ScreenFine
Get the app
Back to home

Privacy Policy

Last updated: May 17, 2026

Effective: May 17, 2026

Version: 2.0

In plain English

The legal version below is the binding text. The summary is for orientation.

Contents

  1. 01 Data Controller
  2. 02 Information We Collect
  3. 03 How We Use Information
  4. 04 Legal Basis (GDPR)
  5. 05 Subprocessors
  6. 06 Data Retention
  7. 07 Your Rights
  8. 08 India (DPDP Act 2023)
  9. 09 Children’s Privacy
  10. 10 International Transfers
  11. 11 Security
  12. 12 Cookies and Tracking
  13. 13 Do Not Sell or Share
  14. 14 Account Deletion
  15. 15 Changes to This Policy
  16. 16 Contact

This Privacy Policy explains how Stacklance ("we", "us", "our") collects, uses, shares, and protects information about you when you use ScreenFine (the "Service"). By using the Service, you agree to the practices described here.

1. Data Controller

Stacklance is the data controller responsible for the personal information processed by the Service.

For questions about this policy or to exercise your data rights, contact: help​@​screenfine​.​info

2. Information We Collect

2.1 Information you provide

  • Account information: email address, display name, account password (hashed via Clerk).
  • Profile preferences: chosen daily limit, redemption type (pushups / steps / mindful minutes), villain selection, app block list.
  • Optional Wall of Shame / Squad Mode content you choose to share.
  • Communications you send us (support requests, beta feedback).

2.2 Information collected automatically

  • Screen Time data via Apple's FamilyControls + DeviceActivityMonitor frameworks: aggregate daily usage minutes per app, threshold-event timestamps. This data is processed on-device and surfaced to our backend only as anonymised counters when you opt into a relevant feature (e.g., Wall of Shame).
  • HealthKit step data only with your explicit permission, only when you have selected steps as your redemption type. Used for unlock verification only; not stored long-term.
  • Camera-based exercise verification (pushups, squats) processes video frames on-device only. Frames and pose data never leave the device. Only the rep count and completion timestamp are stored.
  • Device information: model, iOS version, app version, device language, time zone (used for crash reporting and feature compatibility).
  • Usage analytics: feature interaction events, error reports. Aggregated and pseudonymised.

2.3 Information from third parties

  • Apple: subscription status, purchase confirmations (no payment card details).
  • Clerk (authentication): account creation events, sign-in metadata.

3. How We Use Information

We use your information to:

  • Provide and operate the Service (track usage against your limit, enforce locks, verify exercise completion).
  • Generate the AI villain push notifications (your usage event is sent to OpenRouter to generate the personalised roast text; raw screen-time data is not sent).
  • Manage subscriptions (verify your Apple IAP receipt status).
  • Communicate with you (account notifications, beta updates, security alerts).
  • Improve the Service (aggregated analytics, debugging crash reports).
  • Comply with legal obligations and enforce these Terms.

We do not use your data for advertising, do not sell or rent your personal information, and do not use your data to train external machine-learning models.

4. Legal Basis (GDPR)

For users in the European Economic Area, United Kingdom, and Switzerland, we process personal data under these legal bases:

  • Contract (Article 6(1)(b)): data needed to provide the Service you signed up for.
  • Legitimate interests (Article 6(1)(f)): improving the Service, debugging, fraud prevention. Balanced against your privacy rights.
  • Consent (Article 6(1)(a)): optional features like Wall of Shame, Squad Mode, push notifications, marketing emails. You can withdraw consent at any time.
  • Legal obligation (Article 6(1)(c)): tax records, regulatory requests.

5. Subprocessors

We share data with the following subprocessors who provide the underlying infrastructure of the Service:

  • Apple Inc.. IOS platform, Screen Time / FamilyControls / DeviceActivityMonitor / ManagedSettings APIs, In-App Purchase processing. (Apple Privacy Policy: apple.com/legal/privacy)
  • Convex. Backend database and serverless functions hosting account data and Service state. (convex.dev/legal/privacy)
  • Clerk. Authentication and identity management. (clerk.com/legal/privacy)
  • OpenRouter. AI model routing (default model: Claude Haiku 4.5) used to generate villain roast text. Only the event metadata needed to generate the roast (app name, minutes overage, chosen villain) is sent; no PII or device identifiers. (openrouter.ai/privacy)
  • Cloudflare. Web hosting, CDN, DDoS protection for our marketing site. (cloudflare.com/privacypolicy)
  • Expo Application Services (EAS). IOS build infrastructure. (expo.dev/privacy)

We require subprocessors to provide data protection at a level consistent with this policy. We do not transfer data to subprocessors not listed here without updating this policy.

6. Data Retention

We retain personal data only as long as necessary for the purposes set out in this policy or to comply with legal obligations.

  • Account data: retained while your account is active. Deleted within 30 days of account deletion request.
  • Screen-time event data: aggregated weekly. Raw event logs retained for 90 days for debugging, then deleted.
  • Wall of Shame / Squad Mode posts: retained while the account is active or until you delete the post. Deleted with account.
  • Camera-based exercise verification: video frames and pose data are not retained. Processed in-memory on-device only. Only completion records (timestamp, rep count) are stored.
  • Subscription / billing records: retained for 7 years as required by tax law.
  • Crash reports / debug logs: 90 days, then deleted.
  • Email correspondence: 2 years from last interaction.

7. Your Rights

7.1 Rights under GDPR (EEA, UK, Switzerland)

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate data.
  • Erasure ("right to be forgotten"): delete your data.
  • Restriction: limit processing in specific circumstances.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: revoke previously given consent at any time.
  • Lodge complaint: with your local data protection authority.

7.2 Rights under CCPA / CPRA (California)

  • Right to know what personal information we have collected.
  • Right to delete personal information.
  • Right to correct inaccurate personal information.
  • Right to opt out of "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioural advertising).
  • Right to limit use of sensitive personal information.
  • Right to non-discrimination for exercising your rights.

7.3 How to exercise your rights

Email help​@​screenfine​.​info with the subject line "Data Subject Request" and your account email. We respond within 30 days (45 days for complex requests with notice). We may verify your identity before fulfilling requests.

8. India (DPDP Act 2023)

The Digital Personal Data Protection Act 2023 ("DPDP Act") applies to our processing of personal data of individuals located in India, and to our processing of any personal data because Stacklance, the Data Fiduciary for the Service, is incorporated in India.

8.1 Your rights as a Data Principal

  • Right to information: about the personal data we process about you, the purposes, and the identities of processors with whom it is shared.
  • Right to correction and erasure: of inaccurate or no-longer-necessary personal data.
  • Right of grievance redressal: address grievances to our Grievance Officer (below). We respond within 30 days.
  • Right to nominate: nominate another individual to exercise these rights in the event of your death or incapacity. Email us with subject "DPDP Nomination" to register a nominee.

8.2 Grievance Officer

For DPDP-related queries, grievances, or to exercise the rights above:

Name: Devendra Variya
Designation: Founder, Stacklance
Email: help​@​screenfine​.​info
Response time: within 30 days of receipt as required under DPDP Act Section 13.

8.3 Cross-border data transfer

Personal data of Indian Data Principals may be transferred to and processed in jurisdictions where our subprocessors operate (United States, European Union, others) in line with restrictions issued by the Central Government under the DPDP Act. We will update this policy promptly if the Central Government issues notifications restricting transfer to any specific country.

8.4 Complaints to the Data Protection Board

If we do not resolve your grievance to your satisfaction within 30 days, you may file a complaint with the Data Protection Board of India once it is constituted and operational.

9. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a child under 18 has provided us with personal information, contact us immediately and we will delete it.

We do not use the Service in contexts that would trigger COPPA (Children's Online Privacy Protection Act) protections, as the Service is restricted to adults 18 and older. Our age verification relies on Apple App Store age-restricted purchasing controls; parents using Family Sharing should ensure children do not access the Service.

10. International Data Transfers

Stacklance is incorporated in India. Data may be transferred to and processed in India, the United States, and other countries where our subprocessors operate. For transfers from the EEA / UK / Switzerland, we rely on:

  • Standard Contractual Clauses approved by the European Commission, where applicable.
  • Subprocessor certifications under approved frameworks (e.g., Data Privacy Framework where available).
  • Your explicit consent for specific transfers, where appropriate.

You can request a copy of relevant transfer mechanisms by emailing the address above.

11. Security

We implement reasonable technical and organisational measures to protect personal data, including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256).
  • Access controls limiting subprocessor and employee access on a need-to-know basis.
  • Authentication via Clerk with industry-standard password hashing.
  • Camera and HealthKit data processed on-device, never transmitted.
  • Regular security reviews and updates.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you and applicable regulators as required by law (within 72 hours for GDPR-applicable breaches).

12. Cookies and Tracking

The marketing site (screenfine.info) uses minimal cookies:

  • Strictly necessary: Cloudflare security cookies, session cookies for the admin panel.
  • Analytics: Google Analytics (G-EN6JE8MFXP), loaded via Google Tag Manager. Analytics cookies are set only after you accept them in our cookie consent banner (Google Consent Mode, default denied). Anonymised and IP-truncated.

The iOS app does not use third-party tracking SDKs. We do not use ad-network tracking pixels.

On your first visit a consent banner lets you accept or reject analytics cookies. You can change or withdraw your choice anytime via Cookie preferences in the site footer, or opt out in your browser settings or via Google's opt-out add-on.

13. Do Not Sell or Share

We do not sell personal information for monetary or other valuable consideration. We do not share personal information for cross-context behavioural advertising. California users do not need to opt out because there is nothing to opt out of.

14. Account Deletion

To delete your account and associated data:

  1. Open the app -> Settings -> Account -> Delete Account.
  2. Or email help​@​screenfine​.​info from your account email with subject "Delete Account".

Deletion is processed within 30 days. Some data may be retained where required by law (e.g., billing records for tax purposes for 7 years). Anonymised aggregated analytics may be retained indefinitely.

Cancelling your subscription does not automatically delete your account. To both cancel and delete, use the steps above.

15. Changes to This Policy

We may update this Privacy Policy at any time. The "Last updated" and "Version" fields at the top reflect the most recent revision.

Non-material changes (typo corrections, clarifications, broken-link fixes, formatting, contact-info refresh) take effect immediately upon posting.

Material changes that affect your rights or the categories of data we process (for example, adding a new subprocessor that receives identifying data, expanding the categories of data collected, or changing the legal basis for processing) will be communicated via email or in-app notification before they take effect. Where applicable law (including GDPR Articles 13-14, the DPDP Act 2023, and CCPA / CPRA notice-at-collection rules) requires a specific notice period, we will give the notice period required by that law.

Continued use of the Service after a change has taken effect constitutes acceptance of the revised policy. If you do not accept a material change, stop using the Service and, if you wish, delete your account per Section 14.

16. Contact

For privacy questions, data subject requests, or to lodge a complaint:

Email: help​@​screenfine​.​info

Subject lines we recognise: "Data Subject Request", "Delete Account", "Privacy Question", "Data Export".

Stacklance
Operating ScreenFine (screenfine.info)