Legal
Privacy Policy
Last updated: June 10, 2026
1. Overview
This Privacy Policy explains what CoPact ("we", "our", or "the app") processes, why we process it, which service providers receive it, and how long it is retained. Apple Screen Time usage reports and selected-app identities stay on your device and are not uploaded to CoPact's backend. If you sign in, account and focus-session metadata are synced automatically as described below.
2. Data That Stays on Your Device
CoPact uses Apple's FamilyControls, ManagedSettings, and DeviceActivity frameworks. CoPact does not upload:
- Screen Time usage reports. App-by-app usage, pickups, notifications, and Screen Time statistics are processed locally through Apple's APIs.
- Selected-app identities. App and category selections used for blocking remain on device. Synced session metadata includes only the number of blocked apps, not their identities.
- Browsing history and personal content. CoPact does not access or upload messages, photos, contacts, browsing history, or content inside other apps.
- Precise location. CoPact does not request precise location permission. Google Sign-In's SDK declares coarse-location and technical-data processing when that sign-in option is used.
3. Data We Process
Depending on how you use CoPact, we process:
- • Account and sign-in information: Name, email address, Firebase user ID, authentication provider, account timestamps, and credentials or tokens handled by Firebase Authentication, Sign in with Apple, or Google Sign-In. Google's SDK also declares possible processing of phone number, coarse location, device ID, and other sign-in usage or technical data.
- • Purchase information: App Store purchase history, subscription status, product identifiers, entitlement status, and a RevenueCat customer record linked to your Firebase user ID after sign-in.
- • Profile and focus-session metadata: App version, time-zone identifier, sync timestamps, aggregate focus statistics, session ID and type, start/end times, state, difficulty, duration, break totals, blocking mode, blocked-app count, and weekly summaries. Signed-in accounts sync this data automatically. It does not include blocked-app identities.
- • Diagnostics: Crash traces, app and operating-system state, installation identifiers, and related diagnostic data processed by Firebase Crashlytics, Firebase Authentication, and Cloud Firestore to diagnose failures and measure service reliability.
4. How We Use Your Data
We use this data to authenticate accounts, store signed-in profile and focus history for backup and future analytics, validate purchases, restore subscriptions, prevent purchase fraud, diagnose crashes, and measure app and subscription reliability. CoPact does not currently download cloud session history onto another device. We disclose data to the processors listed below only for these purposes or when required by law. We do not display third-party advertising.
5. Storage, Retention & Security
Local app data remains on your device until you remove it through the app, delete the app, or erase the device. Synced Firebase account and session data remains while your account exists and is removed from active CoPact collections when account deletion completes, subject to Google's backup, security, and legal-retention processes.
Google states that Firebase Crashlytics retains crash traces and associated installation identifiers for 90 days before removal begins. RevenueCat and Apple may retain purchase and customer records as needed to validate entitlements, prevent fraud, operate subscription analytics, and meet financial or legal obligations.
Firebase encrypts supported data in transit and at rest. No internet service can guarantee absolute security.
6. Processors
- • Google Firebase Authentication and Google Sign-In process account, profile, credential, identifier, and SDK diagnostic data for sign-in, account security, and authentication analytics. Firebase Authentication is processed in US data centers.
- • Google Cloud Firestore stores signed-in profile, session, and weekly-summary data for backup and future analytics. CoPact does not currently restore that history onto another device.
- • Google Firebase Crashlytics processes crash and diagnostic data for app stability and troubleshooting.
- • RevenueCat and Apple StoreKit process purchase history, identifiers, and entitlement data for payment validation, subscription access, restore purchases, fraud prevention, and subscription analytics.
- • Apple Sign in with Apple and Screen Time services provide optional authentication and on-device blocking/report functionality under Apple's privacy terms.
7. Account Deletion & Your Rights
Depending on where you live, you may have rights to access, correct, or delete personal data and to object to or restrict certain processing.
- • Use Settings → Account → Delete Account to remove your Firebase account and synced Firestore profile, sessions, and weekly summaries.
- • Manage or cancel an App Store subscription separately in Apple's subscription settings. Deleting a CoPact account does not cancel it.
- • Contact us for an access, correction, deletion, restriction, or objection request.
Apple, Google, and RevenueCat may retain records where needed for security, backups, transaction validation, fraud prevention, or legal obligations. Contact privacy@copact.app for requests not completed in the app.
8. No Tracking
CoPact does not use data to track you across apps or websites owned by other companies for targeted advertising or advertising measurement. We do not use IDFA, sell personal data, or provide data to data brokers.
9. Children's Privacy
CoPact is designed for individual use and is not directed at children under 13. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this policy as CoPact, its processors, or legal requirements change. The current version and effective date will be posted on this page.
11. Contact
Questions about this Privacy Policy? Contact us at privacy@copact.app.