Privacy Policy

Version 1.0 - Effective Date: December 25, 2024

Last updated: December 25, 2024

Privacy at a Glance

  • We never sell your personal information to third parties
  • You control the visibility of your content with granular privacy settings
  • You can export or delete your data at any time
  • We use industry-standard security measures to protect your information

Table of Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. How We Share Your Information
  5. Hearts System and Ranking Data
  6. Data Retention
  7. Data Security
  8. Your Rights and Choices
  9. Privacy Controls
  10. Children's Privacy
  11. International Data Transfers
  12. Cookies and Tracking
  13. Third-Party Services
  14. California Privacy Rights
  15. European Privacy Rights
  16. Changes to This Policy
  17. Contact Us

1. Introduction

Welcome to Bucketlyst. This Privacy Policy explains how Bucketlyst (“Company,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use our website, mobile applications, and related services (collectively, the “Service”).

We are committed to protecting your privacy and being transparent about our data practices. This policy applies to all users of the Service, regardless of how you access it.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us:

  • Account Information: When you sign in with Google, we receive your name, email address, and profile photo from your Google account
  • Profile Information: Display name, username, bio, location, website, and any additional information you add to your profile
  • Bucket List Content: The bucket list items you create, including titles, descriptions, categories, dates, locations, and associated media
  • Journal Entries: Progress updates, completion notes, photos, and videos you add to your bucket list items
  • Social Interactions: Comments you post, Hearts you send and receive, and users you follow. If direct messaging is available, we also collect messages you send and receive
  • Communications: Information you provide when contacting our support team or responding to surveys
  • Payment Information: If we offer Hearts purchases and you choose to buy them, payment processing is handled by third-party providers; we receive transaction confirmations but not full payment details

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

  • Device Information: Device type, operating system, browser type, unique device identifiers, and mobile network information
  • Usage Data: Pages viewed, features used, time spent on the Service, click patterns, and search queries
  • Log Data: IP address, access times, referring URLs, and error logs
  • Performance Data: App crashes, system activity, and hardware settings

2.3 Location Information

We may collect location information in the following ways:

  • Approximate Location: Derived from your IP address for regional content and analytics
  • User-Provided Location: Location information you add to bucket list items or your profile
  • Photo Metadata: Location data embedded in photos you upload (EXIF data), which you can disable on your device before uploading

2.4 Information from Third Parties

We may receive information from third parties, including authentication providers (Google), analytics services, and other users who may share information about you (for example, by linking to your profile).

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing the Service

  • Create and manage your account
  • Enable you to create, track, and share bucket list items
  • Facilitate social features like following, comments, and Hearts
  • Process Hearts transactions and maintain your balance
  • Display personalized content and recommendations
  • Provide customer support

3.2 Feed Ranking and Personalization

  • Rank content in feeds based on Hearts, engagement, and recency
  • Calculate and display trending content
  • Personalize discovery and recommendations
  • Show you content from users you follow

3.3 Communications

  • Send account-related notifications (login alerts, security notices)
  • Notify you about activity on your content (Hearts, comments, follows)
  • Send reminders about your bucket list goals (if enabled)
  • Provide product updates and announcements

3.4 Safety and Security

  • Detect, prevent, and investigate fraud and abuse
  • Enforce our Terms of Service and community guidelines
  • Protect the security and integrity of the Service
  • Verify accounts and prevent unauthorized access

3.5 Analytics and Improvement

  • Analyze usage patterns and trends
  • Measure the effectiveness of features
  • Develop new features and improvements
  • Conduct research and testing

4. How We Share Your Information

We do not sell your personal information to third parties.

We may share your information in the following circumstances:

4.1 With Other Users

Based on your privacy settings, other users may see:

  • Your profile information (name, photo, bio)
  • Your public bucket list items and entries
  • Followers-only content (if they follow you)
  • Your comments, Hearts activity, and follow relationships

4.2 With Service Providers

We share information with trusted service providers who assist in operating the Service:

  • Cloud hosting and storage providers
  • Analytics and performance monitoring services
  • Payment processors (if Hearts purchases are offered)
  • Customer support tools
  • Email and notification services

These providers are contractually obligated to protect your information and may only use it to provide services to us.

4.3 For Legal Reasons

We may disclose information if required by law or if we believe disclosure is necessary to:

  • Comply with legal obligations, court orders, or government requests
  • Protect the rights, property, or safety of Bucketlyst, our users, or the public
  • Detect, prevent, or address fraud, security, or technical issues
  • Enforce our Terms of Service

4.4 Business Transfers

If Bucketlyst is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your information.

4.5 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

5. Hearts System and Ranking Data

The Hearts system involves specific data processing:

5.1 Hearts Data

  • We track Hearts you send and receive, including amounts and timestamps
  • Hearts transactions are stored to maintain your balance and transaction history
  • Aggregated Hearts data (totals per item) is publicly visible on content

5.2 Ranking Algorithm Data

  • We calculate “heart velocity” (recent Hearts received) to determine trending content
  • Content ranking scores are computed using Hearts, velocity, and recency factors
  • This data is used solely for feed ranking and is not shared with third parties
  • You cannot opt out of algorithmic ranking, but you can control content visibility

5.3 Purchase Data

If Hearts purchases are offered, transactions are processed by third-party payment providers. We receive confirmation of successful transactions but do not store full payment card details.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:

  • Account Data: Retained while your account is active
  • Content: Retained while your account is active; deleted content may persist in backups for up to 30 days
  • Transaction Records: Retained for 7 years for legal and accounting purposes
  • Log Data: Typically retained for 90 days
  • Analytics Data: Aggregated data may be retained indefinitely

When you request account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate business purposes.

7. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data transmitted between you and our servers is encrypted using TLS (HTTPS)
  • Database Security: Sensitive data is encrypted at rest with AES-256 encryption
  • Access Controls: Access to personal data is restricted to authorized personnel with a need to know
  • Authentication: We use OAuth 2.0 for secure authentication via Google
  • Row-Level Security: Database policies ensure users can only access their own data and content they're authorized to view
  • Regular Audits: We regularly review and update our security practices

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

8. Your Rights and Choices

You have the following rights regarding your personal information:

8.1 Access and Portability

You can access your personal information through your account settings. For a copy of your data, contact us at support@bucketlyst.ca.

8.2 Correction

You can update or correct your profile information at any time through your account settings.

8.3 Deletion

You can delete individual bucket list items, entries, and comments at any time. To delete your entire account and all associated data, contact us at support@bucketlyst.ca.

8.4 Communication Preferences

You can manage notification preferences in Settings > Notifications. You can opt out of non-essential emails while still receiving important account notices.

8.5 Restriction and Objection

You may request that we restrict processing of your data or object to certain processing activities by contacting us at privacy@bucketlyst.ca.

9. Privacy Controls

We provide extensive privacy controls to give you control over your information:

9.1 Content Visibility

  • Public: Visible to all users and may appear in feeds and search
  • Followers Only: Visible only to users who follow you
  • Private: Visible only to you
  • You can set a default visibility for all new items

9.2 Interaction Controls

  • Control who can comment on your items (Everyone, Followers, Nobody)
  • Control who can send you Hearts (Everyone, Followers, Nobody)
  • If direct messaging or tagging is introduced, you will be able to manage those permissions here
  • If sharing controls are introduced, you will be able to manage sharing from your privacy settings

9.3 Activity Controls

  • If activity status is introduced, you will be able to show or hide it
  • If likes/Hearts count visibility controls are introduced, you will be able to show or hide them

9.4 Blocking

You can block users to prevent them from viewing your profile, content, or interacting with you. Blocked users are not notified.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@bucketlyst.ca.

11. International Data Transfers

Bucketlyst is based in Canada. Your information may be processed and stored in Canada and other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

When we transfer data internationally, we implement appropriate safeguards including:

  • Standard contractual clauses approved by relevant authorities
  • Reliance on adequacy decisions where applicable
  • Certification schemes or binding corporate rules where appropriate

12. Cookies and Tracking

We use cookies and similar technologies to operate and improve the Service:

12.1 Types of Cookies

  • Essential Cookies: Required for the Service to function (authentication, security, session management)
  • Preference Cookies: Remember your settings and preferences (theme, language)
  • Analytics Cookies: Help us understand how users interact with the Service
  • Performance Cookies: Monitor Service performance and errors

12.2 Local Storage

We use browser local storage to cache data for faster loading and offline functionality.

12.3 Managing Cookies

Most browsers allow you to manage cookie preferences. Blocking essential cookies may prevent the Service from functioning properly.

13. Third-Party Services

We use the following third-party services that may collect information:

These third parties have their own privacy policies governing their collection and use of information. We are not responsible for their practices.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about the personal information we collect, use, and disclose about you
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information, so this right does not apply
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@bucketlyst.ca with "CCPA Request" in the subject line.

Categories of Personal Information Collected: Identifiers, personal information (as defined in California Civil Code 1798.80), internet activity, geolocation data, and inferences.

15. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

15.1 Legal Bases

We process your data based on:

  • Contract: Processing necessary to provide the Service you requested
  • Legitimate Interests: Processing for our legitimate business interests (security, fraud prevention, service improvement)
  • Consent: Where you have given consent for specific processing
  • Legal Obligation: Processing required by law

15.2 Your GDPR Rights

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

15.3 Data Controller

Bucketlyst is the data controller for the personal information collected through the Service.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you through the Service or by email
  • Provide a summary of changes if significant

Your continued use of the Service after changes become effective constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Bucketlyst Privacy Team

Privacy Inquiries: privacy@bucketlyst.ca

Data Protection Officer: dpo@bucketlyst.ca

General Support: support@bucketlyst.ca

For privacy-related requests, please include "Privacy Request" in the subject line and provide sufficient information to verify your identity.

← Back to Home
Terms of ServiceHelp Center
About·Help·Privacy·Terms

© 2025 Bucketlyst