Privacy Policy
Most of your data never leaves your device. Tasks, lists, and settings sync only through your private iCloud container. Optional account features use Supabase with Sign in with Apple, which means we never see your email unless you choose to share it. We don't run ads. We don't sell data. We don't track you across the web.
1. What data Next collects
The table below lists every category of data the app touches, where it lives, and what it's used for.
| Data | Where it lives | Used for |
|---|---|---|
| Tasks, lists, tags, zones, deadlines | On device iCloud | Core app functionality and sync across your devices |
| Apple Calendar & Reminders events | On device | Displayed in Calendar view; never uploaded to our servers |
| Location (when you set a Zone pin) | On device | Region monitoring to trigger arrival notifications |
| Apple ID (Sign in with Apple) | Supabase | Authenticates your optional cross-device account; stored as an opaque Apple-issued identifier — we never receive your real email unless you choose to share it |
| Sync metadata (updated timestamps, remote IDs) | Supabase | Conflict resolution during optional server sync |
| Crash reports & diagnostics | Apple | Bug fixes; only sent if you have enabled Share iPhone Analytics in iOS Settings |
| Advertising identifiers | Not collected | — |
| Browsing or cross-app tracking | Not collected | — |
2. How your data is used
Data is used exclusively to provide and improve the Next app. Specifically:
Task and list data is stored locally in a SwiftData database on your device. If you are signed into iCloud, this database syncs to your private iCloud container, which Apple manages under its own privacy policy. No one at Next has access to your iCloud container.
If you create an optional Next account using Sign in with Apple, your tasks and lists can also sync through our Supabase backend. This enables features such as shared lists. Data stored on our server is tied to an opaque Apple-issued user identifier and is never linked to your name, email, or any identifying information without your explicit consent.
We do not use your data for advertising, analytics profiling, or any purpose beyond operating the app.
3. Third-party services
Next integrates with the following third-party services. Each operates under its own privacy policy.
| Service | Purpose | Data shared |
|---|---|---|
| Apple iCloud | Private CloudKit database for cross-device sync | Your tasks and lists, stored in your private container |
| Supabase | Optional account backend for collaboration features | Tasks, sync metadata, and your Apple-issued user ID (only if you sign in) |
| Google Calendar | Display calendar events in the Calendar view | Read-only access to your calendar; scoped to the events you authorize via your system account or Google OAuth |
| Apple Reminders | Mirror tasks with deadlines so the OS can deliver notifications | Task title and due date; stays on device |
We do not share data with advertisers, data brokers, or any analytics provider.
4. Device permissions
Next requests the following permissions. All are optional unless noted — the app functions without them at reduced capability.
| Permission | Why it's requested |
|---|---|
| Calendars | Read calendar events for display in the Calendar view; reschedule events by drag if you grant write access |
| Reminders | Create mirror reminders for tasks with deadlines so the OS delivers due-date notifications |
| Location (when in use) | Display a map when you place a Zone pin |
| Location (always) | Monitor geofences and notify you when you arrive near a Zone's location; only requested after you create a location-based Zone |
| Notifications | Daily review reminders, deadline alerts, and Zone arrival notifications |
You can revoke any permission at any time in iOS Settings → Privacy & Security.
5. Data retention & deletion
Local data on your device is yours to manage. Deleting the app removes all locally stored data. iCloud data can be deleted through iOS Settings → your name → iCloud → Manage Account Storage.
If you have a Next account, you can delete all server-side data from within the app at Settings → Account → Delete Account and All Data. This action is permanent and removes your task data, sync records, and account from our Supabase database within 30 days.
We do not retain backups of deleted accounts.
6. Children's privacy
Next is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
7. Changes to this policy
We may update this policy as the app gains new features. Material changes will be noted with a revised effective date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.
We will not make changes that retroactively apply new data uses to information already collected without your consent.
8. Contact
Questions, requests, or concerns about your data can be directed to:
Next
Email: privacy@thenexttodo.com
Website: thenexttodo.com