Maybe Tomorrow / 내일할까
Maybe Tomorrow Privacy Policy
Effective Date: June 8, 2026
Last Updated: June 8, 2026
App: Maybe Tomorrow / 내일할까
Platform: Native iOS app only
Privacy Policy URL: https://trendswhat.com/maybe-tomorrow/privacy-policy/
Maybe Tomorrow / 내일할까 (“Maybe Tomorrow,” the “App,” “we,” “us,” or “our”) is operated by Jay Jung. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you use Maybe Tomorrow and related services, including our backend API at https://api.trendswhat.com and our public legal pages hosted under trendswhat.com.
Contact: [email protected]
Operator location: Republic of Korea
Controller / business / personal information controller: Jay Jung
1. Overview
Maybe Tomorrow is an iOS-only productivity app that helps users create and manage personal plans, today/tomorrow tasks, project areas, projects, project tasks, completion status, deadlines, and “defer to tomorrow” actions.
The App supports:
- Guest mode, where app data is stored locally on your device unless you later choose to sign in and sync it.
- Signed-in mode, using Google Sign-In or Sign in with Apple through Firebase Authentication.
- Cloud sync for signed-in users, using our backend API and database.
- Analytics and advertising, including Firebase Analytics, Google Mobile Ads SDK / AdMob, Google User Messaging Platform SDK, and, if enabled, AdMob mediation or bidding partners such as Pangle and PubMatic.
The App is currently not designed to request camera, photos, contacts, microphone, health, precise location, calendar, or notification permissions. If we add new permissions or features later, we will update this Privacy Policy and our App Store disclosures as required.
2. Information We Collect
The exact information we collect depends on whether you use Maybe Tomorrow as a guest or as a signed-in user.
| Category | Examples | Source | Purpose |
|---|---|---|---|
| Account and sign-in information | Firebase UID, authentication provider, email address if provided by Google, Apple, or Firebase, Sign in with Apple full name if provided, nickname, generated 4-digit nickname tag, created/updated timestamps, last login timestamp | You, Apple, Google, Firebase Authentication | Account creation, sign-in, authentication, account management, security, sync |
| Authentication tokens | Firebase ID tokens sent as Bearer tokens to our backend API; token verification results using Firebase Admin | Firebase Authentication and our backend | Verify signed-in requests, protect accounts and synced data |
| Productivity and user-generated app data | Task/plan title, detail/content, plan date, deadline date, completion timestamp, project area title, project title, project task title, assignment relationships, project member display nickname/tag, client UUIDs, server IDs, sort order, created/updated/deleted timestamps | You and the App | Provide task, plan, project, completion, deadline, defer-to-tomorrow, and sync features |
| Local device data | Local SQLite database containing guest and/or signed-in app data, local identifiers, sync metadata | The App on your device | Offline use, local storage, guest mode, sync and conflict handling |
| Device, app, and technical information | Device model, operating system, app version, language, region, app instance identifiers, device identifiers, IP address, approximate location inferred from IP address, crash or diagnostic data, performance data | The App, Firebase, Google Mobile Ads, mediation partners if enabled, infrastructure providers | App functionality, analytics, ad delivery and measurement, fraud prevention, security, diagnostics |
| Analytics information | App opens, sessions, screen views, feature usage, app lifecycle events, approximate location inferred from masked IP address, app instance ID | Firebase Analytics | Understand app performance and usage, improve features, measure reliability |
| Advertising and consent information | Advertising identifier if permitted by iOS App Tracking Transparency, device or app identifiers, ad requests, ads shown, ad interactions, consent status, privacy choices, UMP form status | Google Mobile Ads SDK / AdMob, Google UMP SDK, mediation partners if enabled | Show ads, measure ad performance, support personalized or non-personalized ads, comply with consent requirements |
| Support and communications | Email address, message content, screenshots or information you choose to send us | You | Respond to requests, troubleshoot, support rights requests |
| Website and legal-page logs | IP address, browser/device information, request logs, security logs | Cloudflare Pages / Cloudflare infrastructure and hosting logs | Serve public pages, security, abuse prevention, diagnostics |
We do not intentionally collect camera, photo library, contacts, microphone, health, precise GPS location, calendar, or notification-permission data unless a future version of the App adds those permissions and you grant them.
Please avoid entering highly sensitive information into task titles, notes, project names, or plan details unless you are comfortable storing that information in the App and, for signed-in users, syncing it to our backend.
3. Guest Mode, Local Storage, and Cloud Sync
Guest mode
If you continue as a guest, Maybe Tomorrow stores your plans, tasks, projects, and related data locally on your device in a SQLite database. Guest data is not synced to our backend unless you later sign in and choose to promote or sync the local data to your account.
Guest data may be lost if you delete the App, erase app data, lose your device, or otherwise remove local storage. We cannot recover guest-only data that was never synced.
Signed-in mode
If you sign in with Google Sign-In or Sign in with Apple, Firebase Authentication creates or manages your identity for the App. The App obtains Firebase ID tokens and sends them as Bearer tokens to our backend API at https://api.trendswhat.com. Our backend verifies those Firebase ID tokens using Firebase Admin before processing account or sync requests.
For signed-in users, productivity data and related metadata are synced to our backend and stored in a MySQL database on AWS RDS. The production API runs on an OCI server. Public legal pages are hosted through Cloudflare Pages and Cloudflare infrastructure.
Promoting guest data to a signed-in account
If you use guest mode and later sign in, local guest data may be promoted to your signed-in account and synced to the backend. After promotion, that data becomes account-associated data and is handled under the signed-in sections of this Privacy Policy.
4. How We Use Information
We use personal information for the following purposes:
- Provide and operate the App, including task, plan, project, deadline, completion, defer-to-tomorrow, local storage, and cloud sync features.
- Authenticate users, verify Firebase ID tokens, maintain signed-in sessions, and protect account data.
- Manage accounts, including nicknames, nickname tags, provider information, creation timestamps, login timestamps, and deletion requests.
- Maintain and improve the App, including analytics, performance measurement, debugging, and product decisions.
- Display and measure ads, including native ads in list, today, tomorrow, project, and achievement areas.
- Manage privacy and advertising choices, including consent records, privacy options forms, App Tracking Transparency status, and region-specific privacy controls.
- Protect security and prevent abuse, including detecting misuse, unauthorized access, fraud, spam, or technical issues.
- Provide support, respond to requests, and communicate about account, privacy, or service matters.
- Comply with legal obligations, enforce our Terms of Service, and protect our rights, users, and the public.
5. Legal Bases for Processing for EEA/UK Users
If the GDPR or UK GDPR applies, we rely on one or more of the following legal bases:
| Processing purpose | Legal basis |
|---|---|
| Providing the App, account features, sync, and support | Performance of a contract or steps taken at your request |
| Authentication, security, fraud prevention, debugging, and service integrity | Legitimate interests; legal obligation where applicable |
| Firebase Analytics and similar measurement, where consent is required | Consent; otherwise legitimate interests where permitted |
| Personalized ads, advertising identifiers, and access to local storage where legally required | Consent |
| Non-personalized or contextual ads, basic ad delivery, frequency capping, fraud prevention, and reporting | Consent where required; otherwise legitimate interests or contract necessity where permitted |
| Legal compliance, tax, accounting, dispute handling, and regulatory requests | Legal obligation; legitimate interests |
You may withdraw consent at any time where processing is based on consent. Withdrawal does not affect processing that occurred before withdrawal.
6. Advertising, Analytics, and Consent Choices
Firebase Analytics
We use Firebase Analytics to understand how the App is used and to improve reliability and features. Firebase Analytics may collect an app instance ID, app lifecycle events, screen views, sessions, device and app information, and approximate location derived from masked IP address.
We do not intentionally send task titles, task details, project names, plan content, or other free-text productivity content to Firebase Analytics as analytics event parameters. If we add custom analytics events, we will design them to avoid transmitting user-generated task or project content.
AdMob and Google Mobile Ads SDK
We use Google Mobile Ads SDK / AdMob to show native ads in areas such as list, today, tomorrow, project, and achievement views. AdMob and related advertising technologies may process information such as IP address, approximate location inferred from IP address, device identifiers, advertising identifiers if permitted, app identifiers, ad requests, ads shown, ad interactions, diagnostics, crash-related data, and performance data.
Personalized ads
Personalized ads may be based on information about your activity in this App and information from other apps, websites, or services, depending on your consent choices and applicable law. On iOS, access to the device advertising identifier and tracking across apps and websites owned by other companies requires permission through Apple’s App Tracking Transparency framework.
We use the following App Tracking Transparency purpose string or a substantially similar string:
“Maybe Tomorrow uses your device identifier to deliver personalized ads and measure ad performance.”
If you deny tracking permission, we will not access the iOS advertising identifier for tracking or track you across apps and websites owned by other companies as described by Apple’s App Tracking Transparency rules. Ads may still appear, but they should be contextual, non-personalized, limited, or otherwise based on choices available under applicable law and advertising-platform settings.
Non-personalized ads
Non-personalized or contextual ads are not selected based on a profile created from your activity across other companies’ apps or websites. They may still use limited data such as IP address, approximate location, app information, device type, consent status, fraud-prevention signals, frequency capping, and basic ad measurement where permitted by law and advertising platform settings.
Google User Messaging Platform SDK
We use Google User Messaging Platform SDK to request and manage advertising consent and privacy choices where required. Depending on your region, the App may display privacy messages for EEA/UK/Switzerland consent, U.S. state privacy choices, or other applicable choices. You can manage available ad privacy choices through the App’s privacy settings where required and through iOS settings for App Tracking Transparency.
Pangle and PubMatic / mediation partners
We may add Pangle as an AdMob bidding or mediation partner for native ads. We may also use PubMatic or related app-ads.txt authorized-seller relationships if enabled. If these partners are enabled, they may receive ad-request and measurement information such as device identifiers, advertising identifiers if permitted, IP address and approximate location inferred from IP address, ad interactions, diagnostics, performance data, and consent signals. We will update this Privacy Policy, our privacy choices page, and App Store disclosures before enabling material new advertising partners or data uses.
app-ads.txt
We may publish an app-ads.txt file at the root of our developer website to identify authorized advertising sellers and reduce ad fraud. The app-ads.txt file itself is a public text file and is not intended to collect personal information from users.
7. When We Disclose Information
We may disclose personal information as described below.
| Recipient category | Purpose | Examples of information |
|---|---|---|
| Authentication providers | Sign-in and identity management | Apple account identifier, Google account information, Firebase UID, email, display name if provided, authentication metadata |
| Firebase and Google services | Authentication, analytics, advertising, consent management, backend token verification | Firebase UID, app instance identifiers, device/app information, analytics events, consent choices, ad identifiers where permitted, ad interactions |
| Advertising partners | Ad delivery, measurement, fraud prevention, personalized or non-personalized advertising depending on consent | IP address, approximate location, device/app identifiers, advertising identifier if permitted, ad requests, ad interactions, diagnostics, performance data |
| Hosting and infrastructure providers | Backend API, database, public pages, CDN, security, logs | Account data, synced productivity data, technical logs, IP addresses, security metadata |
| Service providers and contractors | Support, operations, debugging, compliance | Information needed to provide the contracted service |
| Legal, safety, and compliance recipients | Comply with law, respond to legal process, enforce rights, protect users or the public | Information necessary for the request or protection purpose |
| Business-transfer recipients | Merger, acquisition, financing, reorganization, sale of assets | Information reasonably related to the transaction, subject to appropriate protections |
We do not sell personal information for money. However, some privacy laws define “sale,” “sharing,” or “targeted advertising” broadly. Our use of advertising SDKs and mediation partners for personalized or cross-context behavioral advertising may be considered a “sale,” “sharing,” or “targeted advertising” under some U.S. state privacy laws. See our User Privacy Choices page for opt-out options.
8. Third-Party Services
Maybe Tomorrow uses or may use the following third-party services:
| Service | Role |
|---|---|
| Apple Sign in with Apple | Sign-in provider; may provide name and email depending on user choice |
| Google Sign-In | Sign-in provider; may provide account information depending on user choice and scopes |
| Firebase Authentication | Identity management and authentication |
| Firebase Admin | Backend verification and administration of Firebase authentication |
| Firebase Analytics | App analytics and measurement |
| Google Mobile Ads SDK / AdMob | Native ads, ad delivery, ad measurement, advertising monetization |
| Google User Messaging Platform SDK | Advertising consent and privacy-choice forms |
| Pangle AdMob mediation or bidding | Conditional or planned ad mediation partner for native ads |
| PubMatic / authorized seller relationships | Conditional or planned advertising supply or app-ads.txt-related partner |
| Cloudflare Pages / Cloudflare infrastructure | Hosting and delivery of public legal pages, CDN, security |
| OCI server hosting | Production backend API hosting |
| AWS RDS MySQL | Backend database storage |
Each third-party service may process information according to its own terms, privacy policy, and platform settings. We are responsible for configuring our use of these services and for describing our data practices accurately.
9. International Processing and Cross-Border Transfers
Maybe Tomorrow may process personal information in countries other than your country of residence. Our providers and infrastructure may be located in or access data from the United States, Korea, Japan, Singapore, the European Union, and other countries, depending on the provider and configuration.
Where Korea’s Personal Information Protection Act or similar cross-border transfer rules apply, this table summarizes the main overseas processing and entrustment relationships for Maybe Tomorrow. Provider processing locations may vary according to their infrastructure and terms:
| Recipient / processor | Country or region | Purpose | Data items | Retention / processing period |
|---|---|---|---|---|
| Google / Firebase | United States and other countries where Google processes data | Authentication, analytics, ads, consent management | Account identifiers, email if provided, app/device information, analytics events, ad and consent data | As needed to provide services; per configured retention and Google terms |
| Apple | United States and other countries where Apple processes data | Sign in with Apple | Apple account identifier, email relay or email address if provided, name if provided, authentication data | As needed for sign-in and account management |
| OCI | Cloud region configured for backend API operations | Backend API hosting | Account data, synced app data, technical logs | While account is active and per retention schedule |
| AWS RDS MySQL | AWS region configured for the production database | Backend database storage | Account data, synced productivity data, sync metadata | While account is active and per retention schedule |
| Cloudflare | Global network | Public page hosting, CDN, security | Website request logs, IP addresses, device/browser metadata | Per Cloudflare configuration and security-log retention |
| Pangle, if enabled | Countries where Pangle processes advertising data under its terms | Ad mediation/bidding and ad measurement | Ad-request data, device identifiers, advertising ID if permitted, approximate location, diagnostics, performance data, consent signals | Per advertising configuration and partner terms |
| PubMatic, if enabled | Countries where PubMatic processes advertising data under its terms | Advertising supply, bidding, app-ads.txt authorized seller operations | Ad-request data and related advertising signals if enabled | Per advertising configuration and partner terms |
Where required, we use appropriate safeguards such as contracts, data processing terms, technical and organizational measures, and transfer mechanisms recognized by applicable law.
10. Retention
We keep personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Our intended retention practices are:
| Data | Retention |
|---|---|
| Guest local data | Stored on your device until you delete the data in the App, delete the App, erase device data, or sign in and promote the data to a synced account |
| Account information | Retained while your account remains active; deleted or anonymized after account deletion except where retention is required for legal, security, fraud-prevention, or dispute purposes |
| Synced productivity data | Retained while your account remains active; deleted or anonymized after account deletion according to our deletion workflow |
| Deleted-item sync metadata / tombstones | Retained for a limited period, such as up to 90 days, to support sync, conflict resolution, and deletion propagation |
| Backend logs and security logs | Retained for a limited period, such as up to 180 days, unless needed for security, abuse prevention, legal compliance, or investigation |
| Backups | Removed according to normal backup cycles, such as within 90 days, unless a longer period is required for legal or security purposes |
| Analytics and advertising data | Retained according to our Firebase, Google, AdMob, and partner configuration settings and applicable provider terms |
11. Account Deletion and Data Deletion
If you create an account, you can initiate deletion of your account in the App under Settings → Account → Delete Account or through the method described on our User Privacy Choices page. We may require reauthentication or confirmation to protect against accidental or unauthorized deletion.
When you delete your account, we will delete or anonymize your account record and associated personal data that we are not legally required or permitted to retain. This includes backend account records, synced productivity data, and related sync metadata, subject to backup cycles and lawful retention exceptions.
If you used Sign in with Apple, we will take steps required by Apple for account deletion, including revoking applicable Sign in with Apple tokens or authorizations using Apple’s server-side process where required and technically available.
If you use guest mode only and no server account has been created, you can delete local data by using the App’s local reset/delete controls, deleting the App, or deleting app data from your device. If we implement automatic guest accounts in the future, those accounts will also include an account-deletion option.
12. Your Privacy Choices and Rights
Depending on your location and applicable law, you may have rights to:
- Access or receive a copy of personal information we hold about you.
- Correct inaccurate personal information.
- Delete personal information or your account.
- Object to or restrict certain processing.
- Withdraw consent where processing is based on consent.
- Request data portability where required.
- Opt out of sale, sharing, or targeted advertising where applicable.
- Limit use or disclosure of sensitive personal information where applicable, although Maybe Tomorrow is not currently designed to collect sensitive personal information such as precise location, health data, biometric data, or government identifiers.
- Appeal a privacy-rights decision where applicable.
- File a complaint with a data protection authority, consumer protection authority, or privacy regulator.
For U.S. state privacy laws, including California-style rights, we do not sell personal information for money. However, our use of advertising SDKs for personalized or cross-context behavioral advertising may be considered “sharing” or “targeted advertising.” You can opt out using the controls described on our User Privacy Choices page.
For EEA/UK users, you may exercise GDPR or UK GDPR rights, including access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.
For Korean users, you may request access, correction, deletion, suspension of processing, and other rights available under Korea’s Personal Information Protection Act, subject to applicable exceptions.
To exercise rights, visit our User Privacy Choices page or contact us at [email protected]. We may need to verify your identity before fulfilling certain requests.
13. Children
Maybe Tomorrow is not intended for children under 14. We do not knowingly collect personal information from children under 14 without appropriate guardian consent. If you believe a child under 14 has provided personal information to us without required consent, contact us at [email protected] and we will take appropriate steps to delete or handle the information according to applicable law.
14. Security
We use reasonable technical and organizational measures designed to protect personal information. These measures may include HTTPS for API communications, Firebase ID token verification, access controls, backend authentication, database access restrictions, infrastructure security controls, monitoring, and administrative safeguards.
No method of transmission or storage is completely secure. You are responsible for protecting access to your device and your Apple or Google account.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the App, our website, App Store update notes, or another appropriate method. The “Last Updated” date shows when this Privacy Policy was last revised.
16. Contact Us
For privacy questions, requests, complaints, or appeals, contact:
Jay Jung
Email: [email protected]
Operator location: Republic of Korea
User Privacy Choices page: https://trendswhat.com/maybe-tomorrow/privacy-choices/