FreeToDoList

Privacy Policy

Last updated: 2026-05-03

This is the privacy policy for FreeTodoList.com (the "Service"). It describes what we collect, how we use it, and the choices you have. Plain English where possible.

What we collect

You don't need an account to use FreeTodoList. If you create lists without signing in, we store only:

  • The lists you create (name, description, items, due dates, completion state)
  • A randomly-generated identifier for each list, used in the URL
  • Browser cookies for your session

If you create an account, we additionally store:

  • Your email address (or, if you sign in with Google, the email + name + avatar URL Google sends us)
  • An encrypted password digest (passwords are never stored in plain text)
  • The time zone your browser reports (so due dates display correctly)
  • The time of your last login

Site analytics. Like most websites, we record basic request data — IP address, browser type, the page you visited — to understand traffic patterns and detect abuse. This is rolled up into aggregate counts; we don't build per-person profiles. Data older than the rolling analytics window is summarized and cannot be tied back to an individual.

Error tracking. When the site hits an unexpected error, technical context (the URL, a stack trace, your user ID if you're logged in) is sent to our error-tracking provider so we can fix bugs.

What we don't do

  • We don't sell your data.
  • We don't run third-party advertising on the site.
  • We don't read your list contents to train AI models. (Our robots.txt content signals ask other AI crawlers not to either.)
  • We don't share your email address with anyone.

Third-party services we use

  • Google OAuth — only when you choose to sign in with Google. Google sees you logged in to FreeTodoList; we receive your name, email, and avatar URL.
  • Hosting & email delivery — our infrastructure provider (Postgres database, Redis cache, AWS for transactional email) processes your data only as needed to run the service.
  • Web analytics — we use lightweight, privacy-respecting analytics tools that don't set tracking cookies across sites.
  • Error tracking (Honeybadger / New Relic) — receives technical error data when something breaks.

Cookies

We use a small number of cookies:

  • _session_id — keeps you logged in
  • user_timezone — remembers your time zone for due-date display
  • A view-preference cookie remembering whether you like list or grid view

We don't use third-party tracking cookies.

Sharing lists

When you turn on sharing for a list, we generate a long random token and put it in the URL. Anyone with the URL can view (or, if you use the editable link, edit) that list. Be careful who you share with — links can be revoked, but only after the fact.

Your rights

  • See what we have: log in and visit your dashboard. The list data shown there is everything we have linked to your account.
  • Delete your account: contact us via the feedback form. We'll delete your user record, all your lists, and all the items in them.
  • Export: every list has a Markdown / Plain Text / iCal export option from the Actions menu.

Children

FreeTodoList isn't directed at children under 13. If you believe a child has signed up, contact us and we'll delete the account.

Changes

If we materially change this policy, we'll update the "Last updated" date at the top and post a note on the homepage or in the blog.

Contact

Questions: send feedback.

Available also as plain markdown: /privacy.md

Home New List Templates Login