Privacy Policy

Effective date: April 3, 2026

Overview

Claruss is a screen time management app. We collect only what is necessary to provide the service. We do not sell, share, or monetize your personal data.

Information We Collect

Account information

Email address, display name, and hashed password. These are required to create and authenticate your account.

Phone number (optional)

If you opt in to SMS OTP delivery, we store your phone number to send one-time passcodes via Twilio. You can remove it at any time.

Rules and lock history

Your blocking rules, lock sessions, unlock events, and activity logs are stored on our servers to sync across sessions and provide the activity feed.

Device tokens

Apple Push Notification tokens are stored to deliver OTP requests and lock notifications to your device.

Information We Do Not Collect

Screen time data or app usage statistics
Browsing history or website content
Contacts, photos, messages, or other personal content
Location data
Device identifiers for advertising

Blocked app and website selections use Apple’s opaque FamilyControls tokens, which are device-specific and do not reveal app names or identifiers to our servers.

How We Use Your Information

Authenticate your account and manage sessions
Enforce your blocking rules and deliver OTP codes
Send push notifications for lock events and partner requests
Display your activity history within the app

Third-Party Services

Claruss uses the following third-party services:

Twilio — SMS delivery for OTP codes (only if you opt in to SMS). Twilio receives your phone number and message content. See Twilio’s Privacy Policy.
Apple Push Notification service (APNs) — Push notification delivery. Apple receives your device token.

We do not use any analytics, advertising, or tracking services.

Data Storage and Security

Passwords are hashed with bcrypt (12 rounds) and never stored in plain text
OTP codes are SHA-256 hashed and auto-expire after 10 minutes
Refresh tokens are hashed before storage and rotated on each use
All communication between the app and our servers uses HTTPS/TLS
Data is stored in a PostgreSQL database hosted in the United States

Data Sharing

We do not sell, rent, or share your personal data with third parties, except as described in the Third-Party Services section above. Your accountability partner can see that you requested an unlock and whether it was approved — nothing more.

Data Retention and Deletion

We retain your data for as long as your account is active. You can delete your account at any time from the Settings screen in the app. Upon deletion, all personal data is permanently removed from our servers, including:

Account information and credentials
Rules, lock sessions, and activity history
Partnership data and device tokens

Children’s Privacy

Claruss is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the app or email. The effective date at the top of this page indicates when the policy was last updated.

Contact

For privacy questions or data requests, contact privacy@claruss.app.