Privacy Policy

1. Who We Are

Locked In is a time-tracking and personal productivity application designed to help individuals focus on what matters, understand how they spend their time, and share their progress with friends. References to “Locked In”, “we”, “us” or “our” in this Privacy Policy refer to LiteByte Media Ltd, a company registered in England and Wales (company number: 16037925).

We are the data controller of the personal information you provide to us. If you have any questions about this policy or your data, please contact us at:

2. What Personal Data We Collect

Account & identity information

• *Full name or display name
• *Email address
• *Password (stored as a salted hash — we never store your password in plain text)
• *Profile photo, if you add one

Time tracking & activity data

• *Sessions you record, including start time, end time and duration
• *Activity labels and categories you create or assign
• *Notes or descriptions you attach to sessions
• *Streaks, goals and scheduled activities
• *Routine preferences

Social & user-generated content

• *Friends, friend requests and friend recommendations
• *Group memberships and group goals
• *Comments, replies, reactions, likes and @mentions on the day feed and on group goals
• *Stickers you place on your own or others’ content
• *Lock-in nudges sent or received
• *Day media — photos and videos you choose to attach to a day (up to 10 files of up to 50 MB each), together with any label, dimensions, duration and file size

Subscription & billing data

• *Subscription tier (Super Locked In monthly or yearly), purchase date, renewal date, original transaction ID, receipt data, entitlement status and platform (App Store or Google Play)
• *We never receive your payment card details. Payment is processed by Apple or Google. We only see the resulting receipt and entitlement state, via RevenueCat.

AI assistant inputs & outputs

• *Questions you ask the analytics assistant or schedule assistant
• *The productivity, analytics and schedule snapshots we send alongside your question so the assistant can answer it
• *The generated text and synthesised audio (text-to-speech) we send back to you

Notification engagement & behavioural data

• *Which push notifications were sent to you, which you opened and which you ignored
• *Time-of-day responsiveness signals
• *A derived behavioural profile (e.g. best-responding times, streak risk) used only to decide whether and when to send a notification, and which variant of copy to send

Device permissions metadata

• *Push tokens (Expo push token, APNs token on iOS, FCM token on Android)
• *iOS Screen Time / Family Controls authorisation status — i.e. whether you have granted permission. The list of apps you choose to block stays on your device under Apple’s Family Controls framework and is not sent to or stored on our servers.
• *Camera and photo library access status (used for QR-code friend-adding and selecting day media); we do not access photos you have not explicitly selected.

Usage & technical data

• *App usage data, including screens visited and features used
• *Device type, operating system and app version
• *IP address (used transiently for security and abuse prevention)
• *Session timestamps and crash reports

3. How We Use Your Personal Data

Delivering core features

• *Creating and managing your account
• *Recording, storing and displaying your time-tracking sessions and analytics
• *Enabling friend connections, group activities, comments, mentions and the social features you opt into
• *Powering iOS widgets, Live Activities and the on-device app-blocking experience

Subscriptions

• *Provisioning and renewing Super Locked In subscriptions
• *Verifying entitlements with Apple, Google and RevenueCat
• *Keeping the statutory records of digital sales we are required to retain

AI assistance

• *Answering your questions about your analytics, productivity and schedule, including generating synthesised voice replies

Notification personalisation

• *Deciding when, whether and which notification to send (e.g. streak-at-risk, morning kick-off, end-of-day, recap, “friend locked in now”)
• *A/B testing notification copy to find wording that works best on average

Service improvement, security & legal

• *Understanding how the app is used and improving its features and performance
• *Monitoring and addressing technical issues, abuse and security concerns
• *Complying with applicable laws, store policies and tax obligations

4. Legal Bases for Processing (UK & EU Users)

Under the UK GDPR and EU GDPR, we rely on the following lawful bases:

• *Contract — providing the core app, processing subscription and billing data, delivering AI features you invoke, enabling social features you opt into
• *Legitimate interests — service improvement, security, fraud and abuse prevention, content moderation, notification personalisation and A/B testing. You can object to processing based on legitimate interests at any time
• *Consent — push notifications, camera access, photo library access, iOS Screen Time / Family Controls authorisation. Each is an OS-level prompt and can be withdrawn at any time in your device settings or in the app’s notification preferences
• *Legal obligation — retaining subscription and tax records as required by HMRC and consumer protection law

5. AI Assistance

The app includes two AI-powered assistants:

• *The analytics assistant answers questions about your productivity data.
• *The schedule assistant proposes schedule actions based on your past sessions and routine.

When you use either assistant, we send your question and a snapshot of the relevant data (e.g. recent analytics, your schedule) to OpenAI, who generates a text reply and a synthesised voice (text-to-speech) version of that reply.

OpenAI does not use API data to train its models under its standard API data-usage policy, which is the basis we operate on. We do not send any data to ChatGPT or any other OpenAI consumer product.

Important things to know:

• *AI-generated responses can be wrong, incomplete or out of date. They are not professional advice (legal, medical, financial or otherwise).
• *Audio output is generated by AI, not recorded by a human, and is labelled as such in the app.
• *You can opt out at any time simply by not using the assistants. None of your data is sent to OpenAI unless you actively ask an assistant a question.

6. Push Notification Personalisation

We use signals about how you have used the app and how you have responded to past notifications to decide whether and when to send you a notification, and which variant of notification copy to send. This is “profiling” under UK and EU GDPR Article 4(4), but it does not produce any legal or similarly significant effect on you — it only affects the timing and wording of optional reminders.

You can switch this off at any time by:

• *Disabling notifications system-wide in your device settings, or
• *Turning off specific notification categories inside the app under Settings → Notifications.

7. Sub-Processors

To deliver Locked In we use the following providers, who process data on our behalf under written data processing agreements. None of them is permitted to use your data for advertising, or to train its own models on it.

We will update this list if we add or replace a sub-processor that materially affects how your data is handled.

8. International Data Transfers

Our primary database is hosted in Germany (EU). Transfers between the UK and the EEA are covered by mutual adequacy decisions and require no additional safeguards.

Some of our other providers are based in the United States (OpenAI, Apple, Google, Expo, RevenueCat). Where data is transferred to the US, we rely on appropriate safeguards including the European Commission’s Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum (IDTA), and the provider’s certification under the EU-US and UK-US Data Privacy Framework where available.

9. Data Retention

10. Your Rights

Under the UK GDPR and EU GDPR you have the right to:

• *Access the personal data we hold about you
• *Have inaccurate data corrected
• *Have your data erased (subject to legal retention obligations, such as tax records)
• *Restrict or object to processing, including profiling for notification personalisation
• *Receive your data in a portable, machine-readable format
• *Withdraw any consent you have given

You can delete your account at any time in-app under Settings → Account → Delete Account.

We do not take any decisions about you that produce legal or similarly significant effects using solely automated means; in particular, our notification personalisation is not within scope of Article 22 GDPR.

To exercise any of these rights, email contact@litebyte.co.uk. We will respond within one month. We may need to verify your identity before processing your request. If you are unhappy with how we have handled your data you have the right to complain to the UK Information Commissioner’s Office at ico.org.uk, or to your local EU/EEA supervisory authority.

11. Children’s Privacy

Locked In is not intended for users under 13. We do not knowingly collect personal data from children under 13.

If you are between 13 and 16 and resident in the European Economic Area, you must have a parent’s or guardian’s consent before using the app, as required by Article 8 GDPR.

Subscriptions cannot be purchased by minors without the account holder’s consent on Apple or Google. If you believe a child has provided us with personal data without appropriate consent, please contact us at contact@litebyte.co.uk and we will take steps to delete it promptly.

12. Security

• *All data is encrypted in transit using TLS and at rest using AES-256 by our infrastructure providers.
• *Database access is controlled by Row Level Security policies so you can only access your own data.
• *Day media is served via signed URLs that expire after 60 minutes.
• *Our iOS App Group shared container is sandboxed to the Locked In bundle IDs only.
• *Access to personal data is restricted to authorised team members on a need-to-know basis.

No system is completely secure. If you believe your account has been compromised, please contact us immediately at contact@litebyte.co.uk.

13. Subscriptions & Payments

Super Locked In is sold as an auto-renewing subscription through the Apple App Store and Google Play. Prices are:

• *Monthly: £3.99 per month (or local equivalent)
• *Yearly: £34.99 per year (or local equivalent)

Payment is taken by Apple or Google at confirmation of purchase and automatically charged at the start of each renewal period unless cancelled at least 24 hours before the period ends. You can manage or cancel a subscription at any time:

• *Apple: support.apple.com/HT202039
• *Google Play: support.google.com/googleplay/answer/7018481

Full subscription terms, including auto-renewal and refund details, are in our Terms of Use.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you via the app or by email, and update the “last updated” date above. Continued use of the app after a material change constitutes acceptance of the revised policy.

15. Contact Us

For any privacy questions, requests or complaints: