Legal

Privacy Policy

Last updated: 19 April 2026

Overview

Done!Next is a routine and task management app for iPhone. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it.

We keep things simple: your task data belongs to you, we do not sell it, and you can ask us to delete it at any time.

Data Controller

The data controller responsible for your personal data is:

Baris Yener
Email: support@donenext.de

If you have any questions about how your data is handled, contact us at the address above.

Data We Collect

We only collect data that is necessary to provide the service.

Account information

Only collected when you choose to sign in:

  • Name
  • Email address
  • Authentication provider (Google or Apple)

App content

The content you create inside the app:

  • Groups, tasks, descriptions, schedules, colors, and photos
  • Completion history and archived items
  • Settings and profile notes

Diagnostic data

  • Crash logs (to diagnose bugs)
  • Basic usage events such as app open and sign-in (to understand product health)

Diagnostic data does not include your task content.

Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

  • Contract performance (Art. 6(1)(b)): processing your account information and app content is necessary to provide the sync and backup features you have requested.
  • Legitimate interests (Art. 6(1)(f)): processing diagnostic data to keep the app stable and secure. This interest does not override your rights — diagnostic data is minimal and does not include your task content.

If you use the app without signing in, no personal account data is processed. All data remains on your device.

How We Use Your Data

  • To authenticate you when you sign in
  • To sync your routines across sessions and devices
  • To show your task progress, history, and settings inside the app
  • To diagnose crashes and stability problems
  • To understand core usage patterns (e.g. how often the app is opened)

We do not use your data for advertising, profiling, or any automated decision-making that produces legal or similarly significant effects on you.

Third-Party Services

Done!Next uses the following services from Google LLC:

  • Firebase Authentication — manages sign-in
  • Cloud Firestore — stores your synced task data
  • Firebase Analytics — aggregated usage events
  • Firebase Crashlytics — crash reports

If you sign in with Google, Google also processes your authentication data to complete login. Google's privacy policy applies to that processing.

If you sign in with Apple, Apple processes your authentication data to complete login. Apple's privacy policy applies to that processing.

International Data Transfers

Firebase is operated by Google LLC, based in the United States. When you use sync features, your data may be transferred to and processed on servers in the US or other countries outside the European Economic Area.

These transfers are protected by Google's Standard Contractual Clauses (SCCs) as approved by the European Commission, which provide equivalent protection for your data. You can review Google's data transfer safeguards at policies.google.com/privacy.

Data Retention

  • Account and app content: retained for as long as your account exists. When you request account deletion, all cloud-stored data is permanently deleted within 30 days.
  • On-device data: removed when you delete the app.
  • Crash and analytics data: retained according to Firebase's default retention settings (typically 90 days for Crashlytics reports; up to 14 months for Analytics).

Data Sharing

We do not sell your personal data.

Data is shared only with the third-party service providers listed above, who act as data processors on our behalf and are bound by appropriate data processing agreements.

We may disclose data if required to do so by law or a valid legal order.

Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights regarding your personal data:

  • Right of access (Art. 15): you can request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): you can ask us to correct inaccurate data.
  • Right to erasure (Art. 17): you can ask us to delete your data. See the Delete Account page for instructions.
  • Right to restriction (Art. 18): you can ask us to pause processing of your data in certain circumstances.
  • Right to data portability (Art. 20): you can request your data in a structured, machine-readable format.
  • Right to object (Art. 21): you can object to processing based on legitimate interests.
  • Right to withdraw consent: where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@donenext.de. We will respond within 30 days.

Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. In Germany, the relevant authority is:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
www.bfdi.bund.de

You may also contact the supervisory authority in your country of residence.

Security

Firestore security rules ensure that each user can only read and write their own records. We use HTTPS for all data in transit. No internet-based system can be guaranteed 100% secure, but we apply reasonable technical safeguards.

Children

Done!Next is not directed at children under 13 (or under 16 in the EU where applicable). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to This Policy

We may update this policy from time to time. We will notify users of material changes by updating the date at the top of this page. Continued use of the app after an update constitutes acceptance of the revised policy.

Contact

For any questions, data requests, or complaints about privacy:

Email us at:

support@donenext.de