Privacy Policy

Last updated: 9 May 2026

This Privacy Policy explains how the Sleep Lock iPhone app and the website at sleeplock.app handle your personal data. The data controller is Modestas Razanauskas, an individual based in Lithuania ("we", "us"). You can reach us at support@sleeplock.app.

The short version

Sleep Lock is a local-first app. We don't run servers that store your personal data, we don't have user accounts, and we don't use analytics or trackers. The only personal data that leaves your device is what's required to validate your subscription with Apple and RevenueCat. Everything else stays on your iPhone.

1. Data stored only on your device

The following data is generated by the App and stored on your iPhone (within the App's sandbox and shared App Group). It is not transmitted to us:

• Your selected apps and categories. Apple's Screen Time framework returns opaque tokens that represent the apps you choose to block. These tokens are meaningful only on your device and are not visible to us.
• Your bedtime schedule and lock duration.
• Your wake-up alarm configuration.
• Streak counts and last-blocked-app history shown in the App.
• Onboarding progress.

This data never leaves your device. Removing the App removes this data.

2. Apple Health data (optional)

If you grant permission, the App reads sleep-related data (such as Sleep Analysis samples) from Apple HealthKit to display sleep insights inside the App. This data is read on-device, displayed only in the App, and never transmitted to us or to any third party. You can revoke access at any time in Settings → Privacy & Security → Health → Sleep Lock.

3. Notifications and alarms

If you grant notification permission, the App schedules local notifications (a 5-minute warning before bedtime and a bedtime alert) using Apple's local notification system. If you grant alarm permission, the App schedules wake-up alarms via Apple's AlarmKit. Both run entirely on your device. We do not send push notifications.

4. Subscriptions

Sleep Lock Pro is sold as an auto-renewing subscription through the Apple App Store. To validate your subscription and unlock Pro features, the App uses RevenueCat, Inc. (a US-based company) as a processor. The following data is shared with RevenueCat for this purpose:

• An anonymous app user identifier generated by the RevenueCat SDK on your device (not linked to your name, email, or Apple ID by us);
• Your Apple App Store transaction receipt, which RevenueCat sends to Apple's servers for verification;
• Standard device/app metadata collected by the RevenueCat SDK, such as iOS version, app version, country, and an IDFV (Apple's per-vendor device identifier).

RevenueCat processes this data to confirm your purchase and report subscription status back to the App. See RevenueCat's privacy policy at revenuecat.com/privacy for details.

Apple processes your payment and is the seller of record. We do not receive your payment details, name, email, or address from Apple. Apple's privacy practices are described in the Apple Privacy Policy.

5. Website

The website at sleeplock.app is a static site hosted by Cloudflare, Inc.. Cloudflare may collect basic request metadata (IP address, user agent, request path) to provide the hosting and CDN service and to protect against abuse. We do not use cookies, analytics, or trackers on the website.

6. What we do not collect

To make this concrete:

• No user accounts, no logins, no passwords.
• No analytics or telemetry SDKs.
• No advertising identifiers, no advertising SDKs, no tracking across apps or websites.
• No marketing emails or push notifications.
• No crash-reporting SDK.
• No location data.
• No contacts, photos, microphone, or camera access.

7. Legal basis for processing (GDPR)

Where the EU General Data Protection Regulation applies, our legal bases are:

• Performance of a contract (Art. 6(1)(b) GDPR) — for processing necessary to deliver the subscription and Pro features you've purchased, including subscription validation via RevenueCat.
• Legitimate interests (Art. 6(1)(f) GDPR) — for hosting and abuse prevention via Cloudflare. Our interest is in keeping the Website available and secure; this is balanced against the minimal data involved.
• Your consent (Art. 6(1)(a) GDPR) — for optional permissions you grant inside the App, such as access to Apple Health data, notifications, and alarms. You can revoke any of these in iOS Settings at any time.

8. Data retention

Data stored on your device remains until you delete it or uninstall the App. Subscription receipt data held by RevenueCat is retained for as long as your subscription is active and for a reasonable period afterwards in accordance with RevenueCat's retention practices. Apple retains transaction data per its own retention policies. Cloudflare retains request metadata according to its own policies (typically a short rolling window).

9. International transfers

RevenueCat and Cloudflare are based in the United States and may process data outside the European Economic Area. Where personal data is transferred outside the EEA, we rely on the safeguards that those processors put in place (such as the EU Standard Contractual Clauses).

10. Your rights

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar laws, you have the right to:

• request access to the personal data we process about you;
• request correction of inaccurate data;
• request erasure of your data;
• object to or restrict certain processing;
• request portability of your data;
• withdraw any consent you previously gave.

To exercise any of these rights, email us at support@sleeplock.app. Because the App is local-first and does not maintain user accounts, the personal data we hold directly is very limited; for subscription receipts you may also need to contact Apple or RevenueCat directly.

You also have the right to lodge a complaint with a data protection authority. In Lithuania, this is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija) at vdai.lrv.lt.

11. Children

Sleep Lock is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at support@sleeplock.app and we will take appropriate steps.

12. Security

Personal data on your device is protected by iOS sandboxing and your device passcode/biometrics. Communication with RevenueCat and Apple uses TLS encryption. No system is perfectly secure, but we keep our footprint small to reduce risk.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated through the App or the Website.

14. Contact

For privacy questions, data subject requests, or anything else, email support@sleeplock.app.

---

Data controller: Modestas Razanauskas · Lithuania · support@sleeplock.app