Intentime
Intentime Privacy Policy
Launch review draft · Last updated July 14, 2026
This Privacy Policy explains how Intentime processes information in the iPhone application and related support and legal pages. In this draft, “Operator” means the legal person or entity that will be identified here before release. Intentime is local-first: there is no Intentime account, user backend, cloud session sync, advertising SDK, or analytics SDK in the current release build.
1. Scope and roles
This Policy covers the Intentime iOS app, support communications sent by the user, and Intentime legal or FAQ pages. Apple independently processes App Store, Apple Account, payment, StoreKit, Screen Time, notification, and operating-system information under Apple’s own terms and privacy policy.
Operator: [Confirm before release: legal name, entity type, registered address, country, and required registration details]
2. Local-first summary
- Personal sessions, purposes, settings, and usage evidence are stored on your device.
- The current app does not upload that information to an Intentime server.
- The Operator does not sell personal information, run targeted advertising, or perform cross-context tracking through the app.
- “Not collected” in Apple’s App Privacy label does not mean no information is processed on your device or when you contact support.
3. Information processed on your device
| Information | Purpose and location | Retention |
|---|---|---|
| Protected selections and references | Apple opaque app, category, and website tokens plus one-way SHA-256 references in the iOS App Group, used only to apply Shield and connect a local session to the same target. These are not app names, bundle IDs, domains, or content. | Until changed or reset; pending references up to 15 minutes; private recovery targets up to 31 days and 512 records. |
| Session history and purpose | Local session identifiers, status and timestamps, purpose, selected budget, extensions, repeat count, and outcome in SQLite for recovery, Today, and Promise Gap. A custom purpose may contain 1–120 characters. | No automatic expiration in the current build. Kept until a successful full reset or app deletion. |
| Usage evidence | Device Activity-confirmed threshold lower bounds, access-window upper bounds, observation time, and evidence precision, used locally to avoid overstating use. | With the related local session or App Group state until reset or deletion. |
| Outcome and emergency events | Completed, distracted, lost purpose, 3-minute extension, and Emergency Access facts for reflection and recovery. Emergency events are excluded from Promise Gap totals. | With local session history until reset or deletion. |
| Preferences and diagnostics | Onboarding, language, protection pause, last callback and re-protection details, monitor state, local notification and Live Activity status, and local error text in SQLite or the App Group. | Until replaced, reset, or the app is deleted. |
| Local notifications and Live Activities | Generic local messages and opaque activity/session/window identifiers, budget, confirmed lower bound, update time, and status. No remote APNs update is used. | Until acknowledged, ended, replaced, reset, or deleted, depending on iOS behavior. |
Avoid entering sensitive personal information in a custom purpose. The current app cannot remotely view, recover, or delete data that exists only on your device.
4. Screen Time and protected content
You choose protected apps, categories, or websites in Apple’s system picker under Individual Authorization. Intentime uses opaque tokens to apply and restore protection. It does not receive the contents of protected apps, messages, posts, passwords, photos, video, audio, screens, general browsing history, or search history. Choosing a website does not give Intentime its general domain text or your visit history.
5. Permissions and Apple system features
- Family Controls / Screen Time: required for the core protection flow; approved and withdrawn in Apple’s system UI.
- Local notifications: optional return aid on supported older iOS paths; no sound, badge, Time Sensitive, or Critical Alert permission is requested.
- Live Activities: optional device-only status on the Lock Screen or Dynamic Island; not an automatic server-powered real-time tracker.
The current app does not request camera, microphone, photos, contacts, location, health, biometric, Bluetooth, advertising identifier, App Tracking Transparency, or clipboard permission.
6. Purchases and Apple Account information
Apple processes purchases. StoreKit sends the app localized product information and entitlement facts such as product and transaction identifiers, purchase and expiry dates, ownership type, and verification status. Intentime uses these in app memory to determine Pro access and does not store them in session SQLite or send them to an Intentime purchase server. The Operator does not receive your full payment-card details. Apple retains purchase history under its own policies, and local reset or app deletion does not erase it or cancel a subscription.
7. Information outside the app
When you choose to email support, the recipient receives the email address, message, and attachments you provide. Intentime does not automatically attach or upload session history. Legal, FAQ, and support links open external HTTPS pages; the hosting or email providers may process connection data under their own configurations.
[Confirm before release: support and privacy email addresses, provider names, hosting/CDN and DNS providers, server-log and cookie behavior, retention periods, processing countries, and transfer safeguards.]
8. Sharing, sale, advertising, and tracking
The current app has no advertising, analytics, Sentry, Firebase, Crashlytics, RevenueCat, remote crash logging, remote performance logging, or user-session API. The Operator does not sell app data, use it for targeted advertising, or build a cross-context profile. Apple receives and processes information necessary for its services independently. Any future provider or feature that changes these facts requires an updated assessment and Policy before release.
9. Retention, reset, deletion, and backups
A successful Reset Intentime data stops Intentime monitors and Shield, then removes Apple selection tokens, pending and active state, recovery targets, native diagnostics, local session history, and onboarding, language, and protection-pause settings. If native reset, local reset, or reconciliation partly fails, the app reports partial completion and asks you to retry; complete deletion is not guaranteed until the reset succeeds.
Deleting the app generally removes its iOS and App Group containers, subject to Apple’s backup and restore behavior. Intentime operates no cloud backup. Reset or deletion does not cancel a subscription or erase Apple purchase records, support email, or external web logs.
10. Your choices and rights
- Change protected selections or withdraw Screen Time authorization in iOS settings.
- Decline or disable optional notifications and Live Activities.
- Use Reset Intentime data or delete the app to remove local app data.
- Manage or cancel Pro separately in Apple Account subscription settings.
- Contact the future privacy address to exercise applicable rights concerning support records or website data held by the Operator.
Applicable law may provide access, correction, deletion, restriction, objection, portability, complaint, or consent-withdrawal rights. The exact procedure and identity-verification method must be finalized for the actual release countries.
11. Children
Intentime is a self-management tool, not a parental-control or child-monitoring product. [Confirm before release: minimum age and any parental-consent policy based on actual storefronts and applicable law.] The current app is not designed to knowingly obtain a child’s account data because it has no Intentime account.
12. Security
Intentime relies on the iOS sandbox, App Group access controls, and local storage boundaries. No method of storage is perfectly secure, and this Policy does not claim separate encryption that is not implemented. Keep your device and Apple Account protected and avoid sensitive text in custom purposes.
13. International processing and providers
App session data is not sent to an Intentime server. Apple and any support-email, hosting, CDN, or DNS providers may process data in countries where they operate. [Confirm before release: provider list, recipient countries, purposes, data types, transfer timing and method, legal basis or safeguard, and retention.]
14. Changes and contact
We may update this Policy when features, SDKs, operations, storefronts, or law change. The final notice method and effective date will be added before release. Material changes will be communicated as required by applicable law.
- Privacy contact: [Confirm before release]
- Support contact: [Confirm before release]
- Website: https://x-ti.org/intentime