Privacy Policy

Overview

Applowance ("we", "us", or "our") is a family screen time management app published by Ramses Works. This policy explains what information we collect, how we use it, and what rights you have — including specific protections for children's data under COPPA and other applicable laws.

Information We Collect

We collect only the minimum data necessary for the app to function:

  • Parent account: Name and Apple ID identifier (via Sign in with Apple). Used for authentication and cross-device family management.
  • Child profile: Name (entered by the parent). Children do not provide email addresses or passwords.
  • Avatar emoji (optional): Any user — parent or child — may set a single emoji as their profile avatar. If set, it is synced across the family's devices so everyone sees the same avatar. It is optional, contains no personal information, and can be cleared at any time.
  • Chore data: Chore names, descriptions, reward minutes, recurrence settings, and completion records (status, timestamps).
  • Screen time balances: Available minutes, earned minutes, spent minutes, and active session state per child.
  • Screen time session records: Start time, end time, total duration, and whether the child ended a session early. These records describe the family-controlled screen time block (for example, "a 20-minute earned session") — not per-app usage. Apple's FamilyControls tokens identifying specific apps stay on the device and are never transmitted to us.
  • Manual balance adjustments: Minutes added or removed by a parent, with reason and timestamp.
  • Bonus time rules and awards: Where enabled for a family, streak/threshold rules configured by parents, plus records of automatically granted bonus minutes.
  • Custom rewards and redemptions: Where enabled for a family, parent-defined non-screen-time rewards (e.g. "movie night") and child redemption records.
  • Allowance balances and transactions: Where enabled for a family, dollar amounts attached to chores and per-transaction history. Applowance does not move real money — these are tracking records only.
  • Family activity log: Where enabled for a family, a timestamped audit trail of family actions (chore approvals, session events, redemptions) recording actor name, action, and target child name.
  • Parental consent records: Version-stamped acceptance of the in-app consent disclosure shown when a parent creates or joins a family.
  • Content reports: When a parent or child uses the in-app Report flow, we record the reporter's user identifier (Apple-issued for parents, anonymous Firebase UID for children), the target type and identifier, the reason text, and a timestamp so we can review and act on the report.
  • Device tokens: Firebase Cloud Messaging (FCM) tokens for push notifications. These device identifiers are stored on the signed-in family member record so notifications can reach the correct device.
  • Optional PINs: If a parent sets a PIN for a child's profile, only a cryptographic hash (PBKDF2-HMAC-SHA256, 100,000 iterations, with a random per-PIN salt) is stored. The actual PIN is never stored. The optional family-wide PIN is stored exclusively in the iOS Keychain on the parent's device and is never synced to our servers.
  • Subscription and purchase data: Applowance currently has no in-app purchases. If paid plans are introduced in a future release, Apple-issued transaction identifiers, product identifiers, and entitlement state would be read from Apple's StoreKit so the app knows which premium features to unlock. Apple — not Applowance — would hold your payment method and billing details.

We do not collect: email addresses, phone numbers, location data, photos, contacts, browsing history, advertising identifiers (IDFA), biometric data, or per-app usage statistics from the child's device.

How We Use Your Data

Collected data is used to provide app functionality, improve reliability, and understand parent-session feature usage:

  • Authenticating parents and managing family membership
  • Syncing chores, approvals, balances, and activity across family devices
  • Delivering push notifications when chores are completed, sessions are starting/ending, or approvals are needed
  • Enforcing app restrictions via Apple's FamilyControls and ManagedSettings frameworks on the child's device
  • Preparing for future paid plans while keeping all currently available app features free for v1
  • Protecting families from abuse — for example, the invite-code lookup is rate-limited (5 attempts per 15 minutes per user) to prevent brute-force guessing, and content reports are routed to our team for prompt human review

We do not use your data for advertising, profiling, or any purpose other than providing and improving the Applowance service. We use Firebase Analytics during parent sessions only to understand feature usage and improve the app. Analytics is automatically disabled during child sessions to protect children's privacy.

Data Storage and Third-Party Services

Applowance uses the following third-party services to operate:

  • Firebase Authentication (Google): Manages parent sign-in (via Sign in with Apple) and anonymous authentication for children joining a family.
  • Cloud Firestore (Google): Stores and syncs family data (members, chores, completions, balances, sessions, adjustments, bonus rules and awards, allowances, custom rewards, activity log, consent records, and content reports) across devices in real time. Access is enforced by Firestore security rules that distinguish parents from children.
  • Firebase Cloud Messaging (Google): Delivers push notifications to parents and children. To protect privacy, FCM payloads intentionally omit child names — Apple's and Google's notification delivery logs are not under our control, so names are resolved locally on the receiving device using data already synced via Firestore.
  • Firebase Cloud Functions (Google): We operate three small serverless functions: notifyParentsOnCompletion relays an FCM push when a child completes a chore (with the child's name omitted, as noted above); validateInviteCode resolves a family invite code with rate limiting to prevent brute-force; onReportCreated alerts our moderation team when a content report is filed and writes a structured Cloud Logging entry so we can track moderation activity. The team reviews the full report (including the reporter's free-text reason) directly in Firestore.
  • Firebase App Check (Google): Verifies that requests to our backend come from authentic instances of the app. Release builds use Apple's App Attest provider; debug builds use a debug provider for development only.
  • Firebase Crashlytics (Google): Collects crash reports during parent sessions only. We deliberately omit the verbose error description from non-fatal reports so user input is not echoed into crash logs.
  • Firebase Analytics (Google): Collects feature-usage analytics during parent sessions only — automatically disabled at app launch and only enabled once we confirm the active session is a parent.
  • Apple FamilyControls / ManagedSettings / DeviceActivity: System-level frameworks for enforcing app restrictions on the child's device. The opaque tokens that identify specific apps to block stay on the device and are managed by Apple — they are not transmitted to Applowance.
  • Apple Sign in with Apple: Provides parent authentication. We receive only the user's name and a unique identifier — Apple may provide a private relay email address, which we do not store or use.
  • Apple StoreKit 2 and Family Sharing: Not currently used — Applowance has no in-app purchases at this time. If paid plans are introduced in a future release, StoreKit would process purchases and we would read transaction and product identifiers only to determine which features to unlock; we would not see your payment method.

Data stored in Firestore is hosted on Google Cloud infrastructure and is protected by Google's security practices. We do not maintain additional servers. Local data is stored on-device using SwiftData within a shared app group container, protected by iOS device encryption.

Google processes data on our behalf as a data processor under their Firebase Data Processing Terms. Both Crashlytics and Analytics are automatically disabled during child sessions to protect children's privacy. We do not use any advertising services. Applowance uses no artificial-intelligence features and shares no data with any AI service or model provider.

Children's Privacy (COPPA Compliance)

Applowance is designed for families and is used by children under parental supervision. We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA) and other applicable children's privacy laws.

  • Parental consent: A parent must sign in with Apple and provide explicit consent via an in-app consent screen before any child data is collected. The parent's verified Apple identity serves as the basis for verifiable parental consent, and the consent is stored as a version-stamped record so we can demonstrate which disclosure was shown at the time of consent.
  • Data collected from children: The child's name (entered by the parent), chore completion records, screen time balance data, screen time session records, an optional single-emoji avatar the child may choose (synced across the family's devices), and — where the parent has enabled them — reward redemptions and bonus awards. Children do not provide email addresses, passwords, birthdates, or other personal information.
  • Analytics and crash reporting are off for children: Firebase Analytics and Firebase Crashlytics are disabled at app launch and only re-enabled once the active session is confirmed to belong to a parent profile. Subscription-related analytics events are gated by the same check — no child session ever triggers a tracked event.
  • No tracking or advertising: We do not track children, serve ads, or use third-party analytics. NSPrivacyTracking is set to false in our privacy manifest.
  • No third-party data sharing: Children's data is not shared with any third party for their own purposes. Firebase processes data solely on our behalf.
  • No per-app usage transmitted: Applowance does not collect or transmit which specific apps a child has installed or how long they used each one. The app interacts with Apple's FamilyControls and DeviceActivity frameworks only to apply restrictions; the underlying tokens stay on the device.
  • Parental control: Parents can view, modify, and delete all of their children's data at any time through the app.
  • Right to delete: Parents can delete all family data (including all children's data) using the in-app account deletion feature. Children can also delete their own data from within the app. See "Data Deletion" below.
  • Demo mode: The pre-populated demo data shown during App Store review and in our marketing screenshots runs entirely in-memory on the reviewer's device and is never synced to our servers.

Data Deletion

You can delete your data at any time:

  • Parents: Go to Settings > Delete Account. This action requires re-authentication with Apple and cannot be undone. Applowance records a server-side deletion request before any destructive cloud work begins, then revokes the Sign in with Apple token, deletes the Firebase Authentication accounts for the family members, and cascade-deletes the entire family group's data — members, balances, allowances, chores, completions, sessions, manual adjustments, bonus rules and awards, custom rewards and redemptions, activity log, and consent records — along with the user-to-family mapping. The family document itself is removed when the family is deleted. Your Firebase Cloud Messaging token is also deleted and your parent notification topic is unsubscribed. Content reports are an exception and are retained for our safety records (see Data Retention below).
  • Children: Go to Settings > Delete My Data. Applowance records a server-side deletion request, then permanently and irreversibly erases the child's own data — their profile (including name and avatar), chore completions, screen time balances and session records, manual adjustments, bonus awards, reward redemptions, allowance balance and transactions, chores assigned to them, and the activity-log entries that reference them — from both the local device (SwiftData) and our cloud database (Firestore), and deletes the child's anonymous Firebase Authentication account. Only that child's data is removed; the rest of the family and other members are unaffected.

When data is deleted, it is removed from both the local device (SwiftData) and our cloud database (Firestore). Firebase Authentication accounts are also deleted, and Sign in with Apple tokens are revoked.

If a network issue, function timeout, or partial cloud failure interrupts deletion, the app shows a pending deletion state instead of reporting completion. The server-side request is retried automatically until the scoped cloud purge finishes; local data and final sign-out are completed only after the backend confirms completion or the already-queued request has reached the final Firebase Authentication deletion step. If the pending state remains, contact us at applowance@ramses.works and we will verify or complete the deletion.

Data Retention

We retain your data only for as long as your account exists. When you delete your account through the app, all associated data is permanently deleted from our systems. We do not retain backups of deleted data. Anonymous authentication sessions for children are ephemeral and tied to the device — logging out effectively abandons the session.

Family activity log entries persist for the lifetime of the family account so parents can review historical activity. They are wiped together with the rest of the family's data when you delete your account. Content reports are kept indefinitely as safety records so we can demonstrate the actions we took in response — they are not erased by family deletion and remain accessible only to our moderation team.

Data Security

We implement appropriate security measures to protect your data:

  • All network communication uses HTTPS/TLS encryption
  • PINs (child profile PINs and the optional family PIN) are hashed with PBKDF2-HMAC-SHA256 using a random per-PIN salt and 100,000 iterations — the actual PIN is never stored
  • The family PIN is deliberately stored only in the iOS Keychain on the parent's device and is never synced to our servers
  • Firebase App Check (using Apple's App Attest in release builds) prevents unauthorized clients from accessing our backend
  • Cloud Functions enforce App Check and apply per-user rate limits to invite-code lookups to prevent brute-force
  • Firestore security rules enforce role-based access control (parents vs. children) and field-level whitelists on every collection
  • Local data is protected by iOS device encryption and stored inside a shared app group container
  • Sign in with Apple uses cryptographic nonces to prevent replay attacks

Analytics and Tracking

We use Firebase Analytics and Firebase Crashlytics during parent sessions only to understand feature usage and collect crash reports that help us improve the app. Both services are automatically disabled when a child is signed in. We do not collect the Identifier for Advertisers (IDFA). We do not participate in ad networks or data brokers. We may also receive anonymized, aggregate crash reports through Apple's built-in crash reporting if you have opted in via your device settings.

During the free-tier launch, parent-session analytics are limited to non-personal feature usage and reliability events. We do not record paywall, purchase, restore, subscription lifecycle, or trial-conversion events because Applowance currently has no in-app purchases or subscriptions.

We also mirror a curated, PII-safe subset of these usage and reliability events to our own backend to power an internal product-health dashboard. For child sessions this is limited to non-personal session metadata (session duration, end reason, and timestamps).

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you and your children
  • Request correction of inaccurate data
  • Request deletion of your data (available directly in the app)
  • Request a copy of your data in a portable format
  • Withdraw consent for data collection
  • Request that we stop processing your data

Deletion is available directly in the app (Settings > Delete Account for parents, Settings > Delete My Data for children). To exercise any other right — including requesting a copy of your data — contact us at applowance@ramses.works. There is no in-app data-export button today; we fulfill data-export requests manually and will respond within 30 days.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or our data practices, please contact us: