Privacy Policy

Last updated: April 10, 2026

This Privacy Policy explains how IFIGO collects, uses, stores, and shares information when you use the IFIGO mobile app, related cloud services, and this website. IFIGO is designed to help you store personal information, journals, vault items, recipient details, backup data, and sendout settings so selected information can be prepared and delivered if your check-ins stop.

1. Information we collect

We collect information you provide directly, information generated by your use of the app, and limited information needed to operate connected services.

  • Account information. When you sign in, we may receive your Firebase user ID, email address, display name, and profile photo, depending on the sign-in provider you use.
  • Authentication provider data. If you sign in with Google or Apple, authentication is handled by those providers and Firebase Authentication.
  • Journal data. Titles, body text, timestamps, attachments, and recipient assignments for journals you create.
  • Vault data. Names, usernames, secrets, URLs, notes, and recipient assignments for vault items you create.
  • Recipient data. Names, email addresses, security questions, and security answers for the recipients you configure.
  • Attachment data. Photos or other supported attachments you add to journals, including file metadata and, where applicable, locally stored attachment content.
  • Security and app settings. Daily check-in time, missed-check-in threshold, timezone, PIN settings, lockout metadata, backup status, and package sync state.
  • Notification data. Push notification tokens, device platform, notification timing settings, and related operational metadata.
  • Subscription data. Subscription status, entitlement state, product identifiers, and expiration timing as needed to manage paid features.
  • Backup metadata. Backup status files, backup timestamps, and encrypted backup payloads stored in Google Drive or iCloud Drive when enabled.
  • Sendout metadata. Package generation status, storage path, checksum, byte size, event history, sendout timestamps, and emergency sendout processing records needed to operate the sendout flow.

2. How your information is stored

IFIGO stores your journals, vault items, recipients, attachments, and app settings in an encrypted local Realm database on your device. The Realm encryption key is stored using the device keychain or keystore. PIN-related values are stored on-device as security metadata, including hashed PIN data and lockout state.

Certain operational metadata is also stored in Firebase to support notifications and sendouts. For example, the app may sync your notification settings, subscription state, recipient package status, and sendout event status to Firebase Firestore. The latest PDF package for each recipient may be uploaded to Firebase Storage so the cloud sendout flow can attach and send it.

These recipient packages are generated on your device as encrypted, password-protected PDF files before upload. The server stores and processes the encrypted package file, but does not know, store, or recover the recipient password used to open the PDF. That password is derived from the recipient setup you configure in the app and is not sent to the server as a usable decryption password.

3. How we use your information

We use information for the following purposes:

  • To authenticate you and maintain your account.
  • To let you create, edit, organize, and delete journals, vault items, recipients, and attachments.
  • To protect local data using encryption, PIN verification, lockouts, and privacy controls.
  • To schedule and manage daily check-in reminders.
  • To determine whether your missed-check-in threshold has been reached.
  • To generate password-protected PDF packages for the recipients you selected.
  • To upload the current package for each recipient so the cloud sendout system can use it if needed.
  • To send push notifications and in-app reminders.
  • To perform encrypted backups and restore operations when you enable them.
  • To manage subscriptions and determine whether paid features are active.
  • To process account deletion and operational cleanup.
  • To maintain service integrity, troubleshoot failures, and keep sendout state consistent.

4. Sendout flow and recipient delivery

IFIGO is built around a delayed-delivery model. You choose which journals and vault items are assigned to each recipient. The app prepares encrypted, password-protected PDF packages for those recipients on your device before upload. If your configured missed-check-in threshold is reached, the cloud sendout system may email the prepared PDF package to the relevant recipient.

Sendout emails may include the recipient’s configured security question in the email body to help the recipient unlock the attached package. The actual package content comes from the journals, vault items, and attachments you assigned to that recipient.

5. Notifications and check-ins

If you enable notifications, IFIGO may request notification permissions and register a push notification token with Firebase. The app uses your daily check-in time, timezone, and missed-check-in threshold to schedule reminders and support the sendout workflow.

Notification-related metadata may be stored in Firebase Firestore, including token registration data, notification timing settings, and daily check or sendout timestamps.

6. Backups

If you enable backups, IFIGO creates an encrypted backup payload on your device and stores it in your connected cloud location: Google Drive on Android or iCloud Drive on iOS. Backup files are intended to contain encrypted data rather than plaintext app content.

Backup-related status files may also be written so the app can determine the last backup state. Backup encryption and restore depend on the required key material being available. Backup availability may also depend on the connected platform account and provider behavior.

7. Subscription and purchase processing

IFIGO uses RevenueCat and the relevant app store platform to manage subscription status and paid entitlements. We do not directly process raw payment cards in the mobile app. Subscription state may be used to enable or disable features such as automatic sendout behavior.

8. Permissions and device access

Depending on your device and the features you use, IFIGO may request access to notifications, camera, and media or photo library access. These permissions are used to support journal attachments, reminders, and related app functionality.

9. Privacy and security controls

IFIGO includes privacy and security controls intended to reduce exposure of your information. These may include encrypted local storage, PIN protection, lockout behavior after repeated failed PIN attempts, background blur, clipboard clearing when the app backgrounds, and secure window behavior on supported Android builds.

No security system is perfect, and no method of storage or transmission can be guaranteed to be completely secure.

10. How we share information

We do not sell your personal information. We share information only as needed to operate IFIGO and the services you enable.

  • Firebase Authentication for account authentication.
  • Firebase Firestore for notification and sendout-related metadata.
  • Firebase Storage for the latest per-recipient package file used by the sendout flow.
  • Firebase Cloud Functions for notification scheduling, cleanup, and emergency sendout processing.
  • FCM / push notification services for remote notifications.
  • Brevo or the configured transactional email provider for sendout emails.
  • Google Drive for encrypted backups on Android when backup is enabled.
  • iCloud Drive for encrypted backups on iOS when backup is enabled.
  • RevenueCat and app store providers for subscriptions and entitlement handling.
  • Recipients you designate when sendout delivery occurs.

11. Data retention

Local app data remains on your device until you delete it, clear the app, or delete your account. Cloud backup files remain in the connected storage provider until deleted. Firebase metadata and stored package files may remain until they are overwritten, cleaned up, or deleted as part of operational or account-deletion flows.

12. Account deletion

If you delete your account from within the app, IFIGO attempts to remove local app data and delete your Firebase-authenticated account. The system may also clean up related Firebase metadata after account deletion. Backup files stored in Google Drive or iCloud Drive may require separate deletion depending on platform behavior and the state of your connected backup files.

13. Your choices

  • You can edit or delete journals, vault items, recipients, and attachments inside the app.
  • You can change your daily check-in time, threshold, timezone, and PIN settings.
  • You can disable notifications through device settings.
  • You can stop using backups or remove backup files from the connected provider.
  • You can manage or cancel subscriptions through the relevant app store.
  • You can delete your account from within the app.

14. Children’s privacy

IFIGO is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the app, infrastructure, legal requirements, or business operations. The updated version becomes effective when posted.

16. Contact

If you have questions about this Privacy Policy, contact ifigoapp@gmail.com.