Privacy Policy

StoicLock (“we,” “our,” or “us”) is a screen time management and Stoic philosophy app designed to help you reclaim your attention, build discipline, and live intentionally. This Privacy Policy explains how we collect, use, store, and protect your information when you use StoicLock (the “App”).

By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please do not use the App.

This Privacy Policy is part of and subject to our Terms of Service. Please read both documents carefully before using StoicLock.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address — required for account creation and authentication
• Name — optionally provided during onboarding for personalization
• Profile photo URL — if you sign in with Apple or Google, your profile photo URL may be provided by the auth provider and stored with your account
• Profile avatar image — if you choose to take a photo with the camera or select one from your photo library for your profile avatar, we upload that selected image to storage and associate the resulting avatar URL with your account
• Authentication credentials — managed securely via our authentication provider (Supabase Auth) or third-party sign-in providers (Apple, Google)

1.2 Profile & Onboarding Data

During onboarding, we collect:

• Stoic Archetype quiz answers — your responses to three personality questions used to determine your philosophical archetype (Sage, Soldier, or Emperor)
• Archetype result — your derived Stoic archetype, used to personalize the app experience
• Preferred blocking schedule — your selected schedule preset (Morning Stoic, Deep Work, Evening Discipline, or Sentinel)
• Date of birth — optionally provided, used exclusively for the Memento Mori (mortality awareness) feature to calculate and display a life-weeks visualization. This is NOT used for advertising, age-based targeting, or shared with any third party
• Life expectancy setting — a user-adjustable number (50–120) used alongside date of birth for the Memento Mori visualization
• Obstacle and emotional mapping responses — responses to onboarding questions about personal challenges and emotional patterns, used to personalize your experience
• Daily screen time self-report — your self-reported daily screen time usage (in hours), used to show you how much time you could reclaim
• Discipline baseline — your self-assessed frequency of phone discipline, used to personalize coaching
• Stoic Oath commitments — which oath items you affirmed during onboarding
• Life milestone events — optionally created named life events (e.g., birthdays, milestones) with dates, displayed on your Memento Mori life grid. These may contain personal information you choose to enter

1.3 Journal & Reflection Data

When you use journaling features, we collect:

• Journal entries — morning, evening, and quick journal text entries including reflections, challenges, and lessons
• Gratitude entries — up to three gratitude items per entry
• Mood scores — a numeric self-assessment (1–10 scale)
• Virtue ratings — self-ratings on four Stoic virtues (wisdom, justice, courage, temperance) on a 1–5 scale
• Favorites — you can mark journal entries and gratitude entries as favorites for quick access
• Voice journal recordings — audio recordings captured via the device microphone when you explicitly choose to record a voice memo. These are stored in a private, access-controlled storage bucket

1.4 Focus & Productivity Data

• Focus timer sessions — start/end times, mode (Pomodoro or Deep Focus), duration, rounds completed, and completion status
• Live Activity state — when using the Focus Timer, session state (timer, rounds, mode) is displayed via an iOS Live Activity on your Lock Screen and Dynamic Island. This data is processed entirely on-device and is not transmitted to any server
• Blocking schedules — your custom app-blocking schedule configurations
• Discipline events — records of when you chose to return from a blocked app, used to calculate your discipline streaks. These records may include the display name of the app you were blocked from, if available from the system
• Intervention journal — records of interventions you completed while a blocked app's shield was displayed, including the type and duration
• Blocking integrity events — system-level logs when Screen Time authorization status changes or break periods end

1.5 Gamification & Achievement Data

• Drachma (experience points) — a points system that tracks your engagement across journaling, focus sessions, discipline events, and other activities. A ledger of earned points is stored in your account
• Achievements — records of unlocked achievements and milestones
• Philosophy level — a level derived from your total accumulated Drachma

1.6 Notification Preferences

• Notification settings — your preferences for morning quotes, evening journal reminders, streak alerts, and milestone notifications

1.7 Subscription & Purchase Data

• Subscription status — whether you have an active premium subscription (annual, monthly, or lifetime)
• Purchase receipts — processed by Apple's App Store and RevenueCat (our subscription management provider); we do NOT directly collect or store your payment card information or Apple ID password

1.8 Automatically Collected Information

• Device identifiers — anonymous identifiers used by RevenueCat for subscription management
• App usage metadata — timestamps of account creation and data updates
• Authentication tokens — session tokens for maintaining your logged-in state, stored locally on your device

1.9 Information We Do NOT Collect

• We do NOT collect your location data
• We do NOT collect your contacts or address book
• We do NOT collect health or fitness data from HealthKit or other health frameworks
• We do NOT scan, index, or import your full photo library or camera roll. We only receive a photo if you explicitly choose one for your profile avatar or take one in-app for that purpose
• We do NOT collect browsing history
• We do NOT use device fingerprinting for tracking
• We do NOT use advertising identifiers (IDFA)
• We do NOT implement App Tracking Transparency because we do not track you across other apps or websites

2. Apple Screen Time API & FamilyControls Framework

StoicLock uses Apple's Screen Time API and FamilyControls framework to provide app-blocking functionality. This is a core feature of the App.

How We Use Screen Time

• App selection — You select which apps to block using Apple's FamilyActivityPicker, which presents your installed apps in a privacy-preserving way. We receive opaque app tokens from Apple — we cannot see the bundle identifiers of your apps through this picker
• Blocking schedules — We use the DeviceActivityMonitor framework to activate and deactivate blocking schedules at times you configure
• Shield UI — When a blocked app is accessed during a blocking period, Apple's ShieldConfiguration framework displays a custom intervention screen
• Discipline logging — When you interact with a shield screen (e.g., choosing to go back), we may record the display name of the blocked app alongside the discipline event in your account for use in your personal analytics. This data is stored in your private database record and is never shared with third parties
• Schedule and discipline sync — Your configured blocking schedules and discipline/intervention history may sync to your private StoicLock account so they can appear in your analytics and restore across app sessions
• Authorization — Screen Time access requires your explicit authorization via Apple's system prompt. You can revoke this authorization at any time in Settings > Screen Time

What Apple's Framework Guarantees

• App selection data (which apps you choose to block) is processed entirely on-device by Apple's framework
• App selection tokens are opaque and are not transmitted to our servers
• All blocking enforcement happens locally on your device through Apple's system-level frameworks

Required Entitlement

This app uses the com.apple.developer.family-controls entitlement, approved by Apple, to access the FamilyControls framework for individual (non-parental) screen time management.

3. How We Use Your Information

We use the information we collect to:

• Provide the App's core features — app blocking, journaling, focus timer, Memento Mori visualization, and Stoic philosophy content
• Personalize your experience — archetype-based content, schedule recommendations, and personalized onboarding
• Calculate analytics and insights — mood trends, virtue averages, discipline streaks, and focus statistics displayed in your personal analytics dashboard. All analytics are computed from your own data for your own use
• Manage your subscription — verify premium entitlements and process subscription status changes
• Send notifications — only the notification types you have explicitly enabled (morning quotes, journal reminders, streak alerts, milestones)
• Maintain account security — OTP verification, password reset, session management

We do NOT use your information to:

• Serve advertisements
• Build advertising profiles
• Sell to data brokers or any third parties
• Train machine learning models
• Conduct behavioral targeting across apps or websites

4. Data Storage & Security

4.1 Cloud Storage

Your data is stored on Supabase (supabase.com), a hosted PostgreSQL database platform. Supabase provides:

• Encryption in transit — all data transmitted via HTTPS/TLS
• Encryption at rest — database storage is encrypted
• Row-Level Security (RLS) — database policies ensure you can only access your own data
• Profile avatar storage — profile avatar images are stored in Supabase storage and associated with your account so they can display in the app
• Private storage buckets — voice memo audio files are stored in access-controlled buckets with RLS policies; only you can upload, read, or delete your own audio files

4.2 Local Device Storage

Certain data is cached locally on your device using React Native AsyncStorage for performance and offline access:

• Authentication state and session tokens
• App preferences (dark mode, language preference, onboarding completion)
• Onboarding progress (quiz answers, archetype, obstacles, emotional state, discipline baseline, oath state)
• Focus timer state (current session, rounds, configuration, daily stats)
• Recent intervention selections and configuration
• Favorited Stoic quote IDs
• Memento Mori settings (life expectancy, life events)
• Notification preferences

Local storage on iOS is protected by iOS's native Data Protection (encrypted when device is locked). In-memory caching is also used for API response performance; this data is not persisted and is cleared when the app is closed.

4.3 App Groups (On-Device Sharing)

We use an iOS App Group (group.com.stoiclock.app) to share limited data between the main app and its extensions (widget, blocking extensions). Data shared via App Groups:

• Date of birth (for the Lock Screen widget's Memento Mori display)
• Blocking configuration (for the Shield and DeviceActivity extensions)

This data never leaves your device.

5. Third-Party Services

We use the following third-party services. Each has its own privacy policy:

5.1 Supabase (Backend & Authentication)

• Purpose: Database, authentication, file storage
• Data shared: Account information, profile data, avatar images, journal entries, voice memos, blocking schedules, and discipline/intervention history
• Privacy Policy: supabase.com/privacy

5.2 RevenueCat (Subscription Management)

• Purpose: Managing in-app subscriptions and purchase verification
• Data shared: Anonymous user identifier, subscription status, purchase receipts
• RevenueCat does NOT receive your journal entries, profile data, quiz answers, or any personal content
• Privacy Policy: revenuecat.com/privacy

5.3 Apple Sign-In

• Purpose: Optional authentication method
• Data shared: Apple provides us your name (if you allow) and a relay email address (if you choose “Hide My Email”)
• Privacy Policy: apple.com/legal/privacy

5.4 Google Sign-In

• Purpose: Optional authentication method
• Data shared: Google provides us your name and email address upon successful authentication
• Privacy Policy: policies.google.com/privacy

5.5 Apple App Store

• Purpose: App distribution and payment processing
• Apple processes all payments; we do not receive your payment details
• Privacy Policy: apple.com/legal/privacy

Third-Party Services We Do NOT Use

• No third-party analytics SDKs (no Amplitude, Mixpanel, Firebase Analytics, Google Analytics)
• No crash reporting services (no Sentry, Crashlytics, Bugsnag)
• No advertising networks or demand-side platforms
• No social media SDKs (beyond authentication)
• No A/B testing platforms
• No customer data platforms

6. Data Retention

• Account data is retained for as long as your account is active
• Journal entries and personal content are retained until you delete them or delete your account
• Voice memos are retained until you delete them or delete your account
• Subscription data is retained as required for transaction records and compliance with Apple's requirements

Account Deletion

You may request complete deletion of your account and all associated data by contacting us at getstoiclock@gmail.com. We will process deletion requests within 30 days.

Upon account deletion, we will:

• Delete your profile, journal entries, gratitude entries, focus sessions, and all personal data from our database
• Delete all voice memo audio files from storage
• Remove your data from RevenueCat (subject to their retention policies for transaction records)

Account deletion is permanent and cannot be undone.

7. Your Rights & Choices

7.1 Access & Portability

You have the right to request a copy of all personal data we hold about you.

7.2 Correction

You can update your profile information directly within the App, or contact us to correct inaccurate data.

7.3 Deletion

You can delete individual journal entries within the App, or request full account deletion as described in Section 6.

7.4 Withdraw Consent

• Screen Time access: Revoke at any time via iOS Settings > Screen Time
• Notifications: Disable at any time via iOS Settings > StoicLock > Notifications
• Camera / Photos access: Revoke at any time via iOS Settings > StoicLock > Camera / Photos
• Microphone access: Revoke at any time via iOS Settings > StoicLock > Microphone
• Account: Delete your account at any time

7.5 Opt Out

Since we do not engage in tracking, advertising, or data sales, there is no tracking to opt out of. We do not participate in the Digital Advertising Alliance, and we do not honor “Do Not Track” browser signals because we do not track you in the first place.

8. Children's Privacy

StoicLock is not directed at children under 13. We do not knowingly collect personal information from children under 13. The FamilyControls framework is used for individual(self-directed) screen time management, not for parental controls over a child's device.

If we learn that we have collected personal information from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your data is processed and stored on servers operated by Supabase. These servers may be located outside your country of residence. By using the App, you consent to the transfer of your information to these servers. All transfers are protected by HTTPS/TLS encryption.

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws: we process your data based on your consent (account creation, Screen Time authorization) and contractual necessity(providing the App's features). You may have additional rights under GDPR or equivalent local laws, including the right to lodge a complaint with your local data protection authority.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Delete your personal information
• Non-discrimination for exercising your privacy rights

We do NOT:

• Sell your personal information
• Share your personal information for cross-context behavioral advertising
• Use sensitive personal information for purposes other than providing the App

11. Apple App Store Privacy Nutrition Labels

For transparency, here is how our data practices map to Apple's App Store privacy labels:

Data Used to Track You

None. We do not track you across apps or websites owned by other companies.

Data Linked to You

Data Not Linked to You

None in our current first-party app manifest — all first-party data we collect is linked to your account for functionality purposes.

Note: Apple may also display additional SDK-level declarations in App Store Connect, such as subscription-management identifiers required by bundled third-party SDKs.

Data Not Collected

12. Profile Photo, Camera, and Photo Library Usage

StoicLock may request access to the camera or photo library only when you explicitly choose to set or update your profile avatar. Specifically:

• The camera or photo library is accessed only after you choose that option from the profile avatar action sheet
• We do not browse, analyze, or import your full photo library
• We only receive the specific photo you select, or the photo you capture for your avatar
• The selected image is uploaded to storage and linked to your account so it can display as your avatar inside the app
• You can remove your avatar from within the app, or revoke camera/photos access in iOS Settings at any time

13. Microphone Usage

StoicLock requests microphone access only for the voice journal feature. Specifically:

• The microphone is activated only when you explicitly tap the record button in the journal interface
• Audio is recorded locally on your device, then uploaded to your private storage bucket
• Audio files are stored in a private Supabase storage bucket with Row-Level Security — only you can access your recordings
• We do NOT use the microphone for background listening, voice recognition, speech-to-text transcription, or any purpose other than recording your voice journal entries
• Audio file size is limited to 10MB per recording
• Supported formats: M4A (AAC audio)

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy within the App
• Updating the “Last Updated” date at the top of this document

Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: getstoiclock@gmail.com