Privacy Policy
Last updated: 2026-07-02
Unscrol (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (“the App”) and our website at unscrol.com (“the Website”).
1. Information We Collect
1.1 Personal Information
When you create an account, we collect:
- Email address — used for account identification, login, and communication.
- PIN (hashed) — your 4-digit PIN is securely hashed before being stored. We never store your PIN in plain text.
1.2 Usage Data
We automatically collect certain information when you use the App, including:
- Check-in data (morning, afternoon, evening slots)
- Streak and milestone progress
- Urge tracking entries (timestamps and categories)
- Focus session durations
- Mood tracking entries
- Leaderboard scores and rankings
1.3 Device Information
We may collect device-related information such as device type, operating system version, and unique device identifiers for analytics and troubleshooting purposes.
2. Apple Screen Time & Family Controls (iOS)
To help you stay focused, Unscrol can block distracting apps during a focus session using Apple’s Screen Time API — specifically the Family Controls, Managed Settings, and Device Activity frameworks. This feature is privacy-first by design: your Screen Time data is handled entirely on your device by Apple’s system, and we built it so that no such data ever reaches us.
2.1 App Selection (Family Controls & Managed Settings)
When you choose which apps to block during focus, Apple presents a system picker. The App receives only opaque, encrypted tokens that represent your selection — never the bundle IDs, app names, or icons of the apps you pick. These tokens are meaningless outside your device and cannot be reverse-engineered to identify the apps.
- Your selection is stored locally on your device inside a private App Group container.
- This selection is never transmitted to our servers or any third party.
- Blocking is applied by Apple’s Managed Settings system; the App only tells the system “shield the selected tokens.”
2.2 Usage Monitoring (Device Activity)
To know when a focus session should start or end based on app usage, Unscrol registers usage thresholds with Apple’s Device Activity framework. These thresholds are evaluated on-device, inside a sandboxed system extension managed by iOS.
- The App never reads your raw screen-time numbers — how long you used an app, when, or how often. Apple keeps those figures sandboxed and inaccessible to us.
- The only information stored is simple per-session flags (for example, whether a session is currently clean or was opened/interrupted), saved locally in the App Group.
- These flags never leave your device.
2.3 No Screen Time Data Leaves Your Device
No Screen Time, Family Controls, or Device Activity data is ever sent to our servers or to any third party. Your app selections, usage thresholds, and session flags remain on your device at all times. We cannot see which apps you block, how much you use them, or your Screen Time statistics.
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the App
- Authenticate your identity and secure your account
- Track your digital wellness progress
- Generate leaderboard rankings
- Send account-related communications (e.g., PIN reset codes)
- Analyze usage patterns to improve features
- Respond to support requests
4. Notifications
Unscrol uses local notifications to remind you about check-ins, focus sessions, streaks, and milestones. These are scheduled and delivered on your device — their content is not sent to or generated by our servers. You can disable notifications at any time in your device settings.
5. Subscriptions
Premium subscriptions are processed through RevenueCat, which manages purchases and entitlements on top of Apple’s App Store (and Google Play on Android). Payment is handled entirely by the platform’s app store — we never receive or store your credit card or payment details. RevenueCat processes an anonymized subscriber identifier and your subscription status to unlock premium features. See RevenueCat’s privacy policy for details.
6. Analytics
Where enabled, we use privacy-conscious analytics (such as Mixpanel and Firebase Analytics) to understand aggregate, anonymized usage patterns and improve the App. Analytics never include your Screen Time data, the apps you block, or your PIN.
7. Website
The Website at unscrol.com is a static informational site. It does not require an account and does not set tracking cookies. It is served via Cloudflare, which may process standard technical request data (such as IP addresses) for security and delivery purposes.
8. Data Storage & Security
Your data is stored on secure servers using MongoDB Atlas with encryption at rest and in transit. We implement industry-standard security measures, including:
- Passwords and PINs are hashed using bcrypt
- All API communications use HTTPS/TLS encryption
- JWT tokens are used for session management with short expiration times
- OTP codes for PIN recovery expire after 10 minutes
9. Data Sharing
We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:
- With your consent — when you explicitly agree to share data
- Leaderboard — your display name and score are visible to other users on the public leaderboard
- Legal requirements — if required by law, regulation, or legal process
- Service providers — trusted third-party services that help us operate the App (e.g., email delivery, hosting), bound by confidentiality agreements
10. Third-Party Services
The App may use the following third-party services:
- MongoDB Atlas — database hosting
- Cloudflare — CDN and DDoS protection
- SMTP providers — email delivery for verification codes
- RevenueCat — subscription management (no payment details)
- Mixpanel / Firebase Analytics — anonymized usage analytics (where enabled)
Apple’s Screen Time, Family Controls, and Device Activity frameworks are not third-party services — they run on-device as part of iOS, and the data they process is not shared with us. Each third-party service listed above has its own privacy policy governing how they handle data.
11. Your Rights
You have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate data
- Deletion — request deletion of your account and associated data
- Portability — request an export of your data in a machine-readable format
- Withdraw consent — withdraw your consent at any time where processing is based on consent
To exercise any of these rights, contact us at support@unscrol.app.
12. Data Retention
We retain your personal data for as long as your account is active. If you delete your account, we will remove your data from our active systems within 30 days. Backup copies may persist for up to 90 days before being permanently deleted.
13. Children’s Privacy
Unscrol is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete it promptly.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your data.
15. Contact Us
If you have questions or concerns about this Privacy Policy, please contact us:
- Email: support@unscrol.app