ethya

Watchdog Privacy Policy

Last updated: April 19, 2026
Effective date: April 19, 2026

This Privacy Policy explains how Watchdog (“Watchdog,” “we,” “us,” or “our”) collects, uses, stores, and shares information when you use the Watchdog iOS application and the website at ethya.org (together, the “Service”). Watchdog is operated by an individual developer based in the United States. For any questions about this policy or to exercise any of the rights described below, contact us at watchdog.letsgo@gmail.com.

We wrote this policy to be specific and understandable rather than generic. If anything below is unclear, please email us and we will explain.

1. Summary (plain English)

  • Watchdog is an iOS screen-time accountability app. You set rules for yourself, and optionally share progress with friends.
  • We collect the minimum information needed to run the Service: an account (email + password via our authentication provider), the rules and goals you create, summary usage data from Apple’s Screen Time framework, records of when you open apps you have chosen to block, your friend connections inside Watchdog, and your device’s push-notification token.
  • We never see the specific apps you use or the specific websites you visit. Apple’s Screen Time (Family Controls) framework runs entirely on your device and only exposes opaque, anonymized tokens to Watchdog. We cannot translate those tokens back into app names.
  • We do not sell your personal data. We do not run behavioral advertising. We do not use third-party analytics or tracking SDKs in the app.
  • You can delete your account and all associated data at any time from within the app or by emailing us.

The rest of this document describes the above in detail.

2. Who we are and scope

Watchdog is an independently developed iOS application. “You” refers to the individual user of the Service. This policy covers:

  • The Watchdog iOS application (“the App”).
  • The ethya.org website and its subpages.
  • Any communication you have with us by email at watchdog.letsgo@gmail.com.

This policy does not cover third-party services you reach by tapping a link from within Watchdog (for example, Apple’s App Store). Those services have their own privacy policies.

3. Information we collect

3.1 Information you provide directly

  • Account information. When you sign up, you provide an email address and a password. Authentication is handled by our authentication provider, Clerk (see Section 6). We receive a stable user identifier from Clerk and your verified email address. Watchdog never stores your password.
  • Profile information. An optional display name and profile photo that you set inside the app.
  • Rules and goals. The app categories, apps, or websites you choose to block or limit; time thresholds; schedule windows; and any custom shield messages you configure.
  • Friends and groups. Other Watchdog users you add as friends and any groups you create or join. We store who is connected to whom.
  • Customer-support communications. The contents of any email you send us and our responses.

3.2 Information generated by your use of the Service

  • Usage summary data. Summary counters (for example: total minutes spent in a blocked category on a given day) derived from Apple’s Screen Time framework. See Section 4 for the important limitation: we do not receive app names.
  • Violation events. When you open an app you have blocked and then close the Watchdog shield screen, the app records a “banned-app-opened” event containing your user ID, a timestamp, and (where Apple makes it available) an opaque anonymized app token. These events power your score and are visible to you and, if you have opted in, to the friends you chose to share with.
  • Score history. Your daily Watchdog score and its category breakdown.
  • In-app shield interactions. When you tap “Close” on a shield screen or use the “Continue Anyway” bypass feature, we log that event so the app can compute your score and, if applicable, notify friends you have chosen to share with.
  • Push-notification token. A device-specific token issued by Apple Push Notification service (APNs) so we can deliver notifications to your device (for example, a friend request).

3.3 Information automatically collected about your device

  • Device and app metadata. iOS version, app version, device model, and locale. We use this to diagnose bugs and to target compatibility fixes. We do not build advertising profiles from this information.
  • Approximate IP address at the time of authentication. Clerk logs the IP address used for sign-in events as part of its normal security telemetry. We do not log IP addresses elsewhere.

3.4 Information we do NOT collect

  • We do not collect the names of the specific apps you use or the URLs of the specific websites you visit. Apple’s Screen Time framework prevents us from seeing these.
  • We do not collect your location.
  • We do not access your contacts, photos, camera, microphone, calendar, health, or HomeKit data.
  • We do not use third-party advertising, analytics, or tracking SDKs (no Google Analytics, no Meta Pixel, no Mixpanel, no Amplitude, no PostHog, no Segment).
  • We do not sell, rent, or trade your personal data. Ever.

4. Apple Screen Time framework (Family Controls, ManagedSettings, DeviceActivity)

This section is particularly important because Watchdog uses Apple’s Screen Time APIs and Apple requires specific disclosures.

Watchdog uses the Family Controls, ManagedSettings, and DeviceActivity frameworks provided by Apple. These frameworks let us enforce the blocking rules and time limits that you configure yourself. To use these frameworks, you grant Watchdog permission the first time you set up a rule; you can revoke this permission at any time in iOS Settings → Screen Time.

Apple designed these frameworks so that the data stays on your device and third-party developers like us cannot read sensitive usage information:

  • When you pick apps, categories, or websites to block, iOS returns opaque, anonymized tokens to Watchdog — not names, bundle identifiers, or URLs. Watchdog stores those tokens so it can re-apply your rules later, but the tokens are meaningless outside of your device.
  • Usage events that Watchdog receives (for example, “you have spent 30 minutes in the selected category today”) arrive as counters bound to those opaque tokens. Watchdog does not know which specific app generated the count.
  • Shield screens (the block screen you see when you open a restricted app) are rendered on-device by an Apple-provided extension. Watchdog supplies the shield’s title, message, and button labels. Watchdog does not receive a hook into the restricted app itself.

In short: Watchdog can tell that you spent time in a category you asked it to monitor, but it cannot tell which specific app or website you were using inside that category.

Watchdog’s use of Family Controls is solely for enforcing the screen-time rules you configure for yourself. We do not use Family Controls data for advertising, we do not share it with third parties (except to persist it to our database provider so your rules survive across devices), and we do not repurpose it.

5. How we use information

We use the information described in Section 3 for the following purposes and no others:

  • Provide the Service. Enforce the rules you configured; compute your daily score; show your history, trends, and insights; deliver push notifications for friend requests and shared events; sync your rules across your devices if you sign in on another device.
  • Social features. Show your friends the activity you have explicitly chosen to share with them.
  • Account security. Detect suspicious sign-ins and protect your account (handled largely by Clerk).
  • Customer support. Respond to your emails and troubleshoot bugs you report.
  • Debug and improve the Service. Diagnose crashes and malfunctions. Logs that might help us debug are retained short-term and are not used for advertising.
  • Legal compliance. Respond to valid legal requests and enforce our terms.

We will not use your information for any purpose materially different from the above without telling you first and, where required, obtaining your consent.

6. Third-party service providers

We rely on a small number of service providers to operate Watchdog. We share the minimum information needed for each to perform its function, and we require each to handle your data only for that function.

Provider What they do What they receive
Clerk (clerk.com) Authentication. Manages sign-up, sign-in, password resets, and session tokens. Email address, password (hashed by Clerk — we never see it), IP address at sign-in, user agent, Clerk-assigned user identifier.
Supabase (supabase.com) Hosted database. Stores your rules, score history, violation events, friend graph, and push tokens. Everything in Section 3 except authentication credentials. Data is stored in Supabase’s U.S. infrastructure under row-level security policies we have configured.
Apple Push Notification service (APNs) Push notification delivery. Device push token and notification payload (we do not include sensitive content in payloads).
Apple App Store / StoreKit App distribution and (in the future) in-app purchases. Apple handles these directly; we do not receive your payment details.
Expo / EAS (expo.dev) Build and deployment infrastructure. Does not receive runtime user data. Used only for building and distributing the app binary.

We do not sell, rent, or share your data with anyone else. If this ever changes — for example, if we add an analytics provider — we will update this policy and, where required, ask for your consent.

7. How we store and protect your information

  • Storage location. Your data is stored in the United States on infrastructure operated by Supabase (database), Clerk (authentication), and Apple (push token delivery).
  • Encryption in transit. All traffic between the app and our providers is encrypted using TLS.
  • Encryption at rest. Supabase and Clerk encrypt data at rest using industry-standard mechanisms.
  • Access controls. Supabase row-level security policies restrict each user to only their own data. Only the developer operating Watchdog has administrative access, and access is protected by multi-factor authentication.
  • Device-level storage. Small amounts of non-sensitive data (cached scores, session identifiers) are stored on your device using iOS AsyncStorage and SecureStore. Authentication tokens are stored in the iOS Keychain via Clerk’s SDK.

No system is perfectly secure. If we become aware of a breach that affects your personal information, we will notify you promptly and comply with applicable breach-notification laws.

8. How long we keep information

  • Account data (email, display name, friends, rules): retained while your account is active.
  • Usage, violation, and score data: retained while your account is active so you can view your history.
  • Push tokens: retained while your account is active; refreshed automatically when iOS issues a new token.
  • Support emails: retained up to 2 years for customer-service reference.
  • Backups: our database provider retains rolling backups for up to 30 days after deletion.

When you delete your account (see Section 10), we delete your data from our live database within 7 days. Residual copies in provider backups are purged within 30 days thereafter.

9. Sharing with other Watchdog users

Watchdog has optional social features. You control what, if anything, is visible to other users.

  • Your display name and profile photo are visible to users you add as friends.
  • Your score and category breakdown are visible to friends you explicitly share with.
  • Violation events are visible only in the aggregate (for example, “Yash had 3 banned-app opens today”) to friends you share with — never the app tokens themselves.
  • Custom shield messages you configure for a specific friend are delivered to them through our database and shown on their shield screen.

You can remove a friend at any time, which immediately stops any further sharing. Past shared data is not retroactively deleted from their view of already-rendered content.

10. Your rights and choices

Regardless of where you live, you can exercise the following rights by using the in-app settings or by emailing watchdog.letsgo@gmail.com.

  • Access. You can request a copy of the personal information we hold about you.
  • Correction. You can update your display name, email, and rules from within the app.
  • Deletion. You can delete your account from Settings inside the app, or by emailing us. Deletion removes your data from our live systems within 7 days, and from provider backups within approximately 30 days thereafter.
  • Export. You can request a machine-readable export of your data.
  • Revoke Screen Time permissions. You can revoke Watchdog’s Family Controls authorization at any time in iOS Settings → Screen Time. This will disable rule enforcement but does not delete your account.
  • Revoke push notifications. You can disable notifications in iOS Settings → Watchdog → Notifications.
  • Complain. If you believe we have mishandled your data, you can contact us. If you are in the European Economic Area, the United Kingdom, or another region with a supervisory data-protection authority, you also have the right to file a complaint with that authority.

10.1 California residents (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, to access and delete it, to correct inaccurate information, and to opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined by the CCPA. To exercise any of these rights, email watchdog.letsgo@gmail.com.

10.2 EEA / UK residents (GDPR / UK GDPR)

If you are in the European Economic Area or the United Kingdom, our legal bases for processing are (i) performance of our contract with you to provide the Service, (ii) your consent (for push notifications and Family Controls authorization), and (iii) our legitimate interests in operating and securing the Service. You have rights of access, rectification, erasure, restriction, objection, and data portability. You can withdraw consent at any time. You have the right to lodge a complaint with your local supervisory authority.

11. Children’s privacy

Watchdog is intended for users aged 13 and over. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please email us at watchdog.letsgo@gmail.com and we will delete the account and any associated data.

Although Watchdog uses Apple’s Family Controls framework, Watchdog is not a parental-control product in the traditional sense: Watchdog rules are set by the account holder for their own device, not by a parent for a child’s device. Parents who want parental supervision of a child’s device should use Apple’s built-in Family Sharing / Screen Time for Families feature.

If you are a parent or guardian and you discover that your child aged 13 or older is using Watchdog and you would like their data deleted, please email us.

12. International users

Watchdog is operated from the United States. If you use the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States. By using Watchdog, you consent to this transfer. We rely on appropriate safeguards (including contractual commitments from our service providers) for any cross-border data transfer.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will change the “Last updated” date at the top of this page and, for material changes, we will notify you in-app or by email before the change takes effect. Your continued use of the Service after a change indicates your acceptance of the updated policy.

We keep historical versions available on request.

14. Contact

For any question about this policy, to exercise any of the rights above, or to report a privacy concern:

Email: watchdog.letsgo@gmail.com
Website: https://ethya.org

We read every email and aim to respond within 7 days.

This policy is written specifically for Watchdog and reflects the actual data practices of the app as of the effective date. It is not a generic template.