Privacy Policy - ScrollSteps

Introduction

ScrollSteps ("we," "our," or "the App") is committed to protecting your privacy. This Privacy Policy explains how we handle your information when you use our application.

Information We Collect

To stay transparent, this section mirrors the App Store Privacy nutrition label you saw in the screenshot above. Apple requires us to disclose ten specific data types:

Crash Data, Performance Data, Other Diagnostic Data, Health Data, Fitness Data, User ID, Device ID, Product Interaction, Other Usage Data, and Name.

Data Used to Track You Across Apps & Websites

Identifiers (User ID, Device ID) Used by RevenueCat and Mixpanel to attribute subscriptions, prevent fraud, and understand which campaigns lead people back to ScrollSteps. Apple classifies this as tracking because the identifiers may also be observed in other apps that use the same SDKs.
Usage Data (Product Interaction, Other Usage Data) Event analytics that tell us which onboarding steps or paywall screens perform best. These events can be associated with your identifier, so Apple also treats them as tracking signals.

Data Linked to You

Contact Info – Name Optional display name that personalizes notifications, emails, and progress badges. It stays in your encrypted iCloud backup and is never sold.
Identifiers – User ID & Device ID Generated by RevenueCat to keep your subscription active across devices and by Mixpanel to stitch together anonymous analytics sessions.
Usage Data – Product Interaction & Other Usage Data Includes screen views, button taps, and session duration so we can spot friction and prioritize new features.

Data Not Linked to You

Diagnostics – Crash Data, Performance Data, Other Diagnostic Data Aggregated crash reports collected through Apple and Xcode. We strip any identifiers before analyzing stability trends.
Health & Fitness – Health Data & Fitness Data Step counts and walking distance from HealthKit remain on-device. When we report anonymized aggregates to Apple (for example, via TestFlight diagnostics) they are not linked to you.

Every category below expands on how these data types are handled, retained, and controlled inside ScrollSteps.

Health Data (HealthKit)

Step Count Data: We access your daily step count through Apple's HealthKit to enable the core functionality of unlocking apps based on your walking activity.
Storage: All health data remains on your device and is never transmitted to our servers or any third parties.
Usage: Step data is used exclusively to calculate whether you've met the requirements to unlock your selected apps.

Screen Time Data

App Usage Information: We access Screen Time data to manage app restrictions based on your step goals.
Storage: This data remains on your device only.
Usage: Used solely to enforce app locks and unlock apps when step goals are met.

User Preferences

Settings: Your app selections, step goals, and customization preferences are stored locally on your device.
Onboarding Data: Information you provide during onboarding (age, goals, habits) is stored locally to personalize your experience.

Contact Information

Name (Optional): You can provide a display name so reminders, emails, and celebratory messages feel personal. The name is encrypted within iOS backups, never leaves your device without your consent, and is only linked to analytics signals when strictly required for Apple’s App Store reporting.

Purchase Information

In-App Purchases: Payment transactions are processed entirely by Apple through the App Store. We do not collect or store your payment information.
Purchase Status: We track your subscription status to enable premium features, but no financial data is stored.

Identifiers & Analytics Signals

User ID: A pseudonymous identifier created by RevenueCat so your premium purchase stays unlocked on every device that uses the same Apple ID.
Device ID: Mixpanel stores a hashed device identifier to keep anonymous analytics sessions coherent. This helps us understand churn, retention, and onboarding flows.
Usage Data: Product interaction events (screen views, taps, feature usage) tell us where people struggle or succeed. Under Apple’s definition these events can qualify as “tracking” when tied to identifiers, so we disclose them accordingly.

How We Use Your Information

We use the collected information to:

Track your daily steps and unlock apps when you meet your goals
Display your progress and statistics within the app
Provide personalized motivation and gamification features (badges, achievements)
Remember your app preferences and settings
Enable premium features for subscribers
Analyze app usage patterns to improve features and user experience (via MixPanel)
Manage subscription status and purchases (via RevenueCat)

Important: While we use third-party services for analytics and subscription management, only anonymous device identifiers are shared. Your health data, step counts, personal information, and app usage details remain on your device and are never transmitted to these services or our servers.

Data Storage and Security

Local Storage Only: All personal data, health information, and preferences are stored exclusively on your device using iOS secure storage mechanisms (CoreData, UserDefaults, Keychain).
No Server Transmission: We do not transmit your health data, step counts, or app usage information to any remote servers.
iOS Security: Your data benefits from iOS's built-in encryption and security features, including Data Protection.

Data Sharing

We do not sell, trade, or share your personal information with third parties. Your health and usage data never leaves your device.

Diagnostics & Crash Reporting

Crash Data: Anonymous crash reports collected through Apple and Xcode help us debug issues. We review aggregate trends, not individual logs.
Performance Data: Frame rate, memory pressure, and energy impact metrics provided by Apple guide optimization work.
Other Diagnostic Data: When you opt in to share additional diagnostics (for example from TestFlight), Apple may include limited device details. We receive only the information necessary to reproduce the problem and do not attempt to re-identify you.

Third-Party Services

We use the following third-party services:

Apple HealthKit: For accessing step count data (governed by Apple's privacy policy)
Apple Screen Time API: For managing app restrictions (governed by Apple's privacy policy)
RevenueCat: For managing in-app purchases and subscriptions. RevenueCat may collect device identifiers and purchase data to enable subscription features. No personal information is shared. RevenueCat Privacy Policy
MixPanel: For app analytics and usage statistics. MixPanel collects anonymous device identifiers and app usage data to help us improve the app. No personally identifiable information is collected. MixPanel Privacy Policy

These services are integrated to improve app functionality and user experience. Only anonymous device identifiers are shared with these services - no personal information, health data, or identifiable user data is transmitted.

Your Rights and Choices

Health Data Access

You can revoke HealthKit permissions at any time through iOS Settings → Privacy & Security → Health → ScrollSteps
Revoking access will prevent the app from tracking steps and unlocking apps based on activity

Screen Time Access

You can revoke Screen Time permissions through iOS Settings → Screen Time → Apps with Access
Revoking access will prevent the app from managing app restrictions

Data Deletion

All data is stored locally on your device
Deleting the app removes all associated data from your device
You can reset your data within the app settings at any time
To delete analytics data collected by MixPanel, you can opt-out in the app settings or contact us
RevenueCat retains purchase history as required by Apple for subscription management

Analytics Data

We use MixPanel for analytics to understand app usage patterns and improve user experience
Only anonymous device identifiers are collected (no personally identifiable information)
Analytics data includes app events, feature usage, and session duration
You can opt-out of analytics tracking in the app settings

Children's Privacy

Our app is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by:

Posting the new Privacy Policy in the app
Updating the "Last Updated" date at the top of this policy
Requiring acceptance of the new policy when you open the app (for significant changes)

Your continued use of the app after changes are posted constitutes acceptance of the updated policy.

International Users

If you are using the app outside the United States, please note that your information may be stored on devices located in your region. All data remains on your device regardless of your location.

California Privacy Rights

If you are a California resident, you have the right to:

Know what personal information is collected
Request deletion of your personal information
Opt-out of the sale of personal information (we do not sell personal information)

Since all data is stored locally on your device, you have complete control over your data.

GDPR Compliance (European Users)

For users in the European Economic Area (EEA):

Legal Basis: We process data based on your consent and for contract performance
Data Controller: You are the controller of your data as it remains on your device
Right to Access: You can access all your data through the app interface
Right to Erasure: Delete the app to remove all data
Right to Portability: Export your data through app settings (if feature is implemented)

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: emrematebucket@gmail.com

App: ScrollSteps

Response Time: We aim to respond within 48 hours

Technical Details

Encryption

The app uses standard iOS encryption mechanisms
Data is protected by iOS Data Protection (when device is locked)
HealthKit data is stored in Apple's secure Health database

Data Retention

Local data is retained only while the app is installed
No backups are sent to external servers
iCloud backup (if enabled by user) may include app preferences but not HealthKit data
MixPanel retains anonymous analytics data according to their data retention policy
RevenueCat retains subscription data as required for purchase management and fraud prevention

Permissions Required

Health: Required for step counting functionality
Screen Time: Required for app locking functionality
Notifications: Optional, for reminders and motivation

Commitment to Privacy

We built ScrollSteps with privacy as a core principle:

Your health data and step counts never leave your device
No user accounts or personal information required
Only anonymous device identifiers used for analytics
No personal profiling or targeted advertising
No ads or sale of personal data
Complete transparency about data usage
Ability to opt-out of analytics at any time

Your privacy is not just a policy for us—it's how we built the app.

By using ScrollSteps, you acknowledge that you have read and understood this Privacy Policy.