Privacy Policy


Effective Date: April 2026

Upsster Labs Ltd. (“Upsster Labs,” “we,” “our,” or “us”) is the controller of your personal data for the SayPlan mobile application, the SayPlan-related pages on sayfamilyapps.com, and related services (together, the “Service”).


This Privacy Policy explains what personal data we collect, how we use it, when we share it, how long we keep it, and what rights you have under applicable data protection laws, including the General Data Protection Regulation (“GDPR”).


This notice is intended to be clear, transparent, and easy to understand.

1. Scope of this Privacy Policy

This Privacy Policy applies to:

  • the SayPlan mobile application;

  • your SayPlan account and in-app content;

  • support communications sent to us; and

  • related SayPlan web pages that link to this Privacy Policy.

This Privacy Policy does not govern third-party services that have their own privacy policies, including Apple, Google, OpenAI, Firebase, AWS, and RevenueCat. When you use features powered by those services, their own terms and privacy policies may also apply.

2. Who we are

Controller: Upsster Labs Ltd.
Country: Bulgaria
Contact email: support@sayfamilyapps.com

If you have privacy questions or want to exercise your rights, contact us at support@sayfamilyapps.com. If you are in Bulgaria, the supervisory authority is the Commission for Personal Data Protection (CPDP). You may also contact your local supervisory authority in the EEA where you live or work.

3. Personal data we collect

We may collect the following categories of personal data.

Account and identity data

  • name, display name, or username;

  • email address;

  • authentication identifiers and login-related data;

  • sign-in provider details when you use Apple Sign-In or Google Sign-In.

Content and input data

  • voice recordings you submit when using voice features;

  • transcriptions of your voice input;

  • text input you type into the app;

  • tasks, plans, dates, reminders, notes, and other content you create in the app.

Device and technical data

  • device type;

  • operating system;

  • app version;

  • approximate technical diagnostics and configuration data necessary to operate, troubleshoot, and secure the app.

Usage and analytics data

  • interactions with app screens and features;

  • event data and product usage statistics;

  • performance and stability information;

  • crash reports and diagnostics collected through Firebase Analytics and Firebase Crashlytics. Firebase documentation states Analytics begins collecting data once the SDK is added unless configured otherwise, and Crashlytics is used for real-time crash reporting and diagnostics.

Subscription and transaction-related data

  • subscription status;

  • product identifiers;

  • purchase receipts or subscription metadata made available to us through the app stores and RevenueCat.

Support and communication data

  • messages you send to support;

  • information you include in those requests;

  • records of how we handled your request.

4. Sources of personal data

We collect personal data:

  • directly from you, when you create an account, speak, type, plan, subscribe, or contact support;

  • from Apple and Google when you use their sign-in or platform services;

  • from Apple App Store and Google Play, and through RevenueCat, for subscription and receipt validation;

  • from Firebase tools for app analytics, diagnostics, and crash reporting.

5. How and why we use personal data

We use personal data for the following purposes:

  • To provide the Service

    • create and manage your account;

    • authenticate you;

    • save your plans, tasks, reminders, and settings;

    • sync your content across supported devices.

  • To generate task outputs from your input

    • process voice and text input;

    • transcribe voice input;

    • convert your spoken or written plans into structured tasks and related outputs.

  • To maintain and improve the Service

    • understand feature usage;

    • monitor stability and performance;

    • diagnose crashes and errors;

    • improve reliability, user experience, and product quality.

  • To manage subscriptions and purchases

    • determine subscription status;

    • enable paid features;

    • help with purchase restoration and subscription support.

  • To communicate with you

    • respond to support requests;

    • provide service-related notices;

    • communicate about account or privacy requests.

  • To secure the Service

    • detect abuse, misuse, fraud, and unauthorized access;

    • maintain logs reasonably necessary for security and troubleshooting.

Google Play specifically expects disclosure of collected/shared data, secure handling, retention/deletion, and contact details in the privacy policy, and the policy should stay consistent with the app’s Data safety disclosures.

6. Legal bases for processing

Where GDPR applies, we rely on the following legal bases:

  • Performance of a contract

    We process most account, planning, transcription, AI output, and subscription-related data because it is necessary to provide the Service you request.

  • Legitimate interests

    We process certain analytics, security, diagnostics, support, and service-improvement data where necessary for our legitimate interests in operating, protecting, and improving the Service, provided those interests are not overridden by your rights.

  • Consent

    Where required by applicable law, we rely on consent, including for any optional processing that legally requires it. ICO guidance says privacy information should explain lawful bases, individuals’ rights, retention, sharing, and complaint options.

7. AI processing

A core function of SayPlan is turning your spoken or typed plans into structured tasks. To do that, we may send your voice transcription and text input, and the necessary surrounding context, to third-party AI providers, including OpenAI, for processing.

We use this processing to:

  • analyze your input;

  • identify plans, tasks, and dates;

  • generate structured task outputs;

  • improve the accuracy and usefulness of the Service.

We do not send your payment card details to AI providers. According to OpenAI’s current API documentation, data sent through the OpenAI API is not used to train or improve OpenAI models unless the customer explicitly opts in to share data, although some API data may be stored as abuse monitoring logs or application state depending on the feature used.

8. Analytics and crash reporting

We use Firebase Analytics and Firebase Crashlytics to understand how the app is used, measure performance, and diagnose errors and crashes. Firebase states that Analytics data collection begins automatically once the SDK is added unless configured otherwise, and Firebase provides controls for configuring data collection and opt-in behavior for certain services, including Crashlytics and Analytics-related collection.

We use this information to:

  • understand which features are used;

  • measure app stability and performance;

  • prioritize bug fixes and reliability work;

  • improve onboarding, UX, and product quality.

9. Payments and subscriptions

Paid features and subscriptions are offered through the Apple App Store and Google Play, with subscription management support through RevenueCat. We do not receive or store your full payment card number. We may receive subscription metadata such as:

  • product ID;

  • purchase status;

  • renewal status;

  • transaction or receipt-related identifiers required for subscription management.

RevenueCat publicly describes itself as processing end-user data as a processor under its DPA and privacy framework.

10. Notifications

SayPlan may use local notifications on your device to remind you about tasks and plans. Local notifications are generated on the device and do not, by themselves, require us to send additional notification content from our servers. If we later introduce remote push notifications, we will update this Privacy Policy before doing so.

11. When we share personal data

We do not sell your personal data. We may share personal data with service providers and partners only as needed to operate the Service, including:

  • OpenAI for AI processing;

  • Amazon Web Services (AWS) for hosting and cloud infrastructure;

  • Google Firebase for analytics and crash reporting;

  • Apple and Google for authentication, store operations, and platform services;

  • RevenueCat for subscription and purchase infrastructure.

We may also share data:

  • if required by law, regulation, legal process, or enforceable governmental request;

  • to protect the rights, safety, integrity, and security of the Service, our users, or others;

  • in connection with a merger, acquisition, financing, restructuring, sale of assets, or similar transaction, subject to appropriate confidentiality and legal safeguards.

12. International data transfers

Because we operate globally and use international service providers, your personal data may be transferred to and processed in countries outside your country of residence, including outside the EEA. Where required, we rely on appropriate safeguards for international transfers, such as adequacy decisions, contractual safeguards, or other lawful transfer mechanisms.

13. Data retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide the Service, comply with law, resolve disputes, and enforce agreements. As a general framework:

  • Account data: kept while your account remains active and for a limited period afterward as needed for legal, security, and support purposes.

  • Tasks, plans, transcriptions, and in-app content: kept while your account remains active, unless you delete them earlier.

  • Support communications: kept as reasonably necessary to respond to the request and maintain support history.

  • Analytics and diagnostic data: retained according to the applicable service configuration and provider retention settings, where available.

  • Subscription records: kept as reasonably necessary for accounting, tax, fraud prevention, and compliance obligations.

If you delete your account, we will delete or anonymize your personal data within a reasonable period, except where we must retain certain information for legal, security, fraud prevention, financial reporting, or claims-handling purposes. ICO guidance says that if you do not state a fixed retention period, you should state the criteria used to decide retention.

14. Account deletion and data deletion

You can request deletion of your account and associated data through:

Because Google Play requires a web link resource for account deletion where apps support account creation, you should also publish a dedicated account deletion web page before launch.

Please note that some data may need to be retained where required by law or for legitimate reasons such as fraud prevention, security, financial reporting, or dispute resolution. Google Play’s guidance also recognizes that some data may be retained for legitimate reasons if this is clearly disclosed.

15. Your privacy rights

Depending on your location, and in particular if you are in the EEA, you may have the right to:

  • access the personal data we hold about you;

  • correct inaccurate or incomplete personal data;

  • request deletion of personal data;

  • restrict processing;

  • object to certain processing;

  • request portability of certain personal data;

  • withdraw consent where processing is based on consent.

You also have the right to lodge a complaint with your local supervisory authority. In Bulgaria, that is the Commission for Personal Data Protection (CPDP).

To exercise your rights, contact support@sayfamilyapps.com. We may need to verify your identity before fulfilling certain requests.

16. Children’s privacy

SayPlan is not intended for children under 13, and we do not knowingly collect personal data from children under 13 without appropriate consent or other lawful basis. If you believe a child under 13 has provided us personal data, contact us at support@sayfamilyapps.com so we can review and take appropriate action.

17. Security

We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. No system can guarantee absolute security, but we work to maintain safeguards appropriate to the nature of the data and risks involved.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Effective Date” at the top of the policy. If changes are materially important, we may provide additional notice within the app, on the website, or by other appropriate means.

19. Contact us

Upsster Labs Ltd.
Bulgaria
support@sayfamilyapps.com