Privacy Policy

Effective May 24, 2026

OnLock ("we", "our", "the app") is built and operated by Starise. This Privacy Policy explains what information we collect when you use the OnLock mobile app, how we use it, and your rights regarding that information.

1. Information We Collect

Account information. When you sign up we collect your email address, a username you choose, and an optional display name. Authentication is handled by Firebase.

App usage data. To help us understand how OnLock is used, we collect anonymous usage events (which screens you view, which features you use, taps, errors) through PostHog. This data is associated with your user ID once you sign in.

Subscription and purchase data. When you subscribe to OnLock Pro, your purchase is processed by Apple. We use RevenueCat to manage entitlements and verify subscription status. RevenueCat receives a hashed device identifier and your purchase receipt. We do not collect or store your payment card details — those stay with Apple.

Device and technical data. We collect device model, operating system version, app version, language, region, and timezone. This helps us debug issues and localize prices.

Productivity content you create. Sessions, tasks, habits, journal entries, exam dates, and partner-share data are stored on our servers (Cloudflare Workers + Neon Postgres) so they sync across your devices.

Screen time selections. The apps and categories you choose to block are stored locally on your device using Apple's Family Controls framework. We never see which specific apps you have selected — Apple's privacy design prevents this. We only see counts (e.g. "3 apps, 1 category blocked").

2. How We Use Your Information

3. Third-Party Services

We share data with the following providers strictly to operate the app:

We do not sell your personal data, and we do not share it with advertising networks.

4. Data Retention

We retain your account data for as long as your account exists. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain it (e.g. transaction records for tax purposes).

5. Your Rights

You may, at any time:

If you are in the EU/UK, you have additional rights under GDPR including the right to object to processing and to lodge a complaint with your data protection authority.

If you are in California, you have rights under the CCPA including the right to know what personal information is collected and the right to request deletion.

6. Children's Privacy

OnLock is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us and we will delete it.

7. Security

We protect your data using TLS encryption in transit, hashed passwords (bcrypt), JWT authentication, and secure key storage on-device. No system is perfectly secure; we encourage you to use a strong, unique password.

8. International Transfers

Your data may be processed in countries other than your own (primarily the United States and the European Union, depending on the edge region serving your request). Where required by law, we rely on Standard Contractual Clauses or equivalent safeguards.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will revise the "Effective" date at the top of this page when we do, and where changes are material we will notify you in-app or by email.

10. Contact

Questions, requests, or concerns about this Privacy Policy? Email us at dev@starise.ca.