Privacy Policy

Last reviewed: June 5, 2026

Shoppily is the shared shopping list app at shoppily.online, operated by RMM Digital for households, couples, flatmates, and small teams.

This policy applies to the Shoppily mobile application and related support and service endpoints made available under the Shoppily name. For public store, support, and legal references, Shoppily is operated under the developer name RMM Digital.

This privacy policy explains how Shoppily handles information when you use the mobile app, join a room, create shopping content, and contact support.

1. What Shoppily is built to do

Shoppily is a shared shopping list app. Its core function is to let people create or join a room, collaborate on lists, add and update items, and keep room data synchronized across devices.

2. Data we process

Depending on how you use the app, Shoppily may process the following categories of information:

• App-generated identity and session data, including a device identifier, user identifier, and access token used to keep your session active.
• User-provided room and profile data, such as room code, nickname, room name, and membership or approval status inside a room.
• User-generated shopping data, such as list names, item names, notes, categories, stores, prices, quantities, item status, and archive or delete state.
• Manual category correction events, such as the item name and previous and selected categories, when you correct item grouping in a shared room.
• Optional notification and push subscription data, such as notification permission status, push opt-in state, OneSignal identifier, subscription identifier, and push token when notifications are enabled on your device.
• Optional voice input data when you use the microphone button. Audio is used for speech recognition to turn spoken shopping items into text; Shoppily does not store voice recordings on its own backend.
• Premium and purchase-related data, such as product identifiers, purchase verification status, premium entitlement state, rewarded ad reward events, and related transaction references used to activate or restore premium access.
• Advertising, diagnostics, approximate location, and device identifier data processed by advertising and mobile platform SDKs, including IP address-derived approximate location, ad or app set identifiers, app interactions, ad views, diagnostic information, and app performance data.
• Optional website signup data if you leave your email address to join tester or early-access notifications from shoppily.online.
• Technical and sync data required to communicate with the Shoppily backend and realtime services.
• Support communications you send to us, including the content of your email and any room code or context you include.

3. What stays on your device

The app uses local on-device storage to keep session continuity and cache working data. This can include your device identifier, user identifier, access token metadata, selected room code, nickname, settings, and local item or room cache used for performance, offline support, or synchronization behavior.

4. What is synchronized to backend services

When you use room collaboration features, Shoppily sends room and shopping content to the backend so the room can work across devices. This includes room membership data and the shopping content created inside that room. By design, room data is visible to other approved members of the same room.

5. Permissions and device features

Shoppily uses the following mobile permissions and device features when you trigger them in the app:

• Camera access to scan room QR codes.
• Microphone and speech recognition access for optional voice input. Voice input is optional and you can type shopping items instead.
• Notification permission, when available on your platform, so you can receive room activity or access-related updates.
• Internet access for backend API requests and realtime synchronization.

For the intended public Android build, Shoppily does not require precise location permission and is not intended to request Bluetooth or Nearby Devices access. Advertising SDKs may process IP address information to estimate approximate location for advertising, analytics, and fraud prevention.

6. Why we process this data

We process data to operate the app, maintain your session, keep rooms synchronized, store and display shopping content, support offline or cached experiences, improve automatic item categorization based on manual corrections, respond to support requests, and protect service integrity.

7. Third-party services and SDKs

Shoppily relies on hosting, API transport, and mobile platform services to deliver app functionality. When push notifications are enabled, the app also uses OneSignal and related mobile notification services to register your device subscription, route notification delivery, and manage notification permission or opt-in state. That may involve processing identifiers such as a OneSignal user ID, subscription ID, push token, locale, and basic notification preference state for service functionality.

The public Android build includes Google Mobile Ads and consent-related technology to serve native, interstitial, and rewarded ads in selected app surfaces. When ads are active, Google may collect and share data such as IP address, approximate location inferred from IP address, ad identifiers, app interactions, ad views, diagnostic information, and app performance data for advertising, analytics, and fraud prevention under Google's own terms and privacy practices. Users may be shown privacy or consent choices where required.

Premium purchase, restore, and rewarded premium features use Google Play Billing, Google Mobile Ads rewarded verification, and Shoppily backend verification. Shoppily may process purchase history or reward event data such as product ID, purchase token references, transaction references, verification status, entitlement status, and expiry time to activate, restore, prevent abuse of, or delete premium access.

Optional voice input uses the platform speech recognition service to convert speech to text. The resulting text may become shopping content if you submit it as an item. Shoppily does not store microphone recordings on its backend.

8. Data sharing

We do not describe Shoppily as a data broker and we do not sell personal information through the app experience described here. However, information you place in a shared room is shared with other members of that same room because that is the core purpose of the product. Service providers and SDK providers may also process data to host, transmit, secure, monetize, measure, or deliver the service, including Google, Google Play, Google Mobile Ads, OneSignal, and infrastructure providers.

9. Retention and deletion

We keep data for as long as it is reasonably needed to operate rooms, lists, synchronization, premium access, ads reward verification, support, and related app functions. Manual category correction events may be retained for up to 180 days to help improve automatic categorization and product quality. Some data may remain temporarily in local cache, service logs, service backups, or third-party platform records for operational, security, fraud prevention, legal, or billing reasons. You can remove certain content through app actions where available, use the in-app Delete account option, or contact us to request deletion, access, or correction support.

10. Support and privacy requests

If you want to request deletion, access, correction, or clarification about data related to your Shoppily usage, contact shoppily.support@gmail.com. To help us locate the correct room or session, include any relevant room code, nickname, user ID if available, and a short explanation of your request. For account deletion steps, use the Delete Shoppily account page.

11. Secure data handling

We use reasonable operational, administrative, and technical measures designed to reduce unauthorized access, use, alteration, or disclosure of data handled by the service. In the intended production configuration, app traffic to Shoppily services is meant to use secure transport such as HTTPS and WSS. Access to service data should be limited to people or providers who need it to operate, maintain, secure, or support the service. No method of transmission or storage can be guaranteed to be completely secure.

12. Policy updates

We may update this policy when the app, infrastructure, or disclosure requirements change. The effective date above shows the version currently published for review.

13. Related Shoppily pages

For a plain-language overview of the product, visit the Shoppily shared shopping list homepage. If you need help with room access, sync issues, or data requests, use the Shoppily support page. For account deletion, use the Delete Shoppily account page. For the official product and operator reference, use the About Shoppily page.