L LockIn

Effective June 6, 2026

Privacy Policy

LockIn is developed by Sebastian Thorp. This policy explains how LockIn handles information when you use the app, account features, app-blocking features, proof features, notifications, subscriptions, and related services.

Contact: sebastian@rework.no.

Overview

LockIn helps you choose distracting apps, set a daily allowance or LockIn schedule, prove that you started focused work, and review whether your phone got quieter.

Some information stays on your device. Some information is sent to our backend or service providers when needed for accounts, syncing, subscriptions, proof verification, notifications, app usage insights, or app-blocking features.

We do not sell your personal data. We do not use your data for third-party advertising. We do not track you across third-party apps or websites for advertising.

When LockIn asks for sensitive access that may not be obvious, such as Android Usage Access, installed-app information, foreground monitoring, camera proof, notifications, or similar platform permissions, the app should explain what will be accessed and why before that access begins. GPS/location proof is parked in the current release and is not requested unless it is re-enabled later with matching disclosures.

Information We Process

Account and profile data

If you create an account, we may process your email address, name or display name, authentication identifiers, avatar URL if provided, timezone, locale, profile preferences, and subscription or entitlement status.

LockIn setup data

To run your plan, we may process LockIn start and end times, scheduled days, schedule mode, daily app-use allowance, unlock-after-proof window, selected proof modes, selected apps, categories, or website domains to limit, local setup, settings, and reward-card state.

App selection, screen-time, and app-blocking data

On Android, if you grant Usage Access or related native permissions, LockIn may process installed-app information, app names, package names, app categories, app icons, selected locked apps, per-app usage totals, hourly usage buckets, same-period-last-week comparisons, and foreground app state needed to enforce an active LockIn session.

Installed-app information and app usage data can be sensitive. LockIn uses this information to let you choose apps to limit, show your screen-time progress, and help keep selected apps locked during active LockIn sessions. LockIn does not sell installed-app or usage data, and does not use it for third-party advertising or advertising analytics.

During an active Android LockIn session, LockIn may run a foreground service to notice when a selected app is opened and bring you back to the LockIn proof flow. This service is intended to run only for active lock windows and may show a persistent Android notification while it is running.

On iOS, LockIn uses Apple's Screen Time, Family Controls, Managed Settings, and Device Activity APIs where available. Apple may keep exact selected app and website names privacy-limited from LockIn. LockIn may process selection tokens, selection counts, aggregate selected-app usage milestones, shield state, and Device Activity state. LockIn does not claim exact per-app iOS usage rows unless a supported native reporting layer is implemented.

LockIn does not read the contents of other apps, your messages, your emails, your browser pages, or your private files.

LockIn session and stats data

When you run or complete a LockIn session, we may process session start and end time, session status, protected focus minutes, phone or app usage before or during the session where supported, proof mode used, completed days, missed days, streaks, protected focus time, screen-time trend, and app usage summaries.

Proof photos and proof metadata

Some proof modes may ask you to take a photo, such as a book photo, notes photo, desk setup photo, laptop/Mac proof, or outdoor reset photo. Proof media is designed to avoid long-term remote storage unless that is clearly enabled later.

The app may store a local file reference and proof metadata such as proof type, capture time, image dimensions, verification status, and confidence. Photo proof images are sent to a Supabase Edge Function and OpenAI to check whether they appear to match the selected proof mode.

Do not submit proof photos containing other people's private information, confidential documents, payment cards, government IDs, medical records, nudity, illegal content, or anything you do not want processed for proof verification.

Location proof data

GPS/location proof is not enabled in the current release, and the current release does not request location permission. If a location proof mode is enabled later and you grant location permission, LockIn may process location data only to verify that you are near the selected study or work location. The intended design is to minimize this data by storing rounded or approximate coordinates, accuracy, and capture time where possible, not continuous location history.

Notifications

If you enable reminders, LockIn may process notification preference state, scheduled reminder IDs, push notification tokens when configured, reminder timing, and delivery state.

Notifications are used for LockIn reminders, lock-session updates, proof prompts, subscription/account messages, or similar app functionality. They are not used for third-party advertising.

Purchases and subscriptions

If LockIn offers paid features, purchases are handled through the Apple App Store or Google Play. LockIn uses RevenueCat to help validate subscriptions and manage access to paid features. We may process RevenueCat customer identifiers, product identifiers, entitlement status, purchase state, renewal state, cancellation state, expiration state, and subscription event metadata. We do not receive your full payment card number.

Analytics and technical data

LockIn may process limited in-app analytics to understand whether core flows work, such as onboarding completion, app selection, session start, proof accepted, reminder toggled, settings updated, or account deletion requested. The current analytics design filters sensitive values such as proof image paths, exact location, URLs, photo content, and proof content before events are stored.

LockIn does not currently use Sentry, PostHog, or advertising analytics providers in the shipped app unless the app is updated to disclose them.

Health data

LockIn does not currently collect HealthKit or Health Connect data. If a future feature uses health data, the app will ask for permission and this policy will be updated before that data is collected or transmitted.

How We Use Information

  • Create and manage your LockIn account.
  • Save your LockIn setup across devices.
  • Run schedules, allowances, app selections, and proof flows.
  • Enforce app-blocking behavior where supported by the operating system and permissions.
  • Verify proof submissions.
  • Show session summaries, streaks, insights, app usage, reward cards, and history.
  • Send reminders and notifications you enabled.
  • Manage subscriptions, trials, entitlements, and restores.
  • Maintain security, debug problems, prevent abuse, and operate the service.
  • Improve LockIn using limited, privacy-conscious analytics.

What We Do Not Do

  • We do not sell personal data.
  • We do not use personal data for third-party advertising.
  • We do not read the contents of locked apps.
  • We do not read messages, emails, documents, browser content, or private files.
  • We do not share proof photos publicly.
  • We do not monitor another person's device without their consent.

When We Share Information

We share information only as needed to run LockIn and provide the features you use. Current or planned service providers may include Supabase, RevenueCat, Apple App Store, Google Play, OpenAI for proof-image verification, and Expo services.

We may also disclose information if required by law, to protect rights and security, or as part of a merger, acquisition, financing, or sale of assets, with appropriate notice where required.

Retention

We keep information for as long as needed to provide LockIn, maintain your account, comply with legal obligations, resolve disputes, handle refunds, prevent fraud, and enforce agreements.

Account data, setup, schedules, app selections, sessions, stats, and proof records generally remain until deleted by you or your account is deleted. Local proof media remains on your device unless you delete it, uninstall the app, clear app data, or the app removes it. Remote proof media, when stored for verification or support, is intended to be retained for a short period, normally up to 7 days, unless a longer period is needed for security, legal, dispute, or abuse-prevention reasons.

Your Choices and Controls

  • Choose which apps, categories, or website domains LockIn should limit.
  • Change your schedule, allowance, proof modes, and notifications.
  • Grant or revoke camera, location, notification, Screen Time, Family Controls, Usage Access, or related permissions in device settings.
  • Export your LockIn data where the app provides an export control.
  • Delete your account where the app provides account deletion.
  • Contact us to request help with access, correction, deletion, or privacy questions.

Legal Basis, Security, and Children

If you are in the EEA, the UK, or a similar jurisdiction, our legal bases may include contract, consent, legitimate interests, and legal obligations. We use reasonable technical and organizational measures to protect information, including authenticated access controls, row-level security for user-owned backend data, and encrypted transport where supported.

LockIn is not intended for children under 13, and it is not designed for monitoring children without proper consent.

Changes

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. If changes are material, we will provide notice as required by law or store rules.

Contact

For privacy questions or requests, contact sebastian@rework.no. You can also review the account deletion instructions.