Privacy Policy

The short version

• We can't see which apps you lock or earn with. Apple's Screen Time system hands Tonic anonymous tokens instead of app identities. This is enforced by Apple, not a promise from us.
• Your health data never leaves your phone. Tonic reads Apple Health locally to check whether you've earned your apps. None of it is ever uploaded.
• There is no account. No sign-up, no password, no profile.
• We do collect anonymous usage and diagnostic data, tied to a random ID created on your device, so we can fix bugs and improve the app.
• We never sell data, show ads, or track you across other apps or websites.

What stays on your phone

Your app selections. When you pick apps to lock or earn with, Apple gives Tonic opaque tokens, not app names. We could not upload your app choices even if we wanted to; Apple designed it that way.

Your Apple Health data. With your permission, Tonic reads things like workouts, mindful minutes, steps, calories, sleep, and time in daylight, on your phone, to decide whether a rule is satisfied. Raw health data is never transmitted anywhere.

Your rules. The configuration of your rituals and limits lives and runs on your device. There's no cloud account it syncs to. (Our diagnostic events do include basic facts about rules, like their type and goal length; see the next section.)

What we collect, and why

Tonic sends us anonymous usage and diagnostic events so we can find bugs and understand which features matter. This includes things like: a rule was created (its type and goal length, not which apps it covers), a locked screen was shown, a goal was completed, which screens of Tonic you visited, plus your device model, iOS version, app version, and timestamps. These events are tied to a random identifier created on your device. It isn't your name, email, phone number, or Apple ID, and it resets if you delete and reinstall the app.

A few things are only collected if you choose to provide them:

• Your first name, if you enter one during setup. You can skip it.
• Your email, if you include one when you contact support or send feedback.
• App names you type. Apple hides app names from us, so Tonic lets you label your own apps (for example, naming an app "Kindle" so a locked screen can send you there). Labels you type are included in our usage data; they help us understand what people are locking and earning with. If you skip naming, we never know.

Session analytics. We use an analytics service (PostHog) to understand how Tonic is used, including replays of in-app sessions: the Tonic screens you see and the taps you make inside the app. Replays cover Tonic's own screens only, never anything else on your phone. They can include text you type inside Tonic, such as names you give your rules.

Diagnostics you trigger. If you report a problem, we may send your copy of Tonic a silent request to upload a snapshot of its own state (your rule configuration and app settings, never health data or app identities) so we can investigate the bug you reported.

Notifications. Tonic registers a device push token with Apple so the diagnostics above can work. The token is issued by Apple and identifies your device to Apple's push system, nothing more.

Feedback you send. Messages sent from Settings → Help & feedback include your text, any screenshots you attach, and your app version and device model, so we can reproduce the issue.

Who processes data for us

We don't sell or share your data with anyone for advertising. A small number of services process data on our behalf:

• Supabase hosts our diagnostic and usage event database.
• PostHog provides usage analytics and in-app session replay.
• TelemetryDeck provides aggregate, privacy-focused app analytics (being phased out).
• GitHub stores support and feedback tickets.
• Apple handles notifications, subscriptions, and payments.

Subscriptions and payment

Purchases are processed entirely by Apple. We never see your payment details, billing address, or Apple ID. We only learn whether your copy of the app has an active subscription.

How long we keep things

Raw usage and diagnostic events are kept for 365 days, then reduced to aggregate counts (for example, how many rules were created in a month). Aggregates don't identify your device's activity in detail and are kept indefinitely.

Your choices

• Skip the optional stuff. Name and email are never required. Without them, your data is pseudonymous: we have no way to connect it to you.
• Revoke permissions anytime. Screen Time, Apple Health, and notification access can each be withdrawn in iOS Settings.
• Delete your data. Email [email protected] and we'll delete everything tied to your device from our systems. Deleting the app removes everything stored on your phone.

Children

Tonic is a self-directed tool built for adults managing their own screen time. It is not directed at children under 13, and we don't knowingly collect personal information from them.

Changes to this policy

If we change how Tonic handles data, we'll update this page and the effective date above. Meaningful changes will also be called out in the app's release notes.

Contact

Questions about any of this: [email protected].

Sets Studio LLC, Colorado, USA.