Privacy Policy

Effective: May 4, 2026

Overview

Adaely Group LLC ("Company", "we", "our", or "us") operates the Burr application and related services. This Privacy Policy explains how we collect, use, share, and safeguard your information. By using Burr, you agree to the practices described in this policy and our Terms of Service.

Information We Collect

Account Information

When you create an account, we collect your email address. If you sign in with Apple (Sign in with Apple), we receive your name and email address (or an Apple private relay email if you choose to hide your address) as provided by Apple. We track whether your email address can receive our communications based on notifications from Sign in with Apple. We use passwordless authentication, so we do not store passwords.

Task and Shopping Data

We store the tasks and shopping items you create, including titles, due dates, categories, and completion history. This data is necessary to provide the core functionality of the app.

Location Data

If you enable location-based features, the app requests "Always" location permission on iOS to monitor geofences in the background. This allows reminders to trigger when you arrive at or depart from saved locations, even when the app is not in the foreground.

Geofence monitoring is processed on your device by the operating system. We store the coordinates of locations you explicitly save (e.g., "Home", "Costco") on our servers. We do not continuously track or record your real-time position.

Location-based reminders may include the task or item titles you enter in local notification text, such as the item you asked to be reminded about near a saved store. Notification preview visibility is controlled by your iOS notification settings.

If you join a household, other members may be notified with your display name and the store name when you are near a store with shared shopping items. Your precise coordinates and item titles are not shared with household members through these shopping alerts.

If you do not enable location permissions, all other app functionality works normally. You can change location permissions at any time in your device's Settings.

Weather and Environmental Data

If you create weather-triggered reminders or set up Home IQ features, the app sends saved location coordinates to the National Weather Service (Weather.gov), a free U.S. government API, to retrieve current conditions and forecasts. This data is used to determine when to trigger your reminders and to provide weather-related home maintenance predictions. It is not used for advertising.

Home Profile Data

If you set up Home IQ features, we collect your saved home location, ZIP code, home type (house, apartment, condo, or townhouse), and state to provide location-specific home maintenance predictions.

Display Name

When you create an account via email, we collect a display name you choose. This is visible to other members of your household, if applicable.

Device Information

If you enable push notifications, we collect your device token to deliver them. We do not collect device identifiers for advertising or tracking purposes.

Consent Records

When you accept or withdraw consent for AI features or household sharing, we record: the consent interaction timestamp, event type (accepted, declined, withdrawn), consent text version, your IP address, user agent, and an HMAC hash of your email address. These records are maintained for legal compliance and consent verification. Consent event metadata (type, version, text hash, timestamp) survives account deletion; device-identifying fields (IP address, user agent) are redacted upon account deletion.

Sources of Information

We collect personal information from the following sources:

  • Directly from you: Account information, task and shopping item content, saved locations, display name, home profile data, and support feedback you submit
  • Automatically from your device: Device tokens (for push notifications), precise geolocation (if you enable location features)
  • From third parties: Your name and email address from Apple (if you use Sign in with Apple), Sign in with Apple email-forwarding and account-deletion notifications, and App Store transaction and subscription status records from Apple (if you subscribe)
  • Generated by our systems: Buy Again suggestion data (purchase count and last purchase date), AI-generated categorizations and suggestions (if you enable AI features), email deliverability and recovery status, and limited AI list generation metadata (timestamps, quota status, and save retry identifiers)

How We Use Your Information

We use your information to:

  • Provide and maintain the Burr service
  • Provide, verify, and support paid subscription features
  • Verify account email deliverability for authentication, account recovery, privacy responses, billing notices, and security communications
  • Send push notifications for task reminders and geofence alerts, if you have enabled notifications
  • Power AI features such as categorization and suggestions, if you have AI features enabled
  • Improve our service based on usage patterns (aggregated, anonymized)
  • Respond to support requests

Purchase Data

When you mark any shopping item as purchased, we automatically record the item name, quantity, unit, category, associated store(s), and timestamp. This recording is part of core app functionality and occurs regardless of whether you use Buy Again features. Items at pharmacy-type stores are excluded from purchase logging.

This data is used to track purchase count, last purchase date, and your preferred store and quantity for each item, and to provide Buy Again reminders. Buy Again reminders are based on a user-set timer (default 14 days), not algorithmic inference. You control the reminder interval for each item. Buy Again suggestion data is associated with your account only and is not shown to other household members. Purchase records are retained for 12 months. Buy Again suggestion data (aggregated preferences) is retained for 14 months after last activity. You may request access to or deletion of this data by contacting privacy@burr.app.

App Store Subscription Data

If you buy Burr Pro through the App Store, Apple processes your payment method and payment credentials. Burr does not receive or store your credit card number, CVV, Apple ID credentials, or other payment-card credentials.

Burr receives and stores App Store subscription transaction records needed to provide paid entitlements, support refunds and disputes, prevent fraud, maintain accounting records, and comply with App Store requirements. These records may include product ID, transaction ID and original transaction ID, subscription status, purchase and expiration dates, trial or renewal status, Apple environment, Apple signed transaction and server notification payloads, and the StoreKit app account token mapping used to connect the transaction to your Burr account.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We do not use your data for advertising or share it with advertising networks.

Categories Disclosed to Service Providers

We disclose the following categories of personal information to service providers for the business purposes described in this policy:

  • Task and item content and list generation prompts to Google (Gemini API) for AI-powered features, if you have AI features enabled
  • Email address to Brevo for transactional email delivery (verification codes, data exports)
  • Technical error data (request metadata, error stack traces) to Sentry for service reliability monitoring
  • Subscription product and transaction metadata to Apple for App Store purchase, subscription, entitlement, refund, and fraud-prevention processing
  • Account data, app content, saved locations, purchase records, technical logs, and backups to Fly.io and Cloudflare to host, secure, deliver, and back up the Service

These providers process data on our behalf to provide, secure, maintain, and support Burr and the infrastructure services they provide to us.

AI Features

Burr offers optional AI-powered features such as item categorization and list generation. When enabled, these features process your content (such as task titles, shopping items, categories, and list generation prompts) using Google Gemini, a third-party AI service provided by Google.

If you have AI features enabled, task and item data and list generation prompts are sent to Google's Gemini API when those features process your content. Google processes this data under its applicable API data processing terms, which provide protections for your data consistent with this Privacy Policy. We do not send your location data, email address, or account information to AI providers.

List generation prompts may be processed by Burr's AI-list support classifier and list generator. Prompts and AI-generated list text are processed in real time and are not stored by Burr after delivery. Burr retains limited AI list generation metadata for 90 days, including the generation identifier, user identifier, whether the request counted toward the free monthly quota, timestamps, and any saved-list link needed for save retry and idempotency. This metadata does not include your prompt or the generated list text.

If Burr rejects a list generation prompt as unsupported, you may choose to send feedback that includes the rejected prompt. In that case, the prompt is stored as user feedback so we can review and improve the AI-list boundary. It is not stored as AI generation metadata.

You may disable AI features at any time through the app's Settings. When disabled, no data is sent to third-party AI services.

Data Sharing

We may share your information only in these limited circumstances:

  • Household sharing: With other household members for items you explicitly share with the group
  • AI processing: Task and item content and list generation prompts with Google Gemini, if you have AI features enabled (see above)
  • Weather services: Saved location coordinates with the National Weather Service, if you create weather-triggered reminders or set up Home IQ features
  • Hosting, security, and backups: Account data, app content, saved locations, purchase records, technical logs, and backup data with Fly.io and Cloudflare to host, protect, deliver, and back up Burr
  • Legal compliance: To comply with legal obligations
  • Email delivery: We share your email address with Brevo to deliver verification codes and notification emails
  • Safety: To protect our rights or the safety of users

Household Sharing

If you join a household group, other members can see shopping items and tasks you explicitly share with the group. You control what is shared.

  • The household creator manages membership and can remove members
  • If you leave a household, items you shared are removed from the household. Your items and Buy Again suggestion data remain in your own account but are no longer visible to other members
  • If you delete your account, items you shared with a household remain visible to other members but are no longer associated with your identity or account. Your personal account data (email address, display name, saved locations, purchase history, and Buy Again suggestion data) is permanently deleted within 30 days
  • All household members must be at least 13 years of age
  • Shared content may reveal information about your dietary preferences, health-related purchases, habits, location, and schedule

Data Retention

  • Active accounts: Account data is retained while your account is active
  • Purchase history: Retained for 12 months after the purchase date
  • Task completion history: Retained for 24 months
  • Buy Again suggestion data: Retained for 14 months after last activity
  • App Store subscription records: Active subscription state is retained while needed to provide Pro features. Raw Apple signed payloads are redacted when your account is deleted. Limited redacted subscription transaction audit records, such as original transaction ID, notification type or UUID, and timestamp, may be retained for up to 3 years for refund, dispute, accounting, fraud-prevention, and legal compliance purposes
  • Sign in with Apple notification metadata: Minimized event metadata is retained for 4 years for account-deliverability, account-recovery, audit, and deletion-compliance purposes. Verified notification payloads that cannot be written to the database may be temporarily encrypted for replay and retained for up to 7 days
  • AI processing: List generation prompts and generated list text are processed in real time and not stored by Burr after delivery. Item categorization prompts are processed in real time; the resulting item category may be saved on the item. Limited AI list generation metadata is retained for 90 days for quota enforcement and save retry/idempotency
  • Support feedback: Retained while your account is active and deleted with your account, unless we need to retain limited records for legal compliance or dispute resolution
  • Nudge notification log: Retained for 90 days. Other notifications (push, email) are not stored after delivery
  • Location data: Saved location coordinates are retained while your account is active and deleted upon account deletion
  • Consent audit records: Event metadata (type, version, text hash, HMAC email hash, timestamp) retained indefinitely for legal compliance, including after account deletion. Device-identifying fields (IP address, user agent) retained for 7 years or until account deletion, whichever is first
  • Undeliverable accounts: If we cannot reach a private-relay account email after Sign in with Apple reports forwarding disabled or revoked, we prompt for email recovery in the app. If the account is not recovered within 120 days, it is deleted under the Terms unless a current Pro entitlement or an open privacy-request deletion hold defers automated deletion
  • Deleted accounts: All data is permanently deleted within 30 days of account deletion, except consent audit record metadata, minimized Sign in with Apple notification metadata, and limited redacted App Store subscription transaction audit records retained for legal compliance, refund, dispute, accounting, and fraud-prevention purposes

Upon account deletion or a verified deletion request, Brevo ceases all email delivery. Brevo processes transactional emails (verification codes, data exports) on our behalf; we do not maintain a persistent contact record in Brevo. Brevo retains delivery logs per its Data Processing Agreement. Google processes data under its paid API Data Processing Addendum for the requested service only; Google may temporarily log prompts for safety monitoring per its API terms. Sentry processes error reports under its DPA; we do not include item titles or shopping data in error reports.

Data Security

We implement commercially reasonable technical and organizational measures to protect your data, including encryption in transit (HTTPS), encryption at rest for stored data, and secure storage practices. Backup copies of the database are encrypted at rest and retained for a limited period as part of our disaster recovery procedures. If we restore from a backup, any account deletions that occurred after the backup date are re-applied. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

In the event of a data breach affecting your personal information, we will notify affected users as required by applicable law, including within 30 days as required by Washington law (RCW 19.255).

Your Rights

You have the right to:

  • Access: Request a copy of your data by contacting privacy@burr.app
  • Delete: Delete your account and all associated data from Settings in the app
  • Correct: Update your information through the app
  • Portability: Request an export of your data in a portable format

Withdraw Consent

You may withdraw consent for AI features at any time through the app's Settings. You may also delete your account entirely, which removes all your data. You may disable AI features at any time without deleting your account.

Depending on where you reside, you may have additional rights under applicable state laws (such as the California Consumer Privacy Act). We will not discriminate against you for exercising your privacy rights. To exercise any of these rights, contact privacy@burr.app.

You may designate an authorized agent to submit privacy requests on your behalf by providing a signed written authorization to privacy@burr.app. If we deny a privacy request, you may appeal by contacting privacy@burr.app with the subject line "Privacy Appeal."

Limit the Use of My Sensitive Personal Information

Under the California Privacy Rights Act, precise geolocation is a category of sensitive personal information. Burr collects precise location coordinates for saved locations (including your home) to provide location-based reminders and geofencing features.

To limit our use of your sensitive personal information (precise geolocation), disable location features in the app's Settings or revoke location permissions on your device. When location features are disabled, all other app functionality continues to work normally.

Washington State Consumer Health Data

Burr does not perform algorithmic inference on your purchase data. Buy Again suggestions are based on a user-controlled timer, not derived from purchase patterns. AI categorization classifies products (e.g., "Dairy Aisle"), not consumers. Based on our assessment, Burr's v1 feature set does not process consumer health data as defined by Washington's My Health My Data Act (RCW 19.373).

California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information. This section supplements the rest of this Privacy Policy.

Categories of Personal Information We Collect

  • Identifiers: Name, email address, device token
  • Geolocation data: Precise coordinates of saved locations (sensitive personal information)
  • Commercial information: Shopping items, purchase history, purchase count
  • Commercial activity: Buy Again suggestion data (purchase count, last purchase date, user-set reminder interval)
  • Internet activity: App usage patterns (aggregated)
  • Profile information: Home profile (ZIP code, home type)
  • Consent records: Consent interaction timestamps, event types, consent text versions, IP address, user agent, email HMAC hash (purpose: legal compliance — demonstrating valid consent was obtained)

How to Exercise Your Rights

You may request access to, correction of, or deletion of your personal information by contacting privacy@burr.app or by using the deletion feature in the app's Settings. We will respond within 45 days of receiving a verifiable request and will cover the 12-month period preceding the request. You may also request data portability in a machine-readable format. You may adjust your Buy Again reminder interval for each item through the app. To correct or delete individual purchase records, contact privacy@burr.app.

We do not sell or share your personal information for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes other than providing the Service.

Children's Privacy

Burr is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information as quickly as possible.

If you believe a child under 13 has provided us with personal information, please contact us at privacy@burr.app.

Children aged 13–17 may use the Service with parental consent. A parent or guardian who adds a minor to a household represents that they are authorized to consent on that child's behalf.

Third-Party Services

Depending on which features you use, the Service may integrate with the following third-party services:

  • Authentication: Apple (Sign in with Apple), if you choose this sign-in method
  • AI processing: Google Gemini (item categorization and list generation), if AI features are enabled
  • Weather data: National Weather Service / Weather.gov, if you create weather-triggered reminders or set up Home IQ features
  • Maps: Apple Maps, if you use location features
  • Payments and subscriptions: Apple StoreKit and the App Store, if you buy or manage Burr Pro
  • Notifications: Apple Push Notification service (APNs), if you enable push notifications
  • Hosting, security, and backups: Fly.io and Cloudflare, for app hosting, DNS/CDN/TLS, security, static web pages, database backups, and backend log archival
  • Email delivery: Brevo (Sendinblue), for transactional emails such as verification codes and data exports
  • Error monitoring: Sentry, for backend error monitoring and service reliability
  • Home maintenance data: phzmapi.org (USDA Plant Hardiness Zone API), if you set up Home IQ features. We send only your ZIP code to determine your gardening zone; no account information is shared
  • Consent integrity: DigiCert and FreeTSA (RFC 3161 Timestamp Authority services), for cryptographic integrity verification of consent records. Only SHA-256 hash values — which contain no personal information — are transmitted

Email Delivery

We use Brevo (Sendinblue) to send transactional emails, including verification codes and data export files. Brevo processes your email address and email content to deliver these messages. Brevo's privacy policy is available at brevo.com/legal/privacypolicy.

Error Monitoring

We use Sentry to monitor backend errors and maintain service reliability. Error reports may include technical context such as request metadata and error stack traces. We do not include task content, shopping lists, or location data in error reports sent to Sentry. Sentry processes error reports under its Data Processing Agreement.

App Store Purchases and Subscriptions

We use Apple StoreKit and the App Store for Burr Pro purchases and subscriptions. Apple processes payment credentials and manages the purchase sheet, cancellation, and refund request flow. Burr receives and stores subscription transaction records from Apple so we can provide Pro features, validate entitlement status, handle subscription lifecycle events, support refunds or disputes, and maintain accounting and legal records.

Hosting, Security, and Backups

We use Fly.io to host the Burr backend and database, and Cloudflare for DNS, CDN/TLS, static web hosting, security, and R2 backup/log storage. Backup copies may include the account, app, location, purchase, household, and operational data described in this Privacy Policy, and are retained for a limited period as part of disaster recovery.

Each third-party service operates under its own privacy policy. We encourage you to review the privacy practices of these services.

Do Not Track

Our Service does not currently respond to Do Not Track browser signals. We do not allow third parties to collect personally identifiable information about your online activities over time and across different websites when you use our Service.

Changes to This Policy

We may update this policy from time to time. If we make material changes, we will provide at least 30 days' notice through the app or via email before the changes take effect, except where changes are required by law or court order.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

burr

never miss what matters

Built in the Pacific Northwest by a gardener who kept forgetting to cover his plants before frost.