Privacy Policy
This Privacy Policy describes how Affirmation Lock handles information based on the current product implementation. It supports App Store Connect privacy disclosures, Google Play Data safety, and an in-app or website privacy notice.
1. High-level principles
- No traditional accounts in V1: The app does not require you to sign up with an email or password. A device-local subscription profile identifier is generated on first use to tie subscription and optional server features together.
- Core state is local-first: Preferences, onboarding answers, selected apps to limit, affirmation text, journal cache, streak/journey data, and similar data are stored on your device (via encrypted-at-rest device storage used by the app).
- Some features use our servers: Optional AI-generated affirmations, subscription verification, and product analytics send limited data to services we operate or use as subprocessors (see below).
2. Data stored on your device
The app persists data locally so it can work offline and keep your routine private by default. Examples of what may be stored on-device include:
| Category | Examples (non-exhaustive) |
|---|---|
| Preferences | Language, affirmation tone/category, analytics-related preference flags |
| Onboarding & setup | Steps completed, answers you gave during onboarding |
| App limiting (your choices) | Apps or categories you chose to protect, schedule windows ("daily protections"), and related status from the OS |
| Affirmations | Current and cached affirmation text, timestamps |
| Sessions | Temporary unlock sessions (timing, which apps were included in the session where applicable) |
| Journey / streak | Journey start date, missed days, and related keys used for the streak view |
| Subscription profile | A randomly generated profile ID (not your name or email) used to sync subscription state with our backend and paywall tooling |
| Paywall / subscription UI state | e.g. last paywall shown, placement names, last sync errors (for support/debugging in-app) |
iOS: Limiting apps uses Apple's Screen Time / Family Controls APIs. Identifiers for selected applications are handled according to Apple's platform rules; the app does not need your messages, photos, or browsing history for this feature.
Android: Where the product uses accessibility or related services to detect foreground apps for gating, the app is designed to use that access only to enforce the limits you configure. It does not read your typing, messages, or private content for that purpose.
3. Data sent to our services and partners
3.1 Product analytics (PostHog)
When analytics is configured in the app build, we use PostHog to understand how the product is used (e.g. funnels and stability), not to sell your data. Typical metadata attached to analytics sessions may include: app name, platform (iOS/Android), and whether the build is development or production.
Events the app is built to record include, for example:
| Event (conceptual) | Example properties |
|---|---|
| Onboarding completed | Count of apps you chose to limit |
| App selection completed | Count of selected apps |
| Affirmation shown | Source (remote, cache, local), tone |
| Affirmation completed | Tone |
| Unlock session granted | Duration, count of apps in session |
| Paywall shown | Placement name, whether UI was presented |
| Accessibility disclosure (Android) | Platform marker |
We do not intend for analytics to collect the full text of your affirmations. PostHog processing is governed by PostHog's terms and privacy policy.
3.2 Paywall and subscription tooling (Superwall)
The app may integrate Superwall to show paywalls and experiments. Superwall is configured with a public API key and identifies the installation using the same subscription profile ID as other subscription features. Processing is subject to Superwall's privacy policy and data processing terms.
3.3 Subscription and entitlement backend (Google Firebase)
We use Firebase (Cloud Functions and Firestore) to verify and sync subscription state and to gate optional remote AI features. Data the client may send to our functions includes:
- Subscription profile ID
- Platform (
iosorandroid) - Store snapshot: subscription status, product identifier, transaction identifiers, expiry/grace dates
- Paywall placement name when syncing after a paywall flow
Server-side subscription records and webhook event metadata may be stored in Firestore. Firebase processing is subject to Google's Firebase terms and privacy documentation.
3.4 AI-generated affirmations (Firebase → model provider)
If remote generation is enabled and you are entitled, the app may POST a payload to our Cloud Function proxy containing: locale, tone, category, word limit, display names of apps you selected for limiting (used only as context in the prompt), and your subscription profile ID to confirm entitlement. The Cloud Function may call a third-party LLM API (e.g. OpenAI) to generate text. API keys stay on the server; the mobile app does not embed them. We do not use this flow to train third-party models on your data unless a future version explicitly says otherwise. When remote generation is unavailable, the app uses cached or locally bundled affirmations.
4. What we do not do
- No login wall with email/password in V1.
- No selling of personal information as a business model.
- No direct LLM calls from the phone for affirmation generation; requests go through our backend when enabled.
5. Legal bases and purposes
Where GDPR applies, typical bases include contract (providing the features you asked for), legitimate interests (fraud prevention, abuse protection, product improvement via analytics), and consent where required. Purposes include: operating the service, verifying purchases, generating optional affirmations, improving the product, and protecting users and systems.
6. Retention
- On-device data remains until you delete the app or clear app data.
- Server-side subscription and webhook records are retained as needed for accounting, disputes, and renewal processing.
- Analytics retention follows your PostHog project settings.
7. Security
We use industry-standard transport security (HTTPS) for all calls to our backend. You should keep your device OS updated and use device passcodes or biometrics as appropriate.
8. Your choices and rights
Depending on your region, you may have rights to access, correct, delete, or export personal data, or to object to certain processing. Because many identifiers are pseudonymous (profile ID), you may need to provide proof of purchase or device information to exercise rights related to subscription records.
Subscriptions: Cancel or manage through Apple App Store or Google Play subscription settings.
9. Children
The app is not directed at children under 13 (or under 16 where applicable). Do not use the service for child-directed use cases unless you implement age gates and comply with COPPA, GDPR-K, and store rules.
10. International transfers
If you use US-hosted vendors (PostHog US, Google Cloud, Superwall, OpenAI), data may be processed in the United States or other regions per those vendors' documentation. Standard Contractual Clauses or other mechanisms may be required for users in certain regions.
11. Changes
We will update this page when data practices change and update the "Last updated" date above. Continued use of the Service after changes means you accept the revised Policy. If you do not agree, stop using the App.
12. Contact
Questions about this Privacy Policy: hello@cincout.ca