Privacy Policy

VIGDIS – VISUAL GUIDE FOR DAILY ACTIVITIES

Last updated: 12 May 2026 (rev. 2)

1. Controller Information

This Privacy Policy applies to the Vigdis – Visual Guide for Daily Activities mobile application (“App”) and to the website at vigdisapp.is. It does not cover third-party services that the App or website may link to; those services have their own privacy policies.

The App is operated by:
Vigdís ehf.
Álfaskeið 57, 221 Hafnarfjörður
Iceland
Email: support@vigdisapp.is
VAT / ID No.: 6702260850

For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Company acts as data controller in respect of the personal data described below. We have not appointed a Data Protection Officer; for questions, write to the email above.

2. Architecture – Local-First with Optional Cloud Sync

The App is designed as a local-first application. By default, all user-generated content is stored exclusively on the user’s device.

Local user-generated content includes, but is not limited to:

  • Profiles representing children in your household and their associated names and avatars
  • Tasks, subtasks, time periods, and schedules
  • Rewards, redemptions, bonus points, and achievements
  • Photographs you attach to profiles, tasks, or rewards
  • Notes and visual materials
  • Activity and completion history

Users with an active premium subscription may optionally enable Cloud Sync to back up and synchronize content across devices and to share selected profiles with other family members. Cloud Sync is opt-in: it is activated only when the user creates an account and signs in within the App.

When Cloud Sync is not enabled, the Company:

  • Does not operate centralized cloud storage of user content
  • Does not have access to locally stored content
  • Does not monitor user content
  • Does not maintain backups of user-generated content
  • Cannot remotely access or retrieve locally stored data

When Cloud Sync is enabled, user-generated content is uploaded to and synchronized through our cloud sync sub-processor (see Sections 3.3 and 6). Each owner’s data is technically segregated using row-level security and is accessible only to (a) that owner’s authenticated account and (b) any other accounts the owner has explicitly invited to access a specific profile (see Section 3.5 – Profile Sharing). The Company does not access or read this content beyond what is necessary to operate the service; personnel access is limited, logged, and audited.

Users are responsible for device security and, when not using Cloud Sync, for their own backups.

3. Personal Data We Process

The Company processes the following categories of personal data.

3.1 Subscriptions & Platform Billing

If you purchase a subscription:

  • Payments are processed exclusively by Apple App Store and/or Google Play
  • The Company does not collect or store payment card information
  • Subscription management is handled through your Apple or Google account

We receive limited confirmation data (subscription status, transaction identifier issued by the platform) directly from Apple App Store or Google Play via the platform’s standard in-app purchase APIs. This data is used solely to provide access to paid features and is not shared with any other party.
Legal basis: Article 6(1)(b) GDPR – performance of contract.

3.2 Email Communications

If you contact us by email, we may process:

  • Your name (if provided)
  • Your email address
  • Any information you voluntarily include in your message

Legal basis:
Article 6(1)(b) GDPR – responding to your request
Article 6(1)(f) GDPR – legitimate interest in providing support
Article 6(1)(c) GDPR – compliance with legal obligations (if applicable)

Email communications are not used for marketing unless you explicitly consent.

3.3 Cloud Sync Account & Synced Content (optional)

If you choose to enable Cloud Sync, the Company processes:

  • Your email address (used as your account identifier and for account recovery)
  • An identity token from your chosen sign-in provider (Apple or Google) — see “Sign-in methods” below
  • A randomly generated user identifier (UUID)
  • The user-generated content you create within the App, including profiles, tasks, subtasks, time periods, rewards, redemptions, bonus points, completion history, and achievements
  • Photographs and image data you upload to profiles, tasks, or rewards (avatar images, cover images, task photos, reward photos). These are stored as files in object storage operated by our cloud sync sub-processor and are referenced by an opaque path in your account record.
  • Technical metadata required to operate the sync (timestamps, version counters, and a per-device identifier used to detect and resolve conflicting edits between your devices)

Sign-in methods. Cloud Sync supports two sign-in methods, each with different data handling. No password is ever stored on the Company’s infrastructure — both methods rely on identity tokens issued by the platform provider.

  • Sign in with Apple. Apple verifies your identity and returns either your real Apple ID email address or, if you choose to hide it, a private relay address (typically ending in @privaterelay.appleid.com) that forwards mail to your real address. We use whichever address Apple provides as your account identifier. We do not receive your Apple ID password.
  • Sign in with Google. Google verifies your identity via OAuth and returns your verified email address and a pseudonymous Google identifier. We use the email address as your account identifier. We do not receive your Google password.

This data is uploaded only after you successfully sign in. You may at any time:

  • Export a copy of your data within the App (Settings → Support → Export my data)
  • Delete your cloud account and all associated synced content from your account settings within the App
  • Sign out, after which no further data is uploaded; data already on the device remains under your local control

Legal basis: Article 6(1)(b) GDPR – performance of the contract under which we provide Cloud Sync.

3.4 Crash and Performance Diagnostics

The App uses Apple’s MetricKit framework to receive aggregated crash and performance reports generated by the device operating system. These reports do not contain content you create within the App and are anonymized by Apple before being made available to us. We use them solely to identify and fix stability and performance issues.

Legal basis: Article 6(1)(f) GDPR – legitimate interest in maintaining App stability.

3.5 Profile Sharing & Invitations

Cloud Sync includes an optional Profile Sharing feature. As the owner of a profile, you may invite another person — typically a co-parent, grandparent, or other family member — to access that profile from their own Vigdis account. To send an invitation, you provide:

  • The invitee’s email address (used to address the invitation and to match it to their Vigdis account when they sign in)
  • The role you wish to grant them (Admin, Editor, or Viewer)

The invitee’s email address is stored on our cloud sync sub-processor’s infrastructure as part of the pending invitation record. Invitations expire automatically after a defined period if not accepted, after which the email address is removed.

When you send a profile-share invitation, the email address associated with your Cloud Sync account is shared with the invitee so they can recognize who is inviting them. Reciprocally, if you receive an invitation, you will see the email address of the person who invited you. By using the Profile Sharing feature, you accept this mutual disclosure of email addresses between inviter and invitee.

When an invitee accepts an invitation, an entry is created in our membership table linking their account to the relevant profile. From that moment until the share is revoked or the invitee leaves, that account can read (and, depending on role, edit) the synced content of that profile.

You may revoke a share at any time. When a share is revoked or an invitee leaves a profile:

  • The membership entry is deleted server-side, removing the invitee’s server-side access immediately.
  • The App on the invitee’s devices removes locally cached copies of the affected profile’s content the next time it synchronizes.

You are responsible for choosing which profiles to share, with whom, and at what role. Invited users gain access to the profile’s synced content as it then exists, and to subsequent changes for as long as their access remains.

Legal basis: Article 6(1)(b) GDPR – performance of the Cloud Sync contract.

3.6 Server-Side Logs

Our cloud sync sub-processor maintains short-lived operational logs of requests it receives, which can include the IP address from which a request originates, request timestamps, the type of request, and the authenticated account identifier (where applicable). These logs are used solely to operate, secure, and debug the service (for example, to diagnose sync failures, detect abuse, and respond to security incidents). The Company does not use these logs to build a profile of you or your behavior.

Legal basis: Article 6(1)(f) GDPR – legitimate interest in operating and securing the service.

3.7 Product Telemetry

To understand which features of the App are used and to prioritize improvements, the App may send limited product-telemetry events (for example, “app launched”, “task completed”, “paywall viewed”). Each event consists of:

  • The event name (a fixed, predefined identifier — never free text that you type)
  • A device identifier, generated on first launch and stored on the device, used to distinguish events from the same install
  • A timestamp
  • A small set of typed, non-identifying properties relevant to the event (for example, a feature category or a yes/no flag)
  • Basic technical context (app version, operating-system version, device model, locale)

If you are signed in to Cloud Sync, events are additionally tagged with your account identifier. This means individual events can in principle be associated with your account while you remain opted in.

The App does not include the content you create — task names, profile names, photographs, notes, or any free-text input — in telemetry events. Events are sent over TLS to our cloud sync sub-processor and stored append-only.

You may opt out at any time at Settings → Legal → Help improve Vigdís. When you opt out, future events stop being sent and any events queued on the device are discarded before they leave the device.

Legal basis: Article 6(1)(f) GDPR – legitimate interest in maintaining and improving the App, with an opt-out provided as a balancing measure.

4. Analytics & Behavioral Tracking

We do not use third-party advertising trackers, behavioral analytics tools, or user profiling technologies within the App. We do not collect in-app usage analytics for marketing, advertising, or behavioral-profiling purposes. The only product-related telemetry we collect is the limited feature-usage data described in Section 3.7, used solely to prioritize improvements to the App. The App does not implement Apple’s App Tracking Transparency tracking, because it does not engage in cross-app or cross-site tracking.

The crash and performance diagnostics described in Section 3.4, the operational logs described in Section 3.6, and the product telemetry described in Section 3.7 are used solely to maintain, secure, and improve the service and are not combined with personal data for profiling purposes.

If we introduce additional analytics or third-party tracking tools in the future, we will update this Privacy Policy before such tools are used, including details about the provider and categories of data processed.

5. No Advertising or Data Selling

The App:

  • Does not display third-party advertising
  • Does not operate offer walls
  • Does not sell personal data
  • Does not share personal data with data brokers
  • Does not create behavioral profiles

6. Sub-processors and International Data Transfers

The Company is established in Iceland. To operate the App, we engage a small number of carefully selected sub-processors:

  • Supabase – Cloud Sync infrastructure (database, authentication, real-time event delivery for cross-device sync, and file/object storage for uploaded images). Acts as a data processor under GDPR. The Company’s project is hosted on Supabase infrastructure within the European Union.
  • Apple Inc. – Operates as an independent data controller in respect of payment processing, App Store delivery, the Sign in with Apple identity service (where you choose to use it), push-notification routing (where applicable), and operating-system-level diagnostic data, under its own privacy policy.
  • Google LLC – Operates as an independent data controller in respect of (a) the Sign in with Google identity service (where you choose to use it) and (b) payment processing and store delivery on devices where the App is distributed via Google Play, under its own privacy policy.

Where a sub-processor processes personal data outside the European Economic Area (EEA), we rely on lawful safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms.

You may request a current sub-processor list at any time via support@vigdisapp.is.

7. Data Retention

For users who do not enable Cloud Sync, no user content is retained by the Company.

For users who enable Cloud Sync:

  • Synced user content (including uploaded images) is retained for as long as your account remains active.
  • If you delete your account from within the App (available from your account settings in Settings), your account record and all synced content you own are deleted from active systems within 30 days. Limited records may be retained beyond this period only where retention is required by law (for example, accounting records relating to subscription transactions).
  • System backups containing your data are overwritten on a rolling basis and are not retained beyond 90 days.
  • Pending profile invitations expire and are deleted automatically after a defined period (no longer than 30 days) if not accepted.
  • Server-side operational logs (Section 3.6) are retained for a period not exceeding 30 days, after which they are rotated out.

Personal data processed by the Company outside Cloud Sync (e.g., support emails, subscription confirmation data) is retained only as long as necessary to:

  • Fulfill contractual obligations
  • Comply with legal obligations
  • Resolve disputes
  • Maintain appropriate accounting records

Thereafter, data is securely deleted or anonymized where appropriate.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data processed by the Company, including encryption in transit (TLS) for all communication between the App and our cloud sync sub-processor, encryption at rest provided by the sub-processor, row-level access controls on synced data, identity-provider authentication via Apple and Google (no password is ever stored on our infrastructure), and limited and logged personnel access to production systems.

However:

  • No electronic transmission is completely secure
  • Device-level security is the user’s responsibility
  • The Company cannot guarantee protection against unauthorized access to user devices

The Company is not responsible for device theft, compromise, malfunction, or user negligence.

9. Children’s Privacy

The App is intended for use by parents or legal guardians and is offered to adults aged 18 or older. The Company does not knowingly collect personal data directly from children, and children do not create accounts in the App.

The App allows a parent or guardian to create one or more “profiles” representing the children in their household. These profiles may contain a child’s first name, an avatar image, schedules, tasks, photographs the parent or guardian attaches, and similar activity content. The App does not request, encourage, or store sensitive identifiers about children (such as government identifiers, school identifiers, precise location, or contact information).

When Cloud Sync is not enabled, all profile content relating to minors remains stored locally on the user’s device and is not accessible to the Company.

When Cloud Sync is enabled by the parent or guardian, this profile content is uploaded to the Company’s sub-processors as described in Sections 3.3 and 6, under the legal authority of the parent or guardian who created it. The data remains technically segregated to the owning parent or guardian’s account and any accounts they have explicitly invited via Profile Sharing.

The Company:

  • Does not use any data relating to children for advertising or behavioral profiling
  • Does not share children’s data with advertising networks or data brokers
  • Does not allow children’s profile content to be indexed, made public, or shared outside the App

Parents and guardians are solely responsible for the lawful handling of children’s personal data within the App, including obtaining any required consent under applicable law (such as COPPA in the United States or equivalent provisions of Persónuverndarlög and the GDPR in the EEA). A parent or guardian may delete a child’s profile at any time within the App, which removes the associated content from synced storage as part of the standard deletion process described in Section 7.

10. Your GDPR Rights

If you are located in the EEA, UK, or Switzerland, you have the right to:

  • Access your personal data
  • Request rectification
  • Request erasure (which, for synced content, is provided through the in-App Delete Account flow)
  • Restrict processing
  • Object to processing on grounds of legitimate interest
  • Data portability — including a self-service export of your synced content from within the App
  • Withdraw consent at any time, where processing is based on consent
  • Lodge a complaint with your local supervisory authority

In Iceland, complaints may be submitted to:
Persónuvernd (Icelandic Data Protection Authority)
www.personuvernd.is

Requests may be submitted to: support@vigdisapp.is

11. Legal Basis Summary (GDPR)

We process personal data only where legally permitted, including:

  • Article 6(1)(b) – Contract performance (App functionality, Cloud Sync, Profile Sharing, support requests)
  • Article 6(1)(c) – Legal obligation (e.g., accounting records relating to paid subscriptions)
  • Article 6(1)(f) – Legitimate interests (App stability, service security, abuse prevention)
  • Article 6(1)(a) – Consent (where specifically requested, for example future opt-in marketing)

12. App Privacy Summary (Apple Nutrition Label Alignment)

For users reviewing the App’s Apple App Privacy disclosure, the categories of personal data the App handles correspond to:

  • Contact Info → Email Address – used for account creation, support, and profile-share invitations. Not linked to advertising. Not used for tracking.
  • User Content → Photos & videos, Other user content – the photographs, names, schedules, and other content described in Section 3.3. Used to operate App functionality. Not linked to advertising. Not used for tracking.
  • Identifiers → User ID – the account identifier issued when you sign in to Cloud Sync. Used to operate the service and to provision subscription state with our subscription sub-processor. Not used for advertising or cross-app tracking.
  • Diagnostics → Crash data, Performance data – as described in Section 3.4. Not linked to identity. Not used for tracking.
  • Usage Data → Product Interaction – the limited feature-usage telemetry described in Section 3.7. Tagged with a device identifier (and, when you are signed in to Cloud Sync, with your account identifier). Not used for advertising or cross-app tracking. Opt-out is available in Settings → Legal → Help improve Vigdís.
  • Purchases → Purchase history – limited subscription confirmation data, as described in Section 3.1.

The App does not collect Browsing History, Search History, Health & Fitness data, Financial Information, Precise Location, Coarse Location, Sensitive Info, or Contacts.

Device permissions. The App may request access to your Camera (to take photographs for profiles, tasks, or rewards and to scan QR codes for profile-share invitations) and to your Photo Library (to select existing photographs to attach). These permissions are requested by the operating system at the moment of use, may be revoked at any time in iOS Settings, and the live camera preview is processed only on your device and is never transmitted to the Company. The App may also request permission to send local notifications (daily reminders, streak warnings, reward and achievement alerts, timer-end notifications, and incoming-invite notifications); these notifications are scheduled and delivered entirely on your device and the App does not use Apple’s remote push-notification service to send notifications from a server.

13. Changes to This Policy

We may update this Privacy Policy from time to time.

If changes are material, we may notify you through the App or by other appropriate means.
Continued use of the App after updates constitutes acceptance of the revised Privacy Policy.

14. Contact Information

For questions regarding this Privacy Policy:
Vigdís ehf.
Álfaskeið 57, 221 Hafnarfjörður
Iceland
support@vigdisapp.is