LastList icon
LastList™
The last list you'll ever need
Home Features How it works Partners
Open LastList

Privacy Policy

Last Updated: March 17, 2026

© 2026 Boston304 LLC doing business as Braatz Innovations
All Rights Reserved.
Patent Pending — U.S. Provisional Application No. 63/996,413

Privacy Policy

This Privacy Policy explains how LastList ("the App") and the LastList website at lastlistapp.com (the "Site") handle information. LastList is developed and owned by Boston304 LLC doing business as Braatz Innovations ("we", "our", "us").

1. Our Privacy Approach

LastList is designed with a privacy-focused, data-minimization approach. Your lists are stored locally on your device by default. You may sign in with Google to link your account and enable Cloud Sync for backing up data across devices. Your personal information is never sold or shared.

2. Information We Collect

When you use LastList, we collect:

  • Item text and location data sent to our servers for product search and store discovery

If you sign in with Google, we also receive:

  • Your Google display name, email address, and profile photo (via Google OAuth 2.0)
  • A Google account identifier used to link your account

We do not receive or store your Google password, contacts, calendar, or any other Google data beyond your basic profile.

The App does not collect or store on our servers:

  • Payment or financial data
  • Precise GPS coordinates (we use ZIP code for store discovery)
  • Browsing history or tracking cookies

3. Data Storage

The following data is stored locally on your device using browser local storage:

  • Lists and items you create
  • Product selections and preferences
  • Your ZIP code (for finding nearby stores)
  • UI preferences (dark mode, etc.)
  • Cached store and product data (to reduce API calls)
  • Smart Habits data (if you opt in — see below)

The following data may be stored on our servers:

  • Beta account credentials (email and hashed password)
  • Google profile information (display name, email, profile photo) if you sign in with Google
  • Cloud Sync data (if you opt in — see Section 4a below)
  • Shared lists (when you use the share feature, lists are stored on our servers so recipients can access them — this includes shopping lists, wishlists, and inventory lists)
  • Shared list participant data (your display name, device identifier, participant role, and join status when you participate in a shared list)
  • Lightweight product metadata on shared lists (product name, UPC, brand, image URL, price, retailer, and size — heavy metadata like descriptions and ingredients are not synced)
  • Anonymized search term cache (to improve product matching — no personally identifiable information)
  • Anonymized failed search logs (item text and category when no retailer returns results, used to improve product coverage, auto-deleted after 30 days, no user identity stored)
  • Checkout event logs (retailer name, fulfillment type, checkout URL, item labels, and browser user-agent string, used for aggregate analytics — no IP address or identity is stored)

Clearing your browser data permanently removes all local data. Use Cloud Sync to back up your data before clearing.

4. Smart Habits (Optional Personalization)

LastList includes an optional Smart Habits feature that learns your preferences to provide better store and product recommendations. This feature is entirely opt-in.

How it works:

  • If you enable Smart Habits, the App tracks patterns like frequently visited stores and preferred products
  • This data is stored locally on your device
  • When you plan a shopping trip, anonymized preference hints may be sent to our planning API to improve recommendations
  • No personally identifiable information is transmitted
  • You can disable Smart Habits at any time in Settings, which stops all preference tracking
  • You can clear all stored habit data at any time in Settings

Your control: Smart Habits is off by default. You will be prompted to opt in after completing your first shopping trip. You can change this setting at any time.

4a. Cloud Sync (Optional)

LastList offers an optional Cloud Sync feature that lets you back up your lists and preferences to our servers. This feature requires signing in with Google and is entirely opt-in.

How it works:

  • You must sign in with Google to enable Cloud Sync
  • Cloud Sync is manual — you choose when to push data to the cloud or pull it to a new device
  • Data synced includes: your lists, shopping habits, preferred stores, preferred products, user preferences, and display name
  • Synced data is stored on our servers and associated with your Google account
  • Data is protected by your authentication token and is not accessible to other users
  • A size limit (5 MB) is enforced on synced data
  • You can stop using Cloud Sync at any time — your local data remains on your device

Google OAuth: When you sign in with Google, we use Google OAuth 2.0 to authenticate you. We request only your basic profile information (name, email, photo). We do not access your Google Drive, Gmail, contacts, or any other Google services. You can revoke LastList's access at any time in your Google Account settings.

5. Location Data

To find stores near you, LastList uses your ZIP code. You can enter this manually or allow the App to detect it from your device's location (with your permission). We do not store or transmit precise GPS coordinates. Your ZIP code is stored locally and used only for store discovery.

6. Third-Party Services (App)

LastList integrates with third-party services to provide product data and store information. Here's how we handle each:

Retailer Product APIs

We retrieve publicly available product information (titles, images, prices, availability, UPCs) from official retailer APIs including Walmart, Kroger, Best Buy, and others as integrations are added. These requests include product search terms and store location.

Google Places API

We use Google Places to discover nearby stores based on your ZIP code. This service receives only general location data (ZIP/city level), not precise coordinates or personal information.

Third-Party Delivery Services

For stores without direct integrations, LastList may indicate availability through third-party delivery services like Instacart. If you choose to order through these services, you will be redirected to their platform, which is governed by their own privacy policies.

Error Monitoring (Sentry)

We use Sentry (by Functional Software, Inc.) to automatically capture and report application errors and crashes. When an error occurs, Sentry receives technical information including the error message, stack trace, and the API endpoint involved. We do not send request body content, search terms, or user identifiers to Sentry. Sentry's privacy policy is available at sentry.io/privacy.

Samsung SmartThings (Optional)

LastList offers an optional integration with Samsung SmartThings that links your inventory lists to contactSensor devices (refrigerators, pantry doors, cabinets, etc.). This integration is entirely opt-in and requires you to install the LastList SmartApp through the SmartThings mobile app.

When you connect a SmartThings device, the following data is stored on our servers:

  • SmartThings installed app ID: A unique identifier assigned by SmartThings when you install the SmartApp. Used to route events back to your account.
  • Subscribed device IDs: The SmartThings device IDs of the sensors you selected during setup.
  • SmartThings auth token: A token provided by SmartThings at install time, used to manage device subscriptions. Stored securely and never shared.
  • Connection name: An optional friendly name you assign (e.g., "Kitchen Fridge"). Stored on our servers and synced to your device.
  • Your LastList Device ID: Used to route door-open events to the correct device. This is an anonymous identifier, not linked to your name or email.

Door-open events sent by SmartThings are received and used solely to trigger a notification reminding you to check the linked inventory list. Event data (device ID, timestamp, sensor state) is processed in memory and not stored beyond the request.

You can remove a SmartThings connection at any time from Settings. Connection data is also automatically removed if you uninstall the LastList SmartApp from SmartThings. We do not access any other SmartThings data — only the contactSensor events from devices you explicitly select during setup.

7. Website Data Collection

The LastList website (lastlistapp.com) may collect limited information:

  • Early Access Forms: If you submit your email for early access, we use it only to send product updates or invitations. You can request deletion at any time.
  • Affiliate Attribution: We may use affiliate tracking (e.g., Impact) to measure referrals from retailer links. This helps support development. We do not sell personal data.
  • Analytics: We may use privacy-respecting analytics to understand general usage patterns. No personally identifiable information is collected.

8. List Sharing & Collaboration

LastList allows you to share lists with others. When you share a list, the following applies:

  • Shopping & Wishlist Sharing: Recipients can view, claim, and interact with shared items. The list creator controls permissions.
  • Inventory List Sharing: Shared inventory lists allow all approved participants to add, edit, delete, and check off items. Changes sync across all participants' devices in real time.
  • Participant Data: When you join a shared list, your display name, device identifier, and role (manager or member) are stored on our servers and visible to other participants.
  • Manager Approval: For inventory lists, new participants must be approved by a list manager before gaining access. Previously approved participants are remembered and can rejoin automatically.
  • Leaving a Shared List: You can leave a shared list at any time. Your participant record is updated to "left" status. The shared list continues for other participants.
  • Automatic Purge: When all participants leave a shared list, the server-side data is automatically deleted after 7 days.

9. Data Retention

  • Local App Data: Stored on your device until you clear it.
  • Account Data: If you sign in with Google, your account information is retained until you request deletion or unlink your account.
  • Google Profile: If you sign in with Google, your display name, email, and profile photo are retained on our servers as long as your account exists. You can request deletion at any time.
  • Cloud Sync Data: Synced lists and preferences are stored on our servers until you request deletion. Data is associated with your Google-linked account.
  • Shared Lists: Stored on our servers while active participants remain. When all participants leave, shared list data is automatically purged after 7 days.
  • Shared List Participant Records: Your name, device identifier, and role are retained while the shared list exists. These are removed when the list is purged.
  • Search Cache: Anonymized search term mappings retained to improve product matching. These contain no personally identifiable information.
  • Failed Search Logs: Anonymized records of zero-result searches are automatically deleted after 30 days. These contain only the search term and product category — no user identity or IP address.
  • API Logs: Minimal server logs may be retained for up to 30 days for debugging purposes.

10. Security

We use industry-standard measures to protect your data:

  • HTTPS/TLS: All data transmitted between your device and our servers is encrypted in transit.
  • Encrypted databases: Server-side data (shared lists, Cloud Sync data) is stored in encrypted databases.
  • Secure tokens: Authentication uses secure tokens stored in your browser's local storage and not accessible to third-party scripts.
  • Limitations: No system is completely secure. We cannot guarantee that unauthorized access will never occur. If you believe your account has been compromised, contact us immediately at privacy@lastlistapp.com.

11. Anonymized & Aggregated Data

We may collect and use anonymized, aggregated usage trend data (e.g., popular product categories, common search terms) to improve the App and for business purposes. This data cannot be used to identify you personally. Your personal information — such as your email, name, or individual lists — is never sold or shared with third parties.

12. Your Rights

You have the right to:

  • Access all data stored locally (it's on your device)
  • Delete all local data at any time via Settings
  • Opt out of Smart Habits personalization
  • Opt out of Cloud Sync at any time
  • Request deletion of your cloud-synced data
  • Revoke Google sign-in access via your Google Account settings
  • Leave any shared list at any time
  • Request deletion of your account and any associated data
  • Request deletion of any shared lists stored on our servers
  • Contact us with privacy questions or concerns

13. Children's Privacy

LastList is not directed at children under 13. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or for legal reasons. Updates take effect immediately after posting. We encourage you to review this page periodically.

15. Contact Us

For privacy questions, data deletion requests, or concerns:

Boston304 LLC — Privacy & Compliance
Attn: Joshua Braatz
Email: privacy@lastlistapp.com

For general inquiries: contact@lastlistapp.com
For partnership inquiries: partners@lastlistapp.com