EndyList Privacy
Privacy Policy
EndyList is a priority list app for keeping your tasks available across your devices. This policy explains what information EndyList collects, how it is used, and how the app protects the private task content you write.
Last updated: June 16, 2026
Who operates EndyList
EndyList operates this service and is responsible for the public website, account features, and synced app experience.
Information EndyList collects
EndyList collects the information needed to provide accounts, sync, security, and support.
- Account information: your email address, username, display name, login session, and password reset information if you create an EndyList account.
- Sign-in provider information: if you sign in with Google or WordPress.com, EndyList uses the provider to verify your identity and may receive your basic profile information, such as your email address, name, profile identifier, and avatar. Google sign-in currently requests only the
openid,email, andprofilescopes. - Task data: task titles, subtask titles, notes, category, status, priority bucket, deadline, recurring schedule, order, created date, and completed date.
- Settings: preferences such as theme, categories, timezone, display options, vault settings, and trusted-device metadata.
- Device and browser data: local browser storage, service-worker cache, cookies, session data, IP address, browser type, and diagnostic logs needed to operate and secure the site.
Private task content and encryption
EndyList is designed so the task titles, subtask titles, and notes you write are encrypted in your browser before they sync to the server when the vault is enabled. The server stores encrypted text for those fields. EndyList still stores some structural task information in readable form, such as category, status, deadline, recurring schedule, and sort order, so the app can sync, filter, and schedule tasks.
Your vault key is meant to stay on your device. If you lose all vault unlock methods, EndyList may not be able to recover your encrypted task titles, subtask titles, or notes.
How EndyList uses information
- To create and manage your account.
- To sign you in and keep your session secure.
- To sync tasks, settings, and vault metadata across devices.
- To provide app features such as categories, recurring tasks, import/export, and timezone handling.
- To diagnose bugs, prevent abuse, maintain security, and improve EndyList.
- To respond when you contact EndyList for help.
Location and timezone
If you use the browser location option to suggest a timezone, your browser asks for permission first. The location is used only to suggest the nearest timezone and is not saved by EndyList.
Cookies and local storage
EndyList uses cookies for normal WordPress login sessions and security checks. The app also uses browser storage and a service worker to remember your local task cache, settings, vault state, and offline app shell. Clearing browser data may sign you out, remove trusted-device status, or clear local-only data.
When information is shared
EndyList does not sell your personal information and does not use your task data for advertising.
- Service providers: EndyList is hosted on WordPress infrastructure and Pressable. These providers process information needed to run the site and app.
- Sign-in providers: if you choose Google or WordPress.com sign-in, those providers process your sign-in under their own policies.
- Legal and safety: information may be shared if required by law, to protect the service, or to respond to security, fraud, or abuse issues.
Your choices
- You can use the demo/local app experience without creating a synced account.
- You can sign out or clear local browser storage from your device.
- You can export your EndyList backup from the app.
- You can request account help, correction, export, or deletion through EndyList support channels.
Data retention
EndyList keeps account and synced app data for as long as needed to provide the service, maintain security, resolve issues, comply with legal obligations, or until the account is deleted. Backups and logs may remain for a limited period after deletion as part of normal site operations.
Children
EndyList is not directed to children under 13, and EndyList does not knowingly collect personal information from children under 13.
Changes to this policy
This policy may be updated as EndyList changes. The updated version will be posted on this page with a new last updated date.
