Privacy Policy

Last updated: April 16, 2026

This Privacy Policy explains what information Listity.ca ("Listity", "we", "us") collects when you use the service, how we use it, and the choices you have. By using Listity, you agree to the practices described below.

Information We Collect

Account Information

When you create an account, we collect your email address, a username, a display name, and a password. The password is never stored in plain text — it is hashed with a per-account salt using SHA-256. You may optionally provide a phone number (for SMS verification) and a mailing address (for your own records and for invoicing features).

Social Sign-In (Google and Facebook)

If you choose to sign in with Google or Facebook, the provider sends us a limited set of profile data: a stable account identifier, your email address, your name, and a profile picture URL. We store this so we can recognize you on subsequent logins. We do not receive your Google or Facebook password.

Content You Create

Listity stores the lists, tasks, notes, attachments, time entries, clients, and reports you create. When you explicitly share a list with another Listity user, that user can see and, depending on the permissions you set, edit that content.

Session and Device Information

When you log in, we create a session record that contains a hashed session token, your IP address, your browser's user agent string, and the session's creation and expiry timestamps. A session cookie named listity_session is stored in your browser to keep you signed in.

Optional AI API Key

If you enable the AI assistant feature, you can paste your own Anthropic API key into Listity. The key is encrypted at rest and is only sent to Anthropic when you trigger an AI action. We never display the saved key back to you.

How We Use Your Information

• To create and maintain your account and authenticate you when you sign in.
• To operate the features you use — lists, time tracking, sharing, reports, and so on.
• To send transactional messages, such as verification codes sent to your email or phone.
• To investigate abuse, diagnose technical problems, and keep the service secure.

We do not sell your personal information. We do not use your content to train machine-learning models.

Third Parties We Share Data With

• Google and Meta (Facebook) — if you choose social sign-in, we exchange authentication data with these providers.
• Email and SMS delivery providers — we use third-party services to send verification codes and transactional email.
• Anthropic — only if you have configured a personal API key and triggered an AI action, in which case the content you submit for that action is sent directly to Anthropic.
• Law enforcement or legal authorities — if we are required by law to disclose information.

Cookies

We use a single essential cookie, listity_session, to keep you signed in. The cookie is marked HttpOnly, Secure, and SameSite=Lax. We do not use third-party advertising or tracking cookies.

Data Retention

Your content is retained as long as your account is active. Session records are automatically expired after 30 days. If you disconnect a connected social account, the associated identity record is removed. If you close your account, your personal information and content are deleted, subject to any legal or accounting retention obligations.

Your Choices

• Access or update your profile from the Account Settings page.
• Disconnect social accounts from the "Connected Accounts" card in Account Settings (provided you have another way to sign in).
• Delete your account by contacting us at the email below.
• Unsubscribe from transactional messages is generally not possible while you have an active account, since messages like verification codes are required to operate the service.

Children

Listity is not directed at children under 13, and we do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete the account.

Security

We take reasonable steps to protect your data, including password hashing, encrypted storage of API keys, encrypted transport (HTTPS), and restricted database access. No system is perfectly secure, however, and we cannot guarantee absolute security.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of Listity after changes means you accept the updated policy.

Contact Us

Questions about this Privacy Policy or your data? Email us at listity@electricink.ca.