Privacy Policy

Last updated: May 16, 2026

Overview

Applowance ("we", "us", or "our") is a family screen time management app published by Ramses Works. This policy explains what information we collect, how we use it, and what rights you have — including specific protections for children's data under COPPA and other applicable laws.

Information We Collect

We collect only the minimum data necessary for the app to function:

Parent account: Name and Apple ID identifier (via Sign in with Apple). Used for authentication and cross-device family management.
Child profile: Name (entered by the parent). Children do not provide email addresses or passwords.
Chore data: Chore names, descriptions, reward minutes, recurrence settings, and completion records (status, timestamps).
Screen time balances: Available minutes, earned minutes, spent minutes, and active session state per child.
Screen time session records: Start time, end time, total duration, and whether the child ended a session early. These records describe the family-controlled screen time block (for example, "a 20-minute earned session") — not per-app usage. Apple's FamilyControls tokens identifying specific apps stay on the device and are never transmitted to us.
Manual balance adjustments: Minutes added or removed by a parent, with reason and timestamp.
Bonus time rules and awards (Family and above): Streak/threshold rules configured by parents, plus records of automatically granted bonus minutes.
Custom rewards and redemptions (Family+ and above): Parent-defined non-screen-time rewards (e.g. "movie night") and child redemption records.
Allowance balances and transactions (Family+ and above): Dollar amounts attached to chores and per-transaction history. Applowance does not move real money — these are tracking records only.
Family activity log (Family+ and above): A timestamped audit trail of family actions (chore approvals, session events, redemptions) recording actor name, action, and target child name.
Parental consent records: Version-stamped acceptance of the in-app consent disclosure shown when a parent creates or joins a family.
Content reports: When a parent or child uses the in-app Report flow, we record the reporter's user identifier (Apple-issued for parents, anonymous Firebase UID for children), the target type and identifier, the reason text, and a timestamp so we can review and act on the report.
Device tokens: Firebase Cloud Messaging (FCM) tokens for push notifications. These are device identifiers, not personal information.
Optional PINs: If a parent sets a PIN for a child's profile, only a cryptographic hash (PBKDF2-HMAC-SHA256, 100,000 iterations, with a random per-PIN salt) is stored. The actual PIN is never stored. The optional family-wide PIN is stored exclusively in the iOS Keychain on the parent's device and is never synced to our servers.
Subscription and purchase data: Apple-issued transaction identifiers, product identifiers (for example, works.ramses.applowance.family.monthly), and entitlement state are read from Apple's StoreKit so the app knows which premium features to unlock. Apple — not Applowance — holds your payment method and billing details.

We do not collect: email addresses, phone numbers, location data, photos, contacts, browsing history, advertising identifiers (IDFA), biometric data, or per-app usage statistics from the child's device.

How We Use Your Data

All collected data is used solely to provide app functionality:

Authenticating parents and managing family membership
Syncing chores, approvals, balances, and activity across family devices
Delivering push notifications when chores are completed, sessions are starting/ending, or approvals are needed
Enforcing app restrictions via Apple's FamilyControls and ManagedSettings frameworks on the child's device
Resolving subscription entitlements via Apple StoreKit so the app knows which features to unlock
Protecting families from abuse — for example, the invite-code lookup is rate-limited (5 attempts per 15 minutes per user) to prevent brute-force guessing, and content reports are reviewed by our team within 24 hours

We do not use your data for advertising, profiling, or any purpose other than providing and improving the Applowance service. We use Firebase Analytics during parent sessions only to understand feature usage and improve the app. Analytics is automatically disabled during child sessions to protect children's privacy.

Data Storage and Third-Party Services

Applowance uses the following third-party services to operate:

Firebase Authentication (Google): Manages parent sign-in (via Sign in with Apple) and anonymous authentication for children joining a family.
Cloud Firestore (Google): Stores and syncs family data (members, chores, completions, balances, sessions, adjustments, bonus rules and awards, allowances, custom rewards, activity log, consent records, and content reports) across devices in real time. Access is enforced by Firestore security rules that distinguish parents from children.
Firebase Cloud Messaging (Google): Delivers push notifications to parents and children. To protect privacy, FCM payloads intentionally omit child names — Apple's and Google's notification delivery logs are not under our control, so names are resolved locally on the receiving device using data already synced via Firestore.
Firebase Cloud Functions (Google): We operate three small serverless functions: notifyParentsOnCompletion relays an FCM push when a child completes a chore (with the child's name omitted, as noted above); validateInviteCode resolves a family invite code with rate limiting to prevent brute-force; onReportCreated alerts our moderation team when a content report is filed and writes a structured Cloud Logging entry so we can track moderation activity. The team reviews the full report (including the reporter's free-text reason) directly in Firestore.
Firebase App Check (Google): Verifies that requests to our backend come from authentic instances of the app. Release builds use Apple's App Attest provider; debug builds use a debug provider for development only.
Firebase Crashlytics (Google): Collects crash reports during parent sessions only. We deliberately omit the verbose error description from non-fatal reports so user input is not echoed into crash logs.
Firebase Analytics (Google): Collects feature-usage analytics during parent sessions only — automatically disabled at app launch and only enabled once we confirm the active session is a parent.
Apple FamilyControls / ManagedSettings / DeviceActivity: System-level frameworks for enforcing app restrictions on the child's device. The opaque tokens that identify specific apps to block stay on the device and are managed by Apple — they are not transmitted to Applowance.
Apple Sign in with Apple: Provides parent authentication. We receive only the user's name and a unique identifier — Apple may provide a private relay email address, which we do not store or use.
Apple StoreKit 2 and Family Sharing: Processes subscription purchases and the Lifetime in-app purchase. All paid plans (Family, Family+, and Lifetime) are configured to support Apple Family Sharing; we do not see your payment method. We read transaction identifiers and product identifiers only to determine which features to unlock.

Data stored in Firestore is hosted on Google Cloud infrastructure and is protected by Google's security practices. We do not maintain additional servers. Local data is stored on-device using SwiftData within a shared app group container, protected by iOS device encryption.

Google processes data on our behalf as a data processor under their Firebase Data Processing Terms. Both Crashlytics and Analytics are automatically disabled during child sessions to protect children's privacy. We do not use any advertising services.

Children's Privacy (COPPA Compliance)

Applowance is designed for families and is used by children under parental supervision. We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA) and other applicable children's privacy laws.

Parental consent: A parent must sign in with Apple and provide explicit consent via an in-app consent screen before any child data is collected. The parent's verified Apple identity serves as the basis for verifiable parental consent, and the consent is stored as a version-stamped record so we can demonstrate which disclosure was shown at the time of consent.
Data collected from children: The child's name (entered by the parent), chore completion records, screen time balance data, screen time session records, and — where the parent has enabled them — reward redemptions and bonus awards. Children do not provide email addresses, passwords, birthdates, or other personal information.
Analytics and crash reporting are off for children: Firebase Analytics and Firebase Crashlytics are disabled at app launch and only re-enabled once the active session is confirmed to belong to a parent profile. Subscription-related analytics events are gated by the same check — no child session ever triggers a tracked event.
No tracking or advertising: We do not track children, serve ads, or use third-party analytics. NSPrivacyTracking is set to false in our privacy manifest.
No third-party data sharing: Children's data is not shared with any third party for their own purposes. Firebase processes data solely on our behalf.
No per-app usage transmitted: Applowance does not collect or transmit which specific apps a child has installed or how long they used each one. The app interacts with Apple's FamilyControls and DeviceActivity frameworks only to apply restrictions; the underlying tokens stay on the device.
Parental control: Parents can view, modify, and delete all of their children's data at any time through the app.
Right to delete: Parents can delete all family data (including all children's data) using the in-app account deletion feature. Children can also delete their own local data from within the app. See "Data Deletion" below.
Demo mode: The pre-populated demo data shown during App Store review and in our marketing screenshots runs entirely in-memory on the reviewer's device and is never synced to our servers.

Data Deletion

You can delete your data at any time:

Parents: Go to Settings > Delete Account. This action requires re-authentication with Apple and cannot be undone. It revokes the Sign in with Apple token, deletes your Firebase Authentication account, and cascade-deletes the entire family group's data — members, balances, allowances, chores, completions, sessions, manual adjustments, bonus rules and awards, custom rewards and redemptions, activity log, and consent records — along with the user-to-family mapping. The family document itself is removed when the last member leaves. Your Firebase Cloud Messaging token is also deleted and your parent notification topic is unsubscribed. Content reports are an exception and are retained for our safety records (see Data Retention below).
Children: Go to Settings > Delete My Data. This removes the child's local data and deactivates their profile in the family.

When data is deleted, it is removed from both the local device (SwiftData) and our cloud database (Firestore). Firebase Authentication accounts are also deleted, and Sign in with Apple tokens are revoked.

Subscriptions are managed by Apple. Deleting your Applowance account does not cancel an active App Store subscription. To cancel a subscription, open the iPhone Settings app → tap your name → Subscriptions → Applowance, and choose Cancel.

If cloud data deletion fails due to a network issue during the deletion process, your Firebase Auth account and local data are still deleted. Any orphaned cloud data will be cleaned up automatically within 30 days. If you need assistance with data deletion, contact us at applowance@ramses.works.

Data Retention

We retain your data only for as long as your account exists. When you delete your account through the app, all associated data is permanently deleted from our systems. We do not retain backups of deleted data. Anonymous authentication sessions for children are ephemeral and tied to the device — logging out effectively abandons the session.

Family activity log entries persist for the lifetime of the family account so parents can review historical activity. They are wiped together with the rest of the family's data when you delete your account. Content reports are kept indefinitely as safety records so we can demonstrate the actions we took in response — they are not erased by family deletion and remain accessible only to our moderation team.

Data Security

We implement appropriate security measures to protect your data:

All network communication uses HTTPS/TLS encryption
PINs (child profile PINs and the optional family PIN) are hashed with PBKDF2-HMAC-SHA256 using a random per-PIN salt and 100,000 iterations — the actual PIN is never stored
The family PIN is deliberately stored only in the iOS Keychain on the parent's device and is never synced to our servers
Firebase App Check (using Apple's App Attest in release builds) prevents unauthorized clients from accessing our backend
Cloud Functions enforce App Check and apply per-user rate limits to invite-code lookups to prevent brute-force
Firestore security rules enforce role-based access control (parents vs. children) and field-level whitelists on every collection
Local data is protected by iOS device encryption and stored inside a shared app group container
Sign in with Apple uses cryptographic nonces to prevent replay attacks

Analytics and Tracking

We use Firebase Analytics and Firebase Crashlytics during parent sessions only to understand feature usage and collect crash reports that help us improve the app. Both services are automatically disabled when a child is signed in. We do not collect the Identifier for Advertisers (IDFA). We do not participate in ad networks or data brokers. We may also receive anonymized, aggregate crash reports through Apple's built-in crash reporting if you have opted in via your device settings.

Within parent sessions, we record only the event categories needed to understand the subscription experience: paywall views and dismissals; purchase flows (started, completed, cancelled, pending, failed); restore flows; subscription lifecycle events (expired, renewed, upgraded, downgraded); free-trial start and conversion; and which premium feature gates parents tap on. Event parameters are non-personal and limited to values such as the StoreKit product identifier, the resolved tier, a boolean for whether a trial was active, and any error code returned by StoreKit.

Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you and your children
Request correction of inaccurate data
Request deletion of your data (available directly in the app)
Request a copy of your data in a portable format
Withdraw consent for data collection
Request that we stop processing your data

To exercise any of these rights — including requesting a data export — use the in-app features or contact us at applowance@ramses.works. We will respond to data export requests within 30 days.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or our data practices, please contact us: