Last updated May 15, 2026

Privacy Policy

AppAlly is built with a privacy-first philosophy. We collect the minimum information necessary to operate the accountability features you choose to enable, and nothing more.

1. Who we are

AppAlly is a screen-time accountability app for adults that helps you manage your digital habits through trusted ally relationships. We are the data controller for information processed within the app.

AppAlly uses Apple's individual FamilyControls authorization (the adult, self-directed flow). AppAlly is not a parental control or child-supervision tool, and we do not knowingly serve users under 18.

2. What we collect

We collect only what is necessary to provide the service:

  • Account information you provide: name and email address.
  • Role and pairing data: whether you are a Requester or Ally, and the invite codes used to pair accounts.
  • App restriction settings: which apps you choose to block and the policy rules you configure. Screen Time app tokens and restriction state are stored on your device and shared with AppAlly's iOS extensions through your App Group.
  • Access request records: requests you create, app names or app-category hints, requested durations, reasons you enter, ally decisions, and decision timestamps. These are synced through Supabase so your ally and requester devices can coordinate.
  • Push notification data: your Expo push token and the request or decision details needed to deliver AppAlly notifications.
  • Session and emergency override data: timestamps, cooldowns, and local audit history used to run the accountability experience.
  • Diagnostics (if you opt in): anonymized crash reports and performance data, used to keep the app stable. You can disable this in Settings.

We minimize cloud data. AppAlly does not receive the contents of your apps, messages, notifications, or Apple Screen Time usage reports. Cloud records are limited to account, pairing, request, decision, push-token, and operational data needed to run the service.

3. What we do not collect

  • We do not track which apps you actually use on your device.
  • We do not read the content of any app, message, photo, or notification.
  • We do not build behavioral profiles or sell advertising.
  • We do not share your data with third parties for marketing.
  • We do not use cookies or cross-app tracking identifiers.
  • We do not have access to your Apple Screen Time usage reports.
  • We do not collect data from anyone we know to be under 18.
  • We do not transfer data to data brokers or political/advocacy groups.

4. Biometric data

If you enable Face ID or Touch ID for ally approvals, biometric authentication is handled entirely by iOS through the device's Secure Enclave. AppAlly never receives, stores, or transmits your biometric data. We only receive a boolean success or failure result from the operating system.

5. Notifications

If you grant notification permissions, AppAlly sends local and remote push notifications for events like access requests, approvals, denials, session countdowns, and ally status updates. Remote notifications are delivered through Expo's push notification service and Apple's Push Notification service, and include the limited request or decision details needed to display the notification and wake the app for background processing.

6. Sign-in

AppAlly supports email-based account creation and sign-in through Supabase. We use your name, email address, role, and authentication state to create your account, restore access, pair requester and ally devices, and protect synced records with row-level security.

7. Subscriptions and payments

Subscription payments are processed by Apple through the App Store. We do not handle, store, or have access to your payment card details. RevenueCat is used to validate your subscription status and may process your App Store receipt and a device-scoped identifier to confirm entitlements. See RevenueCat's privacy policy for details.

Emergency overrides are governed by in-app cooldowns, not separate charges. AppAlly never asks you to pay to unlock an app you have already restricted.

8. Sub-processors

We use a small set of trusted providers to operate the service. None of them receive data we do not collect ourselves.

  • Apple (App Store, Push Notifications, Family Controls): account distribution, subscription billing, push delivery, on-device restriction enforcement.
  • Supabase (United States): database hosting, authentication, row-level security.
  • RevenueCat: subscription entitlement validation.
  • Expo: push notification routing.
  • Fastmail: our email infrastructure for support, privacy, and press inboxes.

If we add or remove a sub-processor, we will update this list and the "Last updated" date.

9. Data retention

Local restriction settings and Screen Time tokens live on your device. Synced account, pairing, request, decision, push-token, and operational records are retained only as long as needed to provide AppAlly, maintain account history, resolve support requests, comply with legal obligations, or protect the service.

Uninstalling the app removes local data from that device but does not automatically delete cloud records. If you request account deletion through Settings or by emailing us, we will delete or anonymize associated cloud records within 30 days unless retention is legally required.

10. Children

AppAlly is intended for adults 18 and over. We do not knowingly collect information from anyone under 18. If you believe a minor has used AppAlly, please contact us and we will assist in removing any associated data.

11. Your rights

Depending on your location, you may have the following rights with respect to your personal data:

  • Access: request a copy of the data we hold about you.
  • Deletion: request erasure of your account and associated data.
  • Portability: request an export of your data in a structured, machine-readable format.
  • Correction: update inaccurate account information at any time in Settings.
  • Restriction or objection: ask us to limit how we process your data, where applicable under your local law.
  • Withdraw consent: opt out of optional diagnostics in Settings.

You can update some account information in Settings. For deletion, export, or other rights requests, email privacy@appally.app. We respond within 30 days.

12. International users

AppAlly is operated from the United States and cloud records are stored in the United States. If you use AppAlly from outside the U.S., you understand that your information may be transferred to and processed in the U.S., which may have data protection laws that differ from your country.

13. Security

Data stored on your device uses iOS platform protections, SecureStore where appropriate, and app sandboxing. Cloud records are protected with Supabase authentication, row-level security, and encrypted transport. No system is perfectly secure, but we have designed AppAlly to minimize the data we hold, which in turn minimizes risk.

14. Changes to this policy

If we make material changes to this policy, we will update the "Last updated" date and notify you within the app. Continued use after changes constitutes acceptance of the revised policy.

15. Contact

Privacy questions and data rights requests: privacy@appally.app

General support: support@appally.app