Privacy Policy

TodoLock ｜ Effective: April 6, 2026

Stryde ("we", "us"), a sole proprietorship based in Japan, is committed to protecting your privacy. This policy describes what information TodoLock ("the app") collects, how it is used, and how it is protected. For our business address, please contact us at the email listed below.

1. Information We Collect

• Screen time & app usage data: We use Apple's FamilyControls / DeviceActivity frameworks to manage blocked apps. This data is processed entirely on your device and is never sent to external servers.
• Task data: Tasks you create (title, due date, notes) are stored only on your device. They are never sent to external servers.
• Reminders data (optional): If you enable Apple Reminders sync, we use the EventKit API to read and sync today's reminders. This data is processed on-device only.
• Purchase information: We use RevenueCat, Inc. (USA) to manage subscription status. See RevenueCat's Privacy Policy for details.
• Crash reports & analytics: We use Firebase Crashlytics and Firebase Analytics, provided by Google LLC (USA), to collect crash reports and anonymous usage statistics. See Firebase Privacy for details.

2. Information We Do NOT Collect

• Personally identifiable information (name, email, phone number)
• Location data
• Microphone or camera access
• Contacts, photos, or other on-device personal data

3. How We Use Information

We process information based on our legitimate interest in providing and improving the app, and your consent where required by law.

• To provide app functionality (task management, screen time blocking)
• To sync with Apple Reminders (when enabled by you)
• To manage subscriptions (Pro features)
• To improve app stability and quality through crash reports and anonymous analytics

4. Third-Party Services & International Data Transfer

We do not sell, rent, or share your personal information for advertising purposes. The following third-party services may process data outside of Japan:

• RevenueCat, Inc. (USA) — Subscription management. Processes purchase history and subscription state.
• Google LLC (USA) — Firebase Crashlytics & Analytics. Processes crash reports and anonymous usage statistics.
• These providers are contractually required to protect your data. Data transferred to the USA is subject to each provider's data protection measures.

5. Data Retention & Deletion

• Task data and app settings are stored on your device only. Deleting the app removes all on-device data.
• RevenueCat retains subscription data as described in their privacy policy. You may request deletion by contacting RevenueCat directly.
• Firebase Analytics data is retained for 14 months by default. Crash reports are retained for 90 days.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your data:

• Access & Portability: Request a copy of the data we hold about you.
• Correction & Deletion: Request correction or deletion of your data.
• Objection & Restriction: Object to or request restriction of data processing.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
• Do Not Sell (CCPA): We do not sell personal information. California residents may contact us for more information about their rights under the CCPA.
• To exercise any of these rights, please contact us at the email address listed below. We will respond within 30 days.

7. Children's Privacy

This app is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us.

8. Changes to This Policy

We may update this policy from time to time. For significant changes, we will provide at least 14 days' advance notice via the app or our website before the changes take effect. Continued use of the app after the effective date constitutes acceptance of the updated policy.

Contact