Privacy Policy

NextThing collects only what is necessary to provide the service. When you create an account, we store your email address and authentication credentials. Your tasks, projects, contexts, and other GTD data are stored securely to enable cross-device synchronization. If you purchase a subscription, we receive purchase metadata (product identifier, transaction ID, platform) from Apple or Google via Adapty. If you enable product analytics, we collect anonymous usage events (screens viewed, features used, crashes) — never the contents of your tasks.

• To provide and maintain the NextThing service
• To sync your data across devices
• To process and validate subscription purchases
• To send essential account-related communications
• To diagnose crashes and improve the app based on aggregated, anonymized usage patterns

We do not sell, rent, or share your personal data with third parties for advertising purposes.

NextThing uses an offline-first architecture. Your data is stored locally on your device and synced to our cloud infrastructure (powered by Supabase, with PowerSync handling real-time replication) when a connection is available. Data is encrypted in transit using TLS.

We retain your personal data only as long as your account is active or as needed to provide the service. When you delete your account, we purge personal data (email, authentication identifiers, tasks, projects, contexts) from production databases within 30 days. Encrypted backup snapshots are rotated and fully purged within 90 days. Aggregated, anonymized analytics that cannot be linked back to you may be retained indefinitely.

We use the following services to operate NextThing. Each processes only the data needed for its specific function:

• Supabase — authentication, database, and file storage
• PowerSync — real-time synchronization engine between your device and Supabase
• PostHog — product analytics and crash diagnostics (anonymous usage events; session replay is disabled)
• Adapty — subscription management and App Store / Google Play receipt validation (purchase metadata and platform identifiers)
• Telegram — optional Telegram bot integration; if you connect it, we store your Telegram user_id and chat_id to route messages you send into your NextThing inbox
• Vercel Analytics — anonymous website usage analytics (landing page only)

When you sign in with Apple, Apple may give us either your real email address or a private relay address ending in @privaterelay.appleid.com. We treat the relay address as your account email and do not attempt to resolve or de-anonymize it. All emails we send (password resets, account notices, purchase receipts) go to the address Apple provides, and Apple forwards them to your real inbox. You can stop sharing your email or revoke Sign in with Apple at any time from Settings → Apple ID → Sign in with Apple on your device; doing so will prevent you from signing back in and you can then request full account deletion.

You can permanently delete your NextThing account and all associated data at any time, directly from the app: Settings → Account → Delete Account. Deletion is immediate, irreversible, and does not require you to contact support. A web-based alternative is available at nextthinggtd.com/delete-account for users who no longer have the app installed. After deletion we purge your personal data within 30 days as described in the Data retention section.

If you are located in the European Economic Area, the United Kingdom, California, or another jurisdiction with similar protections, you have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate or incomplete data
• Erasure — request deletion of your data (the "right to be forgotten")
• Portability — receive your data in a machine-readable format
• Restriction — ask us to limit how we process your data
• Objection — object to processing for specific purposes
• Withdraw consent — where processing is based on consent, you can withdraw it at any time

You can exercise any of these rights by deleting your account in-app or by emailing privacy@nextthinggtd.com. We will respond within 30 days.

NextThing is not directed at children under 13 (under 16 in the European Economic Area) and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact privacy@nextthinggtd.com and we will delete the account and associated data promptly.

For privacy-related questions, reach us at privacy@nextthinggtd.com