Privacy Policy

Effective Date: April 7, 2026

Last Updated: April 17, 2026

Developer: Rotate LLC · Indianapolis, IN

Contact: privacy@lockpact.app

The Most Important Thing

LockPact cannot see which apps you block. Apple's Screen Time API uses opaque tokens. Your selected apps are stored entirely on your device and are never transmitted to our servers or any third party. This is enforced by Apple's API design — it is technically impossible for us to access this data.

Who We Are

Rotate LLC ("we," "us," "our") operates the LockPact iOS application. LockPact is a peer-to-peer screen time accountability app for adults. Two users voluntarily agree to hold each other's app locks using iOS Screen Time controls.

What We Collect

Information You Provide

  • Sign in with Apple: Your Apple-provided unique app-scoped identifier, and optionally your first name and a relay email address if you choose to share them during sign-in. We do not receive your Apple ID password.
  • Display name: A name you set in the app to identify yourself to your partner.

Information We Generate

  • User ID: A unique identifier assigned to your account.
  • Partnership metadata: When you form a partnership — who is connected (by user ID), when the partnership started, and when it ended.
  • Lock session metadata: When locks start and end, unlock request events (sent, approved, denied, cancelled), and streak data (consecutive accountability days).
  • Unlock request text: If you include a reason with your unlock request, that text is stored so your partner can read it.
  • Bypass events: If our app detects that you navigated around a lock via iOS Settings, we record the timestamp and notify your partner.
  • FCM push tokens: Device tokens used to deliver unlock requests and bypass alerts to your partner's device.

What We Do Not Collect

  • Which specific apps you have selected to block
  • Screen time usage statistics or app usage history
  • Location data
  • Contacts or address book
  • Photos or camera
  • Health or financial data
  • Browsing history or data from the apps you use
  • Advertising identifiers (we do not use ATT / IDFA outside of the ad networks below)

How We Use Your Data

  • Authenticate your account
  • Enable partner pairing and partnership features
  • Send push notifications for unlock requests, approvals, denials, and bypass alerts
  • Display lock status and lock history to your partner
  • Maintain streak and accountability records

Advertising

LockPact uses two advertising networks to display a brief rewarded video ad when you submit an unlock request or end a solo lock early: AppLovin MAX (primary) and Google AdMob (fallback). These networks may collect device identifiers for ad targeting and frequency capping. You can permanently remove these ads with a one-time Willpower Waiver in-app purchase ($9.99).

We do not sell your personal data to advertisers or any other third parties.

Data Storage and Security

Your data is stored in Google Firebase (Firestore and Firebase Authentication), hosted on Google Cloud infrastructure in the United States. Data is encrypted in transit and at rest. Lock operations are processed through server-side Cloud Functions — client apps cannot write lock session data directly.

Data Retention

  • Active accounts: Retained as long as your account exists.
  • Dissolved partnerships: Partnership and lock history retained for 90 days after dissolution, then permanently deleted.
  • Account deletion: All your data is permanently deleted within 30 days of account deletion.
  • FCM tokens: Automatically refreshed by iOS; old tokens expire and are removed.

Data Sharing

We share data only with:

  • Your partner: Your display name, lock status, lock events, bypass events, and unlock request text are visible to your paired partner within the app.
  • Google (Firebase): For authentication, database, and push notification infrastructure. Google acts as a data processor under our instructions.
  • AppLovin: For serving rewarded video ads. Subject to AppLovin's privacy policy.
  • Google AdMob: Fallback ad network. Collects device identifiers only.
  • Apple: Sign in with Apple authentication and push notification delivery via APNs.
  • Law enforcement: If required by valid legal process or to prevent imminent harm, to the extent legally permitted.

We do not sell your data.

Children (COPPA)

LockPact is designed for adults aged 18 and older. We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us with personal information, contact us immediately and we will delete it. LockPact uses Apple's .individual Screen Time authorization — it is not designed for parental monitoring of children.

Your Rights

  • Access: View all data in the app, or email us for a complete copy.
  • Correction: Update your display name in Settings at any time.
  • Deletion: Delete your account in Settings → Delete Account. All data is removed within 30 days.
  • Portability: Email privacy@lockpact.app to request your data in machine-readable format.
  • Opt out of push notifications: Disable in iOS Settings → Notifications → LockPact. Core features still work without notifications.

California Residents (CCPA)

California residents have the right to know what personal information we collect, the right to delete it, and the right not to be discriminated against for exercising these rights. We do not sell personal information as defined by CCPA. To submit a CCPA request, email privacy@lockpact.app.

European Economic Area Residents (GDPR)

If you are in the EEA, your data is processed under these legal bases:

  • Contract performance: Operating your account and partnerships you initiate
  • Legitimate interests: Security, fraud prevention, service improvement
  • Consent: Push notifications (withdraw at any time in iOS Settings)

Google Firebase operates under EU Standard Contractual Clauses. You may lodge a complaint with your local supervisory authority. For GDPR requests, email privacy@lockpact.app.

In-App Purchases

All in-app purchases (Tip Jar, Willpower Waiver) are processed by Apple via StoreKit. We do not handle payment card data. Apple's App Store Terms and Privacy Policy govern these transactions.

Changes to This Policy

We will post updates at lockpact.app/privacy and update the "Last Updated" date. Material changes will be communicated via an in-app notice.

Contact

Email: privacy@lockpact.app
Website: lockpact.app
Rotate LLC · Indianapolis, IN