobile applications (collectively, the "Service"), how we use it, and your rights in relation to it.

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information you provide directly

  • Account details — your name, email address, and password when you register.
  • Profile & preferences — display name, timezone, notification preferences, and any other settings you configure.
  • App content — inventory items, shopping lists, calendar events, chores, receipts, meal plans, and any other content you create within the Service.
  • Household & family data — household name, dependant names and optional date of birth, and household member associations if you use the Family plan features.
  • Payment information — when you subscribe to a paid plan, payment details are processed by Stripe. We store only a reference to your Stripe customer ID — we never store raw card numbers.
  • Support communications — messages you send via support tickets or feedback forms.
  • Community contributions — product barcode images you voluntarily submit to the community catalog.

1.2 Information collected automatically

  • Usage data — the pages and features you interact with, and timestamps of those interactions.
  • Log data — your IP address, browser type, device type, operating system, and referring URL, collected automatically when you access the Service.
  • Session data — authentication tokens and session identifiers stored as secure cookies to keep you signed in.
  • Push notification tokens — if you opt in to push notifications on our mobile app, we store a device-specific token (via Firebase Cloud Messaging) to deliver notifications to your device.

1.3 Information we do not collect

  • We do not collect precise geolocation unless you explicitly grant permission within the mobile app for a specific feature (e.g. finding nearby stores), and only for the duration of that action.
  • We do not sell your personal data to third parties.
  • We do not run third-party advertising networks on the Service.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account, and authenticate you securely.
  • Provide, operate, and improve the features of the Service.
  • Sync your data across devices (web and mobile).
  • Send transactional emails — account verification, password resets, billing receipts, and notification digests you have opted into.
  • Process subscription payments and manage your billing relationship via Stripe.
  • Respond to your support requests and feedback.
  • Detect, investigate, and prevent fraud, abuse, or security incidents.
  • Comply with applicable legal obligations.
  • Generate aggregated, anonymised analytics to understand how the Service is used and improve it — this data cannot be linked back to any individual user.

3. Legal Basis for Processing (UK & EU Users)

Where UK GDPR or EU GDPR applies, we process your personal data on the following legal bases:

  • Contract — processing necessary to provide the Service you have signed up for.
  • Legitimate interests — for security, fraud prevention, and improving the Service, where these interests are not overridden by your rights.
  • Consent — for optional communications such as marketing emails or push notifications, which you may withdraw at any time.
  • Legal obligation — where we are required to process data to comply with applicable law.

4. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We share data with the following categories of trusted third parties only to the extent necessary to operate the Service:

Provider Purpose Privacy
Stripe Payment processing & subscription billing stripe.com/privacy
Firebase (Google) Push notifications (mobile app) firebase.google.com/support/privacy
Bunny Fonts Web font delivery bunny.net/privacy
Hetzner / Hosting Infrastructure & data storage hetzner.com/legal/privacy-policy

We may also disclose your data if required by law, court order, or to protect the rights, property, or safety of Life Canvas, our users, or the public.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (e.g. billing records, which are kept for up to 7 years in accordance with UK financial regulations).

Aggregated, anonymised analytics data that cannot be linked to any individual may be retained indefinitely.

6. Cookies & Local Storage

We use the following types of storage:

  • Session cookies — strictly necessary for authentication and maintaining your logged-in state. These expire when you close your browser or after a period of inactivity.
  • CSRF tokens — used to protect against cross-site request forgery attacks.
  • Local storage — used in the mobile app to persist lightweight preferences (e.g. appearance theme) locally on your device.

We do not use third-party advertising or tracking cookies.

7. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

  • All data in transit is encrypted using TLS (HTTPS).
  • Passwords are hashed using bcrypt — we never store plain-text passwords.
  • Optional two-factor authentication (TOTP) is available for your account.
  • Biometric authentication is available in the mobile app and processed entirely on-device — biometric data is never transmitted to our servers.
  • Access to production systems is restricted to authorised personnel only.

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — the right to request a copy of the personal data we hold about you.
  • Rectification — the right to correct inaccurate or incomplete data.
  • Erasure — the right to request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
  • Portability — the right to receive your data in a structured, machine-readable format.
  • Restriction — the right to request that we restrict processing of your data in certain circumstances.
  • Objection — the right to object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

You can exercise many of these rights directly from your account settings. To make a formal request, contact us at privacy@life-canvas.me. We will respond within 30 days.

If you are located in the UK or EU, you also have the right to lodge a complaint with your local supervisory authority (e.g. the ICO in the UK, or your national DPA in the EU).

9. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

The Family plan allows parents and guardians to create dependant profiles for household members (including minors). Parents are responsible for ensuring their use of these features complies with applicable laws regarding children's data in their jurisdiction. Life Canvas stores only the information that parents directly provide for dependant profiles — we do not collect behavioural data from dependants.

10. International Transfers

Your data is stored on servers located in the European Union. If we transfer your personal data outside the UK or EEA, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to protect your data in accordance with applicable data protection law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending an in-app notification or email. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us:

Email privacy@life-canvas.me Website https://life-canvas.me