KarmaClock Privacy Policy

A plain-English summary of what KarmaClock collects, why, and what you can do about it.

Effective date: 27 April 2026 · Last updated: 9 May 2026 (v1.0.7 — added remote analytics kill switch)

1. Who we are

KarmaClock is a personal life-clock and habit-tracking app for iOS and Android. It is built and operated by an individual developer, not a company. In this policy, "we", "our", and "the app" refer to KarmaClock; "you" refers to the person using it.

The app's purpose is to help you visualise your remaining time and reinforce positive daily habits ("karma actions") that contribute to a longer projected lifespan. Everything in this policy is in service of that single feature set.

2. What we collect

We try to collect as little as possible. Here is the full list.

2.1 Account information

• Email address. Used to create and sign in to your account.
• Password (only if you sign up with email/password). Your password is hashed and stored by our authentication provider, Supabase. We never see or store your raw password.
• Google or Apple identity (only if you sign in with Google or Apple). When you choose those options, we receive your email address and a stable identifier for your account from the provider. We do not receive your contacts, calendar, photos, or any other Google/Apple data.

2.2 Profile information you provide

• Date of birth. Used to calculate the time you have lived and the time projected to remain.
• Lifespan estimate (a number between 50 and 120). Used as the baseline for the clock.
• Time zone. Detected from your device so that daily streaks and reminders match your local day.

2.3 Activity within the app

• Karma log. A timestamped list of the karma actions you mark as completed (for example, "exercised 30 minutes", "meditated"). Each entry stores the action, the time, and the bonus hours it adds to your projected lifespan.
• Reminder preferences. Whether you have enabled the daily reminder and at what time.
• Pinned karma actions. A list of action identifiers you have starred to keep at the top of the Karma tab (introduced in v1.0.7, maximum 10).

2.4 Device information

• Push notification token (only if you enable reminders). A device-specific token issued by your operating system that lets us deliver scheduled reminders. It is not personally identifying on its own.

2.5 Anonymous product analytics

The app sends anonymous product analytics events to PostHog. These include event names like "app_opened", "onboarding_completed", "karma_logged", and "reminder_enabled / reminder_disabled", along with event timestamps and basic device metadata (operating system, app version, device type). These events do not include your email, date of birth, lifespan estimate, karma action descriptions, or any free-text input.

For guest (signed-out) sessions, events are tagged with an anonymous device identifier. Once you sign in, events are also tagged with your account identifier so we can understand product usage at a per-user level. You can request deletion of all analytics events tied to your account at any time via the account-deletion process linked at the end of this policy.

As of v1.0.7, the app reads a small static configuration file from our public privacy site on each cold start. If that file says analytics is disabled, the app skips initialising PostHog entirely until the next launch. This lets us turn analytics off across all installations without shipping an app update. The configuration file does not contain any personal data and is fetched anonymously over HTTPS.

2.6 What we do not collect

• We do not collect your location.
• We do not access your contacts, photos, microphone, camera, or files.
• We do not show ads, and we do not share data with advertisers or data brokers.
• We do not track you across other apps or websites.

3. How we use it

We use the data above only to:

• Authenticate you and keep your account secure.
• Calculate and display your life clock and karma totals.
• Save your progress on this device so that it is available the next time you open the app.
• Send the daily reminder you have opted in to, at the time you have chosen.
• Diagnose crashes and improve the app, where anonymous analytics is enabled.

We do not sell your data. We do not use your data to train machine-learning models. We do not profile you for advertising.

4. Where it is stored

• On your device. Your profile (date of birth, lifespan estimate, time zone), karma log, and reminder preferences are stored locally using encrypted device storage (MMKV for app preferences, the platform secure store for any authentication tokens). As of v1.0.6, this data stays on your phone and is not transmitted to any server. Uninstalling the app or using the in-app Reset deletes it from your device.
• On Supabase (read-only catalog). The karma actions catalog is hosted in a Supabase-hosted PostgreSQL database in the United States and fetched read-only by the app via a CDN-cached edge function. No personal data flows from your device to Supabase as part of normal use.
• On Supabase (account, only if you sign in). Sign-in is currently not surfaced in the app — the “Back up to cloud” button was removed in v1.0.6 because it created an account record without actually backing up your profile or karma log. We are keeping the sign-in code in place to support upcoming paid features. If sign-in is reintroduced and you choose to use it, an auth.users row will be created in Supabase containing your email and provider identifiers; we will not store your profile or karma log there unless and until two-way cloud sync is built (it is not currently planned).

Local data on your device is retained until you uninstall the app or use the in-app Reset. If sign-in is reintroduced in a future release and you create an account, the corresponding auth.users row is retained until you request deletion via the account deletion process; a minimal record may persist for up to 90 days for fraud prevention and compliance, and is then permanently purged.

5. Third parties

KarmaClock relies on a small number of third-party services. Each receives only the data needed to provide its function.

• Supabase — authentication and the read-only karma actions catalog. Receives (only if you sign in, an entry removed from the UI in v1.0.6 and reserved for upcoming paid features): email and hashed password. Does not receive your profile or karma log. Supabase privacy policy.
• Google Sign-In (only if you use it) — federated login. Google receives the fact that you signed in to KarmaClock; KarmaClock receives your email and a stable Google account ID. Google privacy policy.
• Apple Sign-In (only if you use it, on iOS) — federated login. Apple privacy policy.
• Expo Push Notifications / Firebase Cloud Messaging (only if you enable reminders) — delivers scheduled local-time reminders to your device. Receives: a device push token. Does not receive the content of your karma log.
• PostHog — anonymous product analytics. Receives: event names, event timestamps, device metadata (OS, app version, device type), and — only after you sign in — your account identifier. Does not receive: karma action descriptions, free-text input, your date of birth, or your lifespan estimate. PostHog privacy policy.

6. Your rights

You have the following rights over your data, regardless of where you live:

• Access. You can see your full profile and karma log inside the app at any time.
• Correction. You can edit your date of birth, lifespan estimate, and reminder preferences in the app's Profile screen.
• Deletion. You can request deletion of your account and all associated data by emailing the address in the Contact section. We will confirm and complete the deletion within 30 days.
• Export. If you would like a copy of your data in a machine-readable format, email us and we will send it within 30 days.
• Withdrawal of consent. You can disable reminders, sign out, or uninstall the app at any time. Uninstalling removes the on-device data immediately; account-side data is retained until you request deletion.

If you are in the European Economic Area, the United Kingdom, or California, you also have the rights granted by the GDPR, UK GDPR, and CCPA respectively, including the right to lodge a complaint with your local data protection authority.

7. Children

KarmaClock is not directed at children under 13 (or under 16 in the European Economic Area), and we do not knowingly collect personal information from them. If you believe a child has created an account, please contact us and we will delete the account and its data.

8. Security

We rely on industry-standard practices to protect your data:

• All network traffic between the app and Supabase is encrypted in transit (HTTPS / TLS).
• Authentication tokens on your device are stored in the platform's secure keystore (Android Keystore / iOS Keychain).
• Row-Level Security policies are enabled on Supabase tables; if sign-in is used, a request that bypasses the app cannot read another user's account row.
• Passwords are never stored in plaintext; Supabase stores a salted hash.

No method of transmission or storage is perfectly secure. If we become aware of a breach that affects your data, we will notify you within the timeframe required by applicable law.

9. Changes to this policy

If we change how the app handles data, we will update this page and update the "Last updated" date at the top. For material changes, we will also surface a notice in the app the next time you open it. Continued use of the app after a change constitutes acceptance of the updated policy.

10. Contact

For privacy questions, deletion requests, or data exports, email karmaclock.app@gmail.com. Please put "KarmaClock privacy" in the subject line so the request is not missed.