Privacy Policy

Who we are (data controller)

Sai Kiran Reddy Parigi, sole trader, trading as Second Arc (ASIC-registered business name; ABN 91 882 792 709). Based in Australia. Contact: info@secondarc.com.au.

For the purposes of the EU GDPR and the UK GDPR, Sai Kiran Reddy Parigi is the data controller of any personal data you submit when contacting us for support, as described below.

What data Lisht stores

Lisht stores the data you create as you use the app:

• Items on your shopping list (name, quantity, store tags)
• Products you add to your catalogue
• Stores you set up (name, colour, icon)
• Purchase history (which products you've checked off, when, at which store)
• Your app preferences (haptics on/off, default grouping, etc.)

Where it's stored

All of the above is stored:

• Locally on your device, in Apple's SwiftData / Core Data storage.
• In your private iCloud database, using Apple's CloudKit. This lets your data sync between your own devices that are signed in to the same iCloud account.

We — the operators of Lisht — have no access to the content of your individual records. Apple encrypts your data in transit and at rest, and Apple manages the encryption keys for the standard CloudKit private database. If you have Apple's Advanced Data Protection enabled on your iCloud account, your records are end-to-end encrypted and not accessible to Apple either.

As the CloudKit developer we can see aggregate, non-content metadata in Apple's CloudKit Dashboard (record types, total record counts, storage quota usage). We cannot see the contents of any individual record.

International transfers. Apple's CloudKit may process and replicate your data across Apple data centres located in multiple countries (including in the United States and the European Union). These transfers are governed by Apple's iCloud terms and Apple's standard contractual protections; we do not control the routing or location of CloudKit storage.

What data Lisht does not collect

• No analytics or usage statistics.
• No advertising identifiers.
• No location data.
• No contacts, photos, or other device data.
• No account, email address, or password from the app itself (Lisht has no login of its own — it uses your iCloud account, which Apple manages).

A note on crash diagnostics: Apple's iOS may share anonymised crash diagnostics with Apple as part of its standard operation if you have opted in to "Share with App Developers" in your device's privacy settings. We do not access these diagnostics. Lisht has no crash reporting, analytics, or telemetry SDKs of its own.

Support correspondence

The Settings screen contains a "Send feedback" link that opens your email client pre-addressed to info@secondarc.com.au. If you choose to email us:

• We receive your email address and the contents of your message.
• We use this only to respond to your support enquiry or feedback.
• We retain support correspondence for up to 24 months after the final reply, then delete it from our inbox and any local copies.
• We do not add you to a mailing list, share your address with any third party, or use it for marketing.

Third-party services

Lisht uses one third-party service: Apple iCloud / CloudKit. This is governed by Apple's Privacy Policy and your iCloud Terms. For GDPR purposes, Apple acts as a sub-processor for the storage and synchronisation of your shopping data. No other third-party SDK, analytics provider, advertising network, or hosting service is integrated into the app.

Sharing your list with other people

Lisht includes an opt-in feature to share your shopping data with another person via iCloud. When you initiate a share:

• Apple generates a share link that you send to the person you want to share with.
• Once they accept, both of you can see and edit the same shopping data.
• The shared data still lives in iCloud — we don't see it, and the share is managed end-to-end by Apple.
• You can stop sharing at any time from inside the app or from the iCloud settings on your device.

Important — share scope. Sharing in the current version of Lisht is all-or-nothing. When you start a share, the entire contents of your Lisht database — every store, every product, and your full purchase history — become accessible to the person you've shared with. There is currently no way to share only a single list or to scope what the recipient can see. We are planning per-list / scoped sharing for a future version; until that ships, please only share with people you would be comfortable showing your complete shopping history to.

Joint controllers. Once a share is active, the participants jointly contribute to the same shared records. The share owner (the person who initiated the share) retains ownership of the shared iCloud zone; participants can leave the share at any time from their device's iCloud settings or from inside the app.

Retention

Shopping data: stored in your iCloud for as long as you keep the app installed, or until you delete records via the app or via iCloud storage settings. We do not store the contents of your shopping data on any system we operate.

Support correspondence: kept for up to 24 months after the conversation ends, then deleted.

Legal basis (EU GDPR / UK GDPR)

If you are in the EU, UK, or another GDPR-equivalent jurisdiction, the legal bases we rely on are:

• Performance of a contract (Art. 6(1)(b)) — to operate the app you've chosen to install. This covers storing the data you create in your own iCloud so the app works.
• Legitimate interests (Art. 6(1)(f)) — to respond to support correspondence you initiate. The interest is replying to your enquiry; it does not override your fundamental rights because you initiated the contact.

Australian Privacy Act alignment

Although Second Arc's turnover is currently below the AU $3 million threshold at which the Australian Privacy Act 1988 binds an entity, this policy is structured to align with the Australian Privacy Principles (APPs). In particular: the identity and contact details of the entity collecting personal information are stated above (APP 1.4); the kinds of personal information collected, how, and the purposes are described throughout (APP 1.4, APP 5); and channels are provided to access, correct, or complain about personal information we hold (see "Your rights and how to delete your data" below).

Your rights and how to delete your data

Because virtually all your Lisht data lives in your own iCloud, your control over it is direct:

• To delete data within the app: remove items, products, or stores using the app's edit and delete actions. Please note: deleting a product does not remove that product's name from your historical purchase records. Individual purchases can be deleted from the per-product stats screen, or clear every purchase record at once via Library → Settings → Clear purchase history.
• To delete all Lisht data: delete Lisht from each of your devices, then go to Settings → [Your Name] → iCloud → Manage Account Storage → Lisht on your iPhone or iPad and tap "Delete Data". This removes the iCloud copy as well.
• To request a copy of your data (data portability, GDPR Art. 20): Because your shopping data lives in your own iCloud account, you can export it yourself at any time via Apple's data and privacy portal at privacy.apple.com. If you would like a machine-readable export of any support correspondence we hold, or assistance retrieving your iCloud data, please email us and we will provide one.
• To access, correct, or restrict processing of any support correspondence we hold, or to lodge a complaint with a supervisory authority — e.g. the Office of the Australian Information Commissioner (oaic.gov.au), the UK ICO (ico.org.uk), or your local EU DPA — please email us, or contact the authority directly.

Children

Lisht is not directed at children. The App Store age rating is 4+, meaning Apple has classified the app as containing no objectionable material; it is not an "age-gated" or "made for kids" app. We do not knowingly collect personal data from anyone — children or adults — beyond what you choose to share when you email us directly.

Security

Your Lisht data is protected by the security of your device (iOS Data Protection, on-device encryption) and the security of your iCloud account (Apple's encryption-in-transit and encryption-at-rest for CloudKit). We recommend using a strong device passcode and enabling two-factor authentication on your Apple ID.

Changes to this policy

If we update this privacy policy, the version number and "Last updated" date at the top will change. Material changes — for example, if a future version of Lisht added analytics, third-party SDKs, or any other data collection — will be summarised on this page and in the App Store release notes of the version that takes them into effect.

Contact

Questions, concerns, or feedback about this policy or about Lisht's handling of data: info@secondarc.com.au.