Privacy Policy
Effective date: August 23, 2025
On this page
1) Who we are
YouShould ("we," "us," or "our") operates a platform where people create and complete checklists and earn points redeemable for rewards. We operate out of California, USA and serve users worldwide. You can reach us at support@youshould.app.
2) Scope
This policy explains the personal data we collect when you visit our websites, use our apps and services, interact with checklists, complete items, earn or redeem points, or contact us for support (collectively, the “Service”).
3) Data we collect
A. Data you provide
- Account data (name, email, password or SSO identifiers).
- Profile & organization data (display name, avatar, organization name).
- User Content (checklists, photos, descriptions, tips, comments).
- Rewards & fulfillment data (preferred pickup location; shipping name, address, phone if provided for shipped rewards).
- Communications (messages to support, feedback, survey responses).
B. Data we collect automatically
- Usage data (features used, clicks, pages viewed, referring/exit pages, timestamps).
- Device & technical data (IP address, device type, OS, browser, app version, language, error logs).
- Approximate location (derived from IP).
C. Data from others
- Single sign‑on (if used): we receive limited account info from the provider you choose (e.g., Google, Apple, Facebook).
- Third‑party embeds: when you interact with Google Maps, YouTube, reCAPTCHA Enterprise, or Spotify embeds, those providers may receive data pursuant to their own policies.
4) How we use data
- Provide, maintain, and improve the Service.
- Enable checklist creation, completion tracking, points, and reward redemption.
- Secure the Service (fraud prevention, abuse detection, rate limiting, reCAPTCHA).
- Communicate with you (service messages, updates, support).
- Comply with legal obligations and enforce our Terms.
5) Legal bases (EEA/UK/CH)
Where GDPR/UK GDPR/FDPA applies, we process personal data under these bases:
- Contract: to provide the Service you request.
- Legitimate interests: to secure and improve the Service, prevent fraud, and engage with organizers and users in a way that does not override your rights.
- Consent: for certain optional features (e.g., precise location, certain cookies where required).
- Legal obligation: to comply with law.
7) Cookies, analytics & reCAPTCHA
We use cookies and similar technologies to keep you signed in, remember preferences, and understand usage. We also use reCAPTCHA Enterprise to fight abuse. Your use of these features is subject to the providers’ policies:
- Google services (reCAPTCHA Enterprise, Maps): Google’s Privacy Policy and Terms of Service apply. This site is protected by reCAPTCHA.
- YouTube & Spotify embeds load content from those services when you play them; they may set cookies or collect data per their policies.
You can control cookies through your browser settings. Where required by law, we will request consent for non‑essential cookies.
8) Location data
We may use your approximate location (from IP) to show nearby checklists. We only access precise location with your explicit permission (e.g., via your device/browser). You can disable precise location in your device settings.
9) International transfers
We may process and store data in the United States and other countries. Where required, we use appropriate safeguards for cross‑border transfers, such as the EU Standard Contractual Clauses or their UK/Swiss equivalents.
10) Retention
We keep personal data for as long as your account is active or as needed to provide the Service. When you delete your account, we remove your personal data and User Content from our systems, subject to limited retention required by law (e.g., records needed for legal, tax, or fraud‑prevention purposes).
11) Security
We use administrative, technical, and physical safeguards to protect data, including encryption in transit and at rest and a SOC 2 security program. No method of transmission or storage is 100% secure; please use strong passwords and keep your credentials confidential.
12) Children
The Service is not directed to children under 13. If we learn that we have collected personal data from a child under 13, we will delete it.
13) Your rights
A. EEA/UK/Switzerland
Subject to law, you may request access, correction, deletion, restriction, portability, or object to processing. You may also withdraw consent where processing is based on consent. You can lodge a complaint with your local supervisory authority.
B. California (CPRA)
California residents have the right to know, delete, correct, and limit use of sensitive personal information, and to not be discriminated against for exercising these rights. We do not sell personal information. We do not share personal information for cross‑context behavioral advertising at this time. If that changes, we will provide a “Do Not Sell or Share” mechanism.
C. Canada (PIPEDA) & Québec
Canadian users may request access and correction and may withdraw consent subject to legal or contractual restrictions. For Québec residents, additional consumer rights may apply.
To exercise your rights, email support@youshould.app. We may need to verify your identity and, where applicable, your authority to make the request.
14) “Do Not Sell or Share”
We do not sell personal information. If we begin sharing personal information for cross‑context behavioral advertising, we will update this Policy and provide a clear opt‑out link.
15) Changes
We may update this Policy to reflect changes to our practices or for legal, operational, or regulatory reasons. We will post the updated Policy with a new effective date.
16) Contact
Questions or privacy requests? Email support@youshould.app. For copyright/IP issues, contact our DMCA agent at trevor@youshould.app.
When using Google services, note: “This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.”