OpenTodoList is a privacy focused app. As such, it is important for us to make it transparent to you which information is used by the app and how we process it. Let’s get started.
The OpenTodoList App
The OpenTodoList app on any platform, i.e. Desktop systems such as mac OS, Linux and Windows, as well as the iOS and Android versions works pretty much the same way (in fact, the app is built from the very same code base for all platforms).
Data the App Collects
OpenTodoList organized content in libraries. These are basically a structure of folders and files that are used to represent things like todo lists, note books and so on. You can attach additional files like photos and audio files to items in your library. These attachments as well as information you enter (e.g. in text form) in these items might contain personal information about you or others.
OpenTodoList supports two workflows:
Local Libraries
You can create purely local libraries. Such libraries are stored only on your device. The app will never copy any data off the device. You can - depending on the device and operating system used - use other mechanisms to copy the data and e.g. create backups. However, this is out of scope of OpenTodoList itself.
Synchronized Libraries
In addition, OpenTodoList has built-in mechanisms to sync your libraries using some server component. This is useful to keep your data backed up (in case your device gets lost or damaged). In addition, this feature is used to allow synchronizing your libraries across several devices (e.g. your laptop and smartphone).
For this purpose, OpenTodoList can be configured to communicate with third party file storage services, like NextCloud and ownCloud. This is done by adding an Account in the app. Depending on the concrete service you want to use to synchronize the data, you might have to enter your login data or otherwise authenticate against the service and log into it.
We don’t have any influence on the services you might use to store your libraries. You might use services hosted by third parties or you might - if you run your own e.g. NextCloud or ownCloud server - sync against your self-hosted one. If you are concise about privacy, we heavily recommend running your own service if you can: This grants you the biggest possible control over your data. However, if you cannot afford doing so, using a (privacy friendly) file store is fine as well.
Please note that it also depends on the concrete type of service you use on whether the library data but also e.g. login data is transferred encrypted or not. For example, if you use a WebDAV server which only can be accessed via HTTP (i.e. unsecure traffic), than any data transmitted between the app and the server is unencrypted and hence could potentially be captured by an attacker. We do not recommend using pure HTTP, however, it is up to you and if you decide using such an approach is fine for your use case, the app won’t prevent you from doing so.