Privacy Policy
OnLock ("we", "our", "the app") is built and operated by Starise. This Privacy Policy explains what information we collect when you use the OnLock mobile app, how we use it, and your rights regarding that information.
1. Information We Collect
Account information. When you sign up we collect your email address, a username you choose, and an optional display name. Authentication is handled by Firebase.
App usage data. To help us understand how OnLock is used, we collect anonymous usage events (which screens you view, which features you use, taps, errors) through PostHog. This data is associated with your user ID once you sign in.
Subscription and purchase data. When you subscribe to OnLock Pro, your purchase is processed by Apple. We use RevenueCat to manage entitlements and verify subscription status. RevenueCat receives a hashed device identifier and your purchase receipt. We do not collect or store your payment card details — those stay with Apple.
Device and technical data. We collect device model, operating system version, app version, language, region, and timezone. This helps us debug issues and localize prices.
Productivity content you create. Sessions, tasks, habits, journal entries, exam dates, and partner-share data are stored on our servers (Cloudflare Workers + Neon Postgres) so they sync across your devices.
Screen time selections. The apps and categories you choose to block are stored locally on your device using Apple's Family Controls framework. We never see which specific apps you have selected — Apple's privacy design prevents this. We only see counts (e.g. "3 apps, 1 category blocked").
2. How We Use Your Information
- To provide and operate the OnLock features you signed up for
- To sync your data across your devices
- To send local push notifications (reminders, session prompts) — these are scheduled on-device and require your permission
- To improve the app via aggregated usage analytics
- To process subscription payments and verify Pro entitlement
- To communicate with you about your account, subscription, or important updates
3. Third-Party Services
We share data with the following providers strictly to operate the app:
- Apple Inc. — App Store, StoreKit (payments), Family Controls (on-device blocking), push notifications
- RevenueCat — subscription management and receipt validation
- Firebase (Google) — user authentication
- PostHog — product analytics
- Cloudflare — API hosting and edge networking
- Neon — PostgreSQL database hosting
We do not sell your personal data, and we do not share it with advertising networks.
4. Data Retention
We retain your account data for as long as your account exists. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain it (e.g. transaction records for tax purposes).
5. Your Rights
You may, at any time:
- Access the personal data we hold about you by emailing the address below
- Correct inaccurate data through the in-app profile screen
- Delete your account from the in-app settings, or by emailing us
- Export your data in a portable format upon request
- Withdraw consent for analytics by uninstalling the app
If you are in the EU/UK, you have additional rights under GDPR including the right to object to processing and to lodge a complaint with your data protection authority.
If you are in California, you have rights under the CCPA including the right to know what personal information is collected and the right to request deletion.
6. Children's Privacy
OnLock is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us and we will delete it.
7. Security
We protect your data using TLS encryption in transit, hashed passwords (bcrypt), JWT authentication, and secure key storage on-device. No system is perfectly secure; we encourage you to use a strong, unique password.
8. International Transfers
Your data may be processed in countries other than your own (primarily the United States and the European Union, depending on the edge region serving your request). Where required by law, we rely on Standard Contractual Clauses or equivalent safeguards.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will revise the "Effective" date at the top of this page when we do, and where changes are material we will notify you in-app or by email.
10. Contact
Questions, requests, or concerns about this Privacy Policy? Email us at dev@starise.ca.