Privacy Policy

Privacy Policy - AlarmZ AlarmZ Mobile Application & Website Effective Date: 20 November 2025 Last Updated: 3 June 2026 1. Introduction This Privacy Policy explains how AlarmZ ("we", "us", "our") collects, uses, and protects your information when you use the AlarmZ mobile application (the "App") or visit our website at alarmz.app (the "Website"). Operator: Iman Clayton (sole proprietor) Contact: iman@alarmz.app By using the App or Website, you agree to this Privacy Policy. 2. Who We Are AlarmZ is an iOS alarm application and accompanying website operated by a private individual. We do not publish a physical mailing address for privacy reasons; all communications must be directed to: Email: iman@alarmz.app 3. Data We Collect 3.1 Alarm & Application Settings Stored locally to provide core functionality: - Alarm schedules and settings - Task difficulty - Sound preferences - Verification settings - UI preferences (24h time, haptics, etc.) Storage: Local UserDefaults only. No user settings are uploaded to any server. 3.2 Device & Technical Data Collected for core app operation and, where applicable, attribution: - iOS version - Notification/AlarmKit permissions - App foreground/background status - Device model, screen size, locale, timezone, and similar technical signals used by our attribution provider (see Section 3.9) Advertising identifier (IDFA): - We do not access Apple's Identifier for Advertisers (IDFA) unless you tap "Allow" on Apple's App Tracking Transparency (ATT) prompt in the App. - If you deny tracking or the prompt does not appear, we do not collect IDFA. Other device identifiers: - A persistent analytics identifier (UUID) for Mixpanel (see Section 3.5) - An Appstack user identifier and related attribution identifiers (see Section 3.9) 3.3 Subscription & Payment Data - Trial usage counters - Subscription status - Paywall interactions (via Superwall) - Purchase and entitlement synchronization metadata (via RevenueCat) - Apple transaction status - Subscription and conversion events shared with Appstack for marketing attribution (including linking your Appstack ID to Superwall and RevenueCat where applicable) We do NOT collect payment card numbers. Third Parties: Apple, Superwall, RevenueCat, Appstack Storage: Local device only for app-managed data (third parties maintain their own records per their policies) 3.4 Remote Sound Library Fetched from Firebase (read-only): - Sound metadata - Premium status - Description & sort order Downloaded audio is cached on the device. No user account or personal profile is sent to Firebase for this feature. 3.5 Analytics (Mixpanel) We use Mixpanel (EU-hosted, api-eu.mixpanel.com) for product analytics. We collect: - Device identifier: A persistent UUID generated on first launch (stored locally, used as Mixpanel distinct_id). This is not linked to your name, Apple ID, or any personal account. - App usage events: App opens, onboarding steps viewed/completed, paywall interactions, subscription status, exercise preferences, notification permission results - Technical metadata: App version, install date, subscription status (free/pro) - Onboarding responses: Stated goals and answers to onboarding questions (e.g., "Stop snoozing", "I constantly hit snooze") Purpose: Improve the App, understand usage patterns, and optimize onboarding and paywall flows. Storage: Mixpanel (EU region). Mixpanel is not used for cross-app advertising or sold to data brokers. Opt-out: Contact us at iman@alarmz.app for analytics opt-out or data deletion requests. 3.6 Website Data (Squarespace) When you visit alarmz.app, our website host Squarespace automatically collects: - IP address - Browser type and version - Operating system - Referring URL - Pages visited and time on page - General geographic region (country/city level, derived from IP) This data is collected by Squarespace as part of standard server logging and their built-in website analytics. We do not control or access this data directly beyond what Squarespace makes available in their analytics dashboard. Squarespace may also set cookies for functional purposes. Storage: Squarespace (see https://www.squarespace.com/privacy) 3.7 Diagnostics - Local print logs (App only) - Local error messages (App only) - No crash reporting SDK in the App None of these diagnostic logs are uploaded to our servers. 3.8 AI Image Verification (Object Hunt / Make Bed) For camera-based verification tasks, AlarmZ sends a processed image to our secure backend endpoint, which forwards it to OpenAI for classification. Data sent for verification: - A compressed image captured in-app for the current task - Task context (for example, task type and target item name/aliases for object hunt checks) Purpose: - Determine whether the required task condition is met (e.g., correct item found, bed appears made) Data handling: - Images are processed for immediate verification and are not used for advertising. - We do not sell this data. - We do not use submitted verification images to build user profiles. Third Parties: - OpenAI (as a processor for image verification requests routed through our backend) 3.9 Marketing & Attribution (Appstack) We use Appstack Tech, Inc. ("Appstack") to measure paid marketing, attribute installs and subscriptions to campaigns, support paywall personalization based on acquisition source, and—when we enable integrations in our Appstack account—forward conversion events to advertising platforms (e.g., Meta, TikTok, Google). Data that may be collected or processed by Appstack includes: - Appstack user identifier (appstack_id) - Device and app technical data (e.g., device model, OS version, locale, timezone, screen dimensions, WebKit version where applicable) - Install and in-app events (e.g., onboarding completion, paywall shown, subscription/purchase events with revenue and currency where applicable) - Campaign and click attribution parameters when available (e.g., media source, campaign name, click identifiers) - Identifier for Advertisers (IDFA) only if you authorized App Tracking Transparency - Apple Search Ads / SKAdNetwork-related attribution signals as supported by the SDK and iOS (including use of Apple's advertising attribution reporting endpoint configured for our App) How data flows: - Directly from the Appstack SDK in the App - Via integrations between Appstack, Superwall, and RevenueCat (subscription lifecycle events may be forwarded server-side when those integrations are active) Purpose: - Measure ad performance and return on ad spend - Attribute subscriptions to marketing campaigns - Optimize paywalls and subscription offers - Send conversion data to ad networks we connect in the Appstack dashboard (at our direction) Legal bases (GDPR): Where required, consent (including for IDFA/ATT); otherwise legitimate interests in measuring and improving our marketing, subject to applicable law. Your choices: - You may deny App Tracking Transparency; the App works without IDFA. - You may limit ad tracking in iOS Settings > Privacy & Security > Tracking. - Contact iman@alarmz.app with questions or requests relating to attribution data. Third Party: - Appstack Tech, Inc. — https://www.appstack.tech 3.10 App Tracking Transparency (ATT) Before or around the time iOS may show Apple's tracking permission dialog, we may show an in-app explanation of why we request permission. If you allow tracking, IDFA may be shared with Appstack and RevenueCat for attribution, and we refresh attribution settings with those partners. If you deny tracking, we do not access IDFA. 4. How We Use Data We use data to: - Provide alarm functionality - Store your settings locally - Manage trials and subscriptions - Deliver the remote sound library - Serve and maintain the Website - Respond to support inquiries - Comply with law and enforce safety - Improve the App via Mixpanel analytics (usage patterns, onboarding, paywall flows) - Measure and optimize our paid marketing via Appstack (including forwarding conversion events to ad platforms we enable in Appstack) We do not sell your personal information. Mixpanel is not used for cross-app advertising. Appstack is used for marketing measurement and may share conversion data with ad platforms configured in our Appstack account. 5. Legal Bases (GDPR) When required, processing is based on: - Contractual necessity (providing the App and Website) - Legitimate interests (security, improvement, product analytics, website hosting, marketing measurement) - Consent (where required, including App Tracking Transparency / IDFA and certain marketing activities) - Legal obligation 6. Data Sharing We share data only with: Firebase (Google) For hosting the remote sound library (read-only). No user personal account data is sent for this feature. Superwall For subscription paywall presentation and subscription-related event data. May receive attribution parameters we pass from Appstack for campaign-based paywall logic. RevenueCat For subscription entitlement synchronization, purchase status infrastructure, and Appstack attribution parameters (including appstack_id when available). Appstack For mobile marketing attribution, campaign measurement, and forwarding subscription/conversion events to ad networks we configure in Appstack. May receive identifiers, device/technical data, in-app and subscription events, and IDFA if you allowed App Tracking. Apple For App Store purchases, StoreKit subscription handling, and system-level attribution frameworks (e.g., SKAdNetwork) as applicable. Mixpanel For product analytics (EU region). Receives usage events, device identifier, app version, and onboarding responses. Squarespace For website hosting. Automatically receives visitor IP addresses, browser info, and page visit data when you visit alarmz.app. OpenAI For camera-task image verification requests sent through our backend endpoint. Legal authorities If required by law or to protect rights. We do NOT sell your personal information. 7. International Transfers Data may be processed in regions used by Firebase, Apple, Superwall, RevenueCat, Appstack, Mixpanel, OpenAI, or Squarespace. We rely on: - Standard Contractual Clauses where applicable - Provider safeguards offered by those vendors 8. Data Retention - Local app data → until uninstall - Subscription-related metadata → while needed to provide the service and comply with law - Analytics data (Mixpanel) → retained per Mixpanel's data retention policy; see https://mixpanel.com/legal/privacy-policy/ - Marketing/attribution data (Appstack) → retained per Appstack's policies as our service provider; contact iman@alarmz.app for questions - Website visitor data (Squarespace) → retained per Squarespace's data retention policy; see https://www.squarespace.com/privacy - Aggregated data → may be retained lawfully 9. Your Rights GDPR (EEA/UK/Switzerland) - Access - Correction - Deletion - Restriction - Portability - Objection - Withdraw consent California CCPA/CPRA - Right to know - Right to delete - Right to opt-out of sale (not applicable; we do not sell personal information) - Right to limit use of sensitive personal information (where applicable) - Right to non-discrimination Product analytics (Mixpanel) For opt-out or deletion requests relating to Mixpanel data, contact iman@alarmz.app. Marketing attribution (Appstack) For questions about attribution, IDFA/ATT choices, or GDPR/CCPA requests involving data processed by Appstack on our behalf, contact iman@alarmz.app first. We are the data controller for your use of AlarmZ; Appstack Tech, Inc. processes data as our service provider. We will handle your request and coordinate with Appstack where required. Local Data Deletion To remove all local app data, uninstall the App from your device. This deletes locally stored alarm settings, preferences, and local identifiers. Events already transmitted to Mixpanel, Appstack, or other providers prior to uninstall may remain on their systems per their retention policies; contact iman@alarmz.app to request deletion where we can assist. Website data collected by Squarespace is governed by their retention and deletion policies. 10. Children's Privacy Not for users under 13. We do not knowingly collect children's data. Parents may contact us for deletion at: iman@alarmz.app 11. Security We use: - HTTPS/TLS - Firebase encryption (sound library) - Access controls - Secure providers (Apple, Superwall, RevenueCat, Appstack, Mixpanel, Squarespace, OpenAI) No method is 100% secure. 12. Third-Party Services Used - Firebase (Google) — remote sound library: https://firebase.google.com/support/privacy - Superwall — subscription paywalls: https://superwall.com/privacy - RevenueCat — subscription infrastructure: https://www.revenuecat.com/privacy - Appstack Tech, Inc. — marketing attribution and ad measurement: https://www.appstack.tech - Apple — App Store purchases: https://www.apple.com/legal/privacy/ - Mixpanel — product analytics, EU region: https://mixpanel.com/legal/privacy-policy/ - Squarespace — website hosting: https://www.squarespace.com/privacy - OpenAI — AI image verification processing: https://openai.com/policies/privacy-policy Users should review their privacy policies as well. 13. Changes to This Policy We may update this Policy at any time. Material changes will be reflected by updating the "Last Updated" date. Your continued use of the App or Website after changes signifies acceptance of the updated Policy. 14. Contact Questions or data requests: Email: iman@alarmz.app Operator: Iman Clayton (sole proprietor)