Privacy Policy

Effective: 16 May 2026 · Last updated: 16 May 2026

This Privacy Policy explains what data DLM (the "app", "we", "us") collects, why we collect it, how it is stored, and the controls you have over it.

DLM is operated by Dez-Luan Pieterse. Contact: hello@dontletme.app.

1. Summary

DLM is a peer-to-peer screen-time blocker. To make the buddy approval mechanic work, we keep a small amount of account information on a server. The list of apps you choose to block stays on your device and is never transmitted to us.

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except the named processors below (Supabase, Apple) who run the infrastructure DLM depends on.

2. What we collect

Information you provide

• Email address — used to identify your account and to send password reset emails.
• Display name — visible to your paired buddy.
• Unlock request reasons — the short text you write when asking your buddy to unlock an app. Visible only to your buddy.
• Buddy notes — the optional text your buddy writes when approving or denying. Visible only to you.

Information collected automatically

• A user ID — a random UUID generated when you sign up. Used to link your records across our database.
• APNs push token — issued by Apple to your device, stored so we can send the buddy approval notifications that are core to the product.
• Pairing relationship — which user account is paired with which.
• Request history — the timestamps, durations, and decisions associated with your unlock requests, kept so you and your buddy can see what happened.
• Diagnostic logs — basic, anonymous error logs may be kept for up to 30 days to help us fix crashes. These never contain the contents of your requests or your blocked apps.

Information that never leaves your device

• Your chosen blocked apps. The Family Activity Picker returns opaque ApplicationToken blobs. We store these in UserDefaults on your device only. They are not transmitted to our servers, and the App Store identifiers of your blocked apps are not derivable from them.
• Your block window times and active days. These are stored locally on your device.

3. What we do not collect

• We do not collect your location.
• We do not collect your contacts, photos, or any other personal information from your device.
• We do not collect screen-time data, app-usage statistics, or browsing history.
• We do not collect any information from minors. DLM is not intended for use by anyone under 17 years old.

4. Why we collect it

1. To run the product — we cannot deliver a buddy approval if we do not know who is paired with whom and we do not have an APNs token to notify.
2. To keep the product secure — request history is used to enforce cooldowns and rate limits.
3. To respond to support requests — your email lets us reply to you.

We do not use your information for marketing, advertising, profiling, or training machine-learning models.

5. Who we share it with

• Apple — for authentication metadata, push notification delivery (APNs), and StoreKit. Subject to the Apple Privacy Policy.
• Supabase Inc. — for database, authentication, and Realtime infrastructure. Hosted in the eu-west-2 region. Subject to the Supabase Privacy Policy.

We do not share your information with anyone else. We do not sell, rent, or trade your information.

6. How long we keep it

• Account data — kept while your account is active and for up to 30 days after deletion to allow recovery in case of accidental deletion.
• Request history — kept for the life of your account, then deleted with the account.
• Diagnostic logs — up to 30 days.
• Reports of inappropriate content — kept for 12 months for safety audit purposes.

7. Your rights

• Access your data — email us and we will provide an export.
• Correct your display name in Settings.
• Delete your account in Settings → Delete account. This removes your profile, pairing, request history, and APNs token from our servers.
• Withdraw consent to push notifications by disabling them in iOS Settings.

If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact hello@dontletme.app.

8. Security

Your account is protected by your password and by Supabase Auth. All network traffic is encrypted in transit (TLS 1.2 or above). Database access is restricted by row-level security; users can only read or modify their own data and the data shared with them by their buddy.

No system is 100% secure. If we discover a breach affecting your personal information, we will notify you within 72 hours, in line with GDPR Article 33.

9. Children

DLM is not directed at children. We do not knowingly collect personal information from anyone under the age of 17. If you believe a child has created an account, please contact hello@dontletme.app and we will delete it.

10. Changes to this policy

If we change this policy in a material way, we will notify you in-app and update the "Last updated" date above. Continued use of DLM after that date constitutes acceptance of the revised policy.

11. Contact

Privacy questions: hello@dontletme.app