Privacy Policy

Last updated: April 17, 2026

The short version: lockin. is local-first. Camera-based exercise verification stays on your device, and we use limited backend services only for subscriptions, connected-workout delivery, and support operations.

lockin. ("we", "us", or "our") operates the lockin. mobile application (the "App"). This Privacy Policy explains what information we collect, how we use it, how we protect it, and what choices you have.

By using the App, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the App.

1. Information we collect

Information you provide

Onboarding preferences — During setup, you answer a personalization quiz (daily screen time estimate, problem app categories, exercise preferences, reduction goals). This data is used to build your plan and is stored on your device.
Blocked-app selections — The app categories and apps you choose to block. These selections are processed through Apple's Screen Time API and are opaque to us — we never see the names or identifiers of individual apps.

Information collected automatically

Activity and progress data — Exercise completions, earned minutes, streak counts, daily goals, time-bank balances, and milestone achievements needed to operate the service.
Purchase and entitlement data — Subscription status, transaction identifiers, and app user identifiers needed to unlock paid features and restore purchases. Billing is handled entirely by Apple; we do not process payment card details.
Notification delivery data — If you connect supported workout integrations, we may store an installation identifier and APNs device token so workout webhooks can wake the app with silent push in the background.

Information from optional integrations

The following data is collected only if you explicitly connect the integration. You can disconnect at any time from the App's settings.

Apple Health — Step counts and workout summaries (duration, type) so your daily movement can earn screen time. This data is read locally via HealthKit.
WHOOP — Workout summaries (duration, sport type) and basic profile information needed to show your connected account. OAuth tokens are stored in the device Keychain on your device. If you connect WHOOP, lockin. may also store the provider user ID, an installation identifier, and your device token in backend infrastructure so webhook events can trigger background sync.
Strava — Activity summaries (duration, sport type, name) retrieved through the Strava API. OAuth tokens are stored in the device Keychain on your device. If you connect Strava, lockin. may also store the provider athlete ID, an installation identifier, and your device token in backend infrastructure so webhook events can trigger background sync.

Camera and on-device processing

The App uses your device camera and Apple's Vision framework to detect body pose during exercise verification. All processing happens entirely on your device. No images, video frames, or pose data are recorded, stored, uploaded, or transmitted. The camera feed is analyzed in real time and immediately discarded.

2. Information we do not collect

We never see which apps you have installed or use. Apple's Screen Time API is privacy-preserving — app selections are opaque tokens that we cannot read.
We never store camera footage or pose data.
We never collect your location.
We never collect device advertising identifiers (IDFA) or use device fingerprinting.
We never use third-party advertising or tracking SDKs.
We never sell, rent, or share your personal data with third parties for their marketing purposes.

3. How we use your information

We use your data solely to provide, maintain, and improve the lockin. service:

Tracking earned screen time and managing your daily time bank
Syncing workouts from connected fitness services
Enforcing app-blocking schedules via Apple's Screen Time API
Managing your subscription and restoring purchases
Personalizing your plan based on onboarding preferences
Displaying progress, streaks, milestones, and widgets
Sending local notifications (streak reminders, earned-time alerts)
Powering lock-screen widgets and Live Activities

4. Data storage and security

On-device storage

Most app data is stored locally on your device within an encrypted App Group container protected by iOS Data Protection. Limited service data may also be processed by our backend vendors to support subscriptions, connected-workout webhooks, device-token delivery, and support operations.

Keychain

OAuth tokens for connected services (WHOOP, Strava) are stored in the iOS Keychain, which is hardware-encrypted and inaccessible to other apps. Tokens are cleared when you disconnect an integration or remove the App.

Background sync

If you have connected fitness sources, the App may periodically refresh workout data in the background using iOS Background App Refresh. This syncs directly between your device and the connected fitness service. You can disable background refresh in iOS Settings.

5. Third-party services

We use a limited number of third-party services to operate the App. Each receives only the minimum data necessary:

RevenueCat — Subscription management. RevenueCat receives an app user identifier and transaction data to manage entitlements. See RevenueCat's privacy policy.
Supabase — Backend infrastructure used for OAuth relay flows, webhook mapping, device-token storage, and connected-workout delivery.
Apple — Screen Time API (FamilyControls / ManagedSettings / DeviceActivity), HealthKit, App Store billing, local notifications, and APNs push infrastructure.
WHOOP — Workout data sync, only if you connect it. See WHOOP's privacy policy.
Strava — Activity data sync, only if you connect it. See Strava's privacy policy.

We do not use advertising networks or cross-app tracking services.

6. Data retention

While you use the App: Most app data remains on your device for as long as the App is installed.
App deletion or in-app deletion: Removing the app or using the in-app delete flow clears local app data on the device, including blocked-app configuration, notification preferences, and the local installation identifier. We also attempt to remove stored device-token and webhook-mapping records that support connected-workout delivery.
Third-party data: Purchase, billing, infrastructure, and provider records managed by Apple, RevenueCat, Supabase, WHOOP, or Strava remain subject to their respective retention policies.

7. Your rights and choices

Access: You can view all your data within the App (Dashboard, Progress, and Settings screens).
Deletion: You can delete your local data from within the app or by removing the app from your device.
Disconnect integrations: You can disconnect WHOOP, Strava, or Apple Health at any time. Disconnecting revokes access and deletes stored tokens.
Notifications: You can disable notifications in iOS Settings at any time.
Background refresh: You can disable background app refresh in iOS Settings → General → Background App Refresh.

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with applicable data protection laws, you may also have the right to request correction of inaccurate data, restriction of processing, or to lodge a complaint with your local data protection authority. Contact us to exercise these rights.

8. Children's privacy

lockin. is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

9. International data transfers

Some service providers we use may process data outside your jurisdiction, including the United States and other countries where Apple, RevenueCat, Supabase, WHOOP, or Strava operate. Please refer to their privacy policies for details.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, where appropriate, notify you through the App. Your continued use of the App after changes take effect constitutes acceptance of the revised policy.

11. Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, email us at hello@lockin.lifestyle.