Privacy Policy

Last updated: April 9, 2026

Overview

Applowance ("we", "us", or "our") is a family screen time management app published by Ramses Works. This policy explains what information we collect, how we use it, and what rights you have — including specific protections for children's data under COPPA and other applicable laws.

Information We Collect

We collect only the minimum data necessary for the app to function:

  • Parent account: Name and Apple ID identifier (via Sign in with Apple). Used for authentication and cross-device family management.
  • Child profile: Name (entered by the parent). Children do not provide email addresses or passwords.
  • Chore data: Chore names, descriptions, reward minutes, recurrence settings, and completion records (status, timestamps).
  • Screen time data: Available minutes, earned minutes, spent minutes, and active session state.
  • Device tokens: Firebase Cloud Messaging (FCM) tokens for push notifications. These are device identifiers, not personal information.
  • Optional PIN: If a parent sets a PIN for a child's profile, a cryptographic hash (PBKDF2) of the PIN is stored. The actual PIN is never stored.
  • Chore proof photos (optional): Children may attach a photo when completing a chore. Photos are resized, compressed, and stored in Firebase Storage. They are deleted when the associated completion record or account is deleted.

We do not collect: email addresses, phone numbers, location data, contacts, browsing history, advertising identifiers (IDFA), or any biometric data.

How We Use Your Data

All collected data is used solely to provide app functionality:

  • Authenticating parents and managing family membership
  • Syncing chores, approvals, and screen time balances across family devices
  • Delivering push notifications when chores are completed or need approval
  • Enforcing app restrictions via Apple's FamilyControls and ManagedSettings frameworks

We do not use your data for advertising, profiling, or any purpose other than providing and improving the Applowance service. We use Firebase Analytics during parent sessions only to understand feature usage and improve the app. Analytics is automatically disabled during child sessions to protect children's privacy.

Data Storage and Third-Party Services

Applowance uses the following third-party services to operate:

  • Firebase Authentication (Google): Manages parent sign-in (via Sign in with Apple) and anonymous authentication for children joining a family.
  • Cloud Firestore (Google): Stores and syncs family data (members, chores, completions, screen time balances) across devices in real time.
  • Firebase Cloud Messaging (Google): Delivers push notifications to parents and children.
  • Firebase App Check (Google): Verifies that requests to our backend come from authentic instances of the app.
  • Apple FamilyControls / ManagedSettings / DeviceActivity: System-level frameworks for enforcing app restrictions on the child's device. Data processed by these frameworks stays on the device and is managed by Apple.
  • Sign in with Apple: Provides parent authentication. We receive only the user's name and a unique identifier — Apple may provide a private relay email address, which we do not store or use.

Data stored in Firestore is hosted on Google Cloud infrastructure and is protected by Google's security practices. We do not maintain additional servers. Local data is stored on-device using SwiftData within a shared app group container, protected by iOS device encryption.

Google processes data on our behalf as a data processor under their Firebase Data Processing Terms. We use Firebase Crashlytics for parent sessions only to collect crash reports that help us fix bugs. We also use Firebase Analytics during parent sessions to understand feature usage and improve the app. Both Crashlytics and Analytics are automatically disabled during child sessions to protect children's privacy. We do not use any advertising services.

Children's Privacy (COPPA Compliance)

Applowance is designed for families and is used by children under parental supervision. We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA) and other applicable children's privacy laws.

  • Parental consent: A parent must sign in with Apple and provide explicit consent via an in-app consent screen before any child data is collected. The parent's verified Apple identity serves as the basis for verifiable parental consent.
  • Data collected from children: Child's name (entered by the parent), chore completion records, and screen time balance data. Children do not provide email addresses, passwords, or other personal information.
  • No tracking or advertising: We do not track children, serve ads, or use third-party analytics. NSPrivacyTracking is set to false in our privacy manifest.
  • No third-party data sharing: Children's data is not shared with any third party for their own purposes. Firebase processes data solely on our behalf.
  • Parental control: Parents can view, modify, and delete all of their children's data at any time through the app.
  • Right to delete: Parents can delete all family data (including all children's data) using the in-app account deletion feature. Children can also delete their own local data from within the app. See "Data Deletion" below.

Data Deletion

You can delete your data at any time:

  • Parents: Go to Settings > Delete Account. This permanently deletes your parent account, the entire family group, all children's profiles and data, all chores and completion history, all screen time records, and your Sign in with Apple link. This action requires re-authentication and cannot be undone.
  • Children: Go to Settings > Delete My Data. This removes the child's local data and deactivates their profile in the family.

When data is deleted, it is removed from both the local device (SwiftData) and our cloud database (Firestore). Firebase Authentication accounts are also deleted, and Sign in with Apple tokens are revoked.

If cloud data deletion fails due to a network issue during the deletion process, your Firebase Auth account and local data are still deleted. Any orphaned cloud data will be cleaned up automatically within 30 days. If you need assistance with data deletion, contact us at applowance@ramses.works.

Data Retention

We retain your data only for as long as your account exists. When you delete your account through the app, all associated data is permanently deleted from our systems. We do not retain backups of deleted data. Anonymous authentication sessions for children are ephemeral and tied to the device — logging out effectively abandons the session.

Data Security

We implement appropriate security measures to protect your data:

  • All network communication uses HTTPS/TLS encryption
  • PINs are hashed using PBKDF2 with random salts (100,000 iterations) — the actual PIN is never stored
  • Firebase App Check prevents unauthorized access to our backend
  • Firestore security rules enforce role-based access control (parents vs. children)
  • Local data is protected by iOS device encryption
  • Sign in with Apple uses cryptographic nonces to prevent replay attacks

Analytics and Tracking

We use Firebase Analytics and Firebase Crashlytics during parent sessions only to understand feature usage and collect crash reports that help us improve the app. Both services are automatically disabled when a child is signed in. We do not collect the Identifier for Advertisers (IDFA). We do not participate in ad networks or data brokers. We may also receive anonymized, aggregate crash reports through Apple's built-in crash reporting if you have opted in via your device settings.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you and your children
  • Request correction of inaccurate data
  • Request deletion of your data (available directly in the app)
  • Request a copy of your data in a portable format
  • Withdraw consent for data collection
  • Request that we stop processing your data

To exercise any of these rights — including requesting a data export — use the in-app features or contact us at applowance@ramses.works. We will respond to data export requests within 30 days.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or our data practices, please contact us: