InControl Privacy Policy

Last updated: 23 March 2026

InControl (we, us, our) provides a mobile productivity app focused on daily focus, planning, and habit consistency. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the InControl iOS app and related services (the Service).

By using InControl, you agree to this Privacy Policy.

1. Information we collect

1.1 Information you provide directly

We may collect:

• Account information (such as email address, display name, and profile information)
• Authentication information from sign-in providers you choose (for example, Google Sign-In)
• Preferences and app settings you create
• Content you create in the app (for example, tasks, focus session entries, onboarding responses, progress inputs, and customization choices)
• Communications you send to us (support messages, feedback, and requests)

1.2 Information from integrations you enable

If you choose to connect optional integrations, we may access limited data needed to provide features, such as:

• Calendar event metadata from Apple Calendar integration (for task and calendar workflows)

We only access integration data necessary to provide the feature you enabled.

1.3 Automatically collected information

When you use the Service, we may automatically collect:

• Device and app information (device type, OS version, app version, language, time zone)
• Usage and event data (screens viewed, feature usage, session activity, interactions)
• Diagnostics and performance data (crashes, errors, and technical logs)
• Subscription status data received from Apple or RevenueCat to manage premium access

2. How we use information

We use your information to:

• Provide and operate the Service
• Create and manage your account
• Sync and store your app data
• Personalize your experience (for example, focus flows, reminders, and relevant in-app content)
• Send service notifications and updates
• Send marketing communications where allowed, with opt-out options
• Maintain security, detect misuse, and prevent fraud
• Analyze usage trends and improve app quality and features
• Comply with legal obligations and enforce our Terms

3. Legal bases (EEA and UK users)

Where required by applicable law (including GDPR and UK GDPR), we process personal data under one or more of these legal bases:

• Performance of a contract (to provide the Service)
• Legitimate interests (service improvement, analytics, fraud prevention, security)
• Consent (where required, including certain tracking and marketing activities)
• Legal obligation (compliance with applicable laws)

4. How we share information

We do not sell your personal information.

We may share information with trusted service providers that support our operations, including:

• Supabase (backend, database, and auth infrastructure)
• Firebase Analytics (analytics and app measurement)
• RevenueCat (subscription infrastructure and entitlement management)
• Google Sign-In (authentication, if used)
• Apple Calendar integration (feature integration, if enabled by you)
• Meta SDK tools (measurement and analytics where enabled)
• TikTok SDK tools (measurement and analytics where enabled)

We may also share information:

• If required by law, legal process, or enforceable request
• To protect rights, safety, and security of users, us, or others
• In connection with a merger, acquisition, financing, reorganization, or sale of assets
• In aggregated or de-identified form that does not reasonably identify you

5. Data retention and deletion

We retain personal data only as long as needed for the purposes described in this Policy, unless a longer retention period is required by law.

User deletion requests

InControl provides in-app account and data deletion.

If you delete your account or data through the app:

• We delete your personal data from active systems.
• Deleted information may remain in encrypted backups for a limited period while backups rotate and age out in the ordinary course of our infrastructure. We do not use backups to restore deleted personal data for routine product purposes.

Some minimal records may be retained only where legally required (for example, fraud or security logs or legal compliance records), and only for the required period.

6. Children’s privacy

InControl is intended for users 13 years and older.

We do not knowingly collect personal data from children under 13. If we learn we have collected such data, we will delete it.

If you believe a child under 13 has provided information, contact us at Contact@in-control.net.

7. Your privacy rights

Depending on your location, you may have rights to:

• Access personal information we hold about you
• Correct inaccurate information
• Delete your information
• Receive a portable copy of certain data
• Object to or restrict certain processing
• Withdraw consent where processing is based on consent
• Opt out of marketing communications

You can exercise rights through in-app controls where available or by contacting Contact@in-control.net.

8. California privacy notice (CCPA and CPRA)

If you are a California resident, you may have the right to:

• Know categories of personal information collected, used, and disclosed
• Request deletion of personal information
• Request correction of inaccurate personal information
• Receive equal service and pricing even if you exercise your rights

InControl does not sell personal information.

To make a California privacy request, contact: Contact@in-control.net.

9. International users (GDPR and UK)

If you are in the EEA or UK, you may have the right to:

• Lodge a complaint with your local data protection authority
• Request access, correction, deletion, portability, restriction, or objection

Where required, we use appropriate safeguards for international data transfers.

10. Marketing communications

We may send product updates, feature announcements, offers, and promotional communications.

You can opt out at any time by:

• Using unsubscribe options in messages (where available), or
• Contacting Contact@in-control.net, or
• Adjusting app or device notification settings (for push notifications)

Service-critical messages (for example, security or account notices) may still be sent.

11. Security

We use reasonable technical and organizational safeguards designed to protect personal information (such as access controls, secure transport, and monitoring).

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Third-party services

The Service may include links or integrations with third-party services. Their privacy practices are governed by their own policies and terms. We are not responsible for third-party privacy practices.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will provide notice in-app, by email, or by other appropriate means.

Your continued use of InControl after the effective date of an updated policy means you accept the updated policy.

14. Contact us

For privacy questions or requests, contact:

Email: Contact@in-control.net