# Privacy Policy – TickBoom: Evil Countdown Timer
**Last updated**: 2025-01-09
This Privacy Policy explains how TickBoom ("the App", "we", "us") collects, uses, and protects your information. By using the App, you agree to this policy.
## 1. Data We Collect
- Account data (optional): email, name (via Supabase authentication) when you sign up or sign in.
- App usage data: commitments, durations, outcomes (success/failure), timestamps, streak data, and Live Activity preferences. These are stored in our database to power app features.
- Purchases: subscription status and related metadata via RevenueCat (no full payment card data is processed by us).
- Device identifiers: anonymous identifiers used by Supabase/RevenueCat for account or purchase state; we do not use device fingerprinting for advertising.
- Notifications: if you allow notifications, we store your permission status and scheduled notification identifiers locally on your device.
We do NOT collect: precise location, contact lists, photos, microphone, camera, or advertising identifiers for tracking.
## 2. How We Use Data
- Provide the core features of the App (create/manage countdowns, store progress, show results, Live Activities, Dynamic Island integration).
- Manage subscriptions and entitlements (free vs premium) through RevenueCat.
- Send optional local notifications related to countdowns (if enabled by you).
- Improve reliability and fix bugs (aggregate, minimal telemetry/logs).
- Product analytics (privacy-conscious): we use PostHog to understand feature usage and improve the App. We avoid collecting sensitive data and use aggregate insights.
We do not sell personal data.
## 3. Legal Basis
- Contract: to provide the service you request (account, countdowns, purchase unlocking).
- Consent: for notifications, and where required for optional analytics.
- Legitimate interest: to protect the service against abuse and improve stability.
## 4. Data Sharing
- Supabase (database & auth): stores user accounts and app data.
- RevenueCat (in-app purchases): manages subscriptions and entitlements.
These processors handle data under their own privacy terms and security controls. We do not share data with advertisers.
## 5. Data Retention
- Account and app data are retained while your account is active. You may request deletion at any time (see Rights below).
- Logs and diagnostic information are retained for a limited time for stability and troubleshooting.
## 6. Security
We use industry-standard safeguards including encrypted transit (HTTPS) and provider security controls (Supabase/RevenueCat). No method is 100% secure, but we continuously work to protect your information.
## 7. Your Rights
Depending on your jurisdiction, you may have rights to access, rectify, export, delete, or restrict processing of your personal data. Contact us (see Contact section) to exercise these rights.
## 8. Children
The App is not intended for children under the age required by local law for app store use. We do not knowingly collect data from children.
## 9. International Transfers
Data may be stored or processed in regions where Supabase/RevenueCat operate. We rely on their safeguards and standard contractual clauses where applicable.
## 10. Changes
We may update this policy. Significant changes will be communicated in-app or via release notes. The "Last updated" date indicates the latest revision.
## 11. Contact
If you have questions or requests regarding this policy, contact: [email protected]
---
## Provider Disclosures
- Authentication & Database: Supabase (see <https://supabase.com/privacy>)
- Purchases: RevenueCat (see <https://www.revenuecat.com/privacy>)
- Product Analytics: PostHog (see <https://posthog.com/privacy>)
- Notifications: uses the OS notification services provided by Apple/Google; we do not use push tokens for advertising.