ruffup Legal

Privacy Policy and Terms of Use for the ruffup iOS app

View the Project on GitHub justinpersway/ruffup-legal

ruffup Privacy Policy

Last updated: 2026-06-08

This is the privacy policy for ruffup, an iOS alarm app. It explains what data the app collects, where it goes, and what choices you have.

The short version: Onboarding answers, alarms, streaks, and mission results stay on your device. What leaves your phone is anonymous: your subscription state (to confirm you’re a paying subscriber), basic usage and crash analytics (to understand how the app is used and to fix bugs), and a few app events we share with TikTok to measure our own ads. None of it is tied to your name, email, or any account, and we never sell it.

1. What stays on your device

The following is stored only in the local SwiftData store on your iPhone and is never transmitted to ruffup or any third party by us:

If you delete the app, this data is removed with it.

2. Subscription data (RevenueCat + Apple)

To gate paid features we use RevenueCat (https://www.revenuecat.com/), which wraps Apple’s StoreKit framework. When you open the paywall or complete a purchase, the following is processed:

This is sent to RevenueCat’s servers so the app can confirm your entitlement on subsequent launches without you needing to sign in. RevenueCat’s privacy policy is at https://www.revenuecat.com/privacy.

We do not associate this data with your name, email, or Apple ID, and we never sell it. Some anonymous purchase events (for example, that a trial or a subscription started) are also shared with the analytics and advertising-measurement partners described in Section 3, only so we can understand and measure our own marketing.

3. Usage analytics, crash reports, and advertising measurement

To understand how the app is used, fix bugs, and measure our own advertising, ruffup sends a small amount of anonymous event data off the device. None of it is tied to your name, email, Apple ID, or any account, we do not show third-party ads inside the app, and we never sell it.

PostHog (product analytics + crash reports). We use PostHog (https://posthog.com/) to record anonymous in-app events, such as which onboarding steps you reach, when an alarm is created, when a wake mission is completed, when the paywall is shown, and when a trial or subscription starts. In release builds, PostHog also automatically captures crash and error reports so we can find and fix problems. These events are keyed to the same anonymous, random identifier described in Section 2 and are processed on PostHog’s US servers (us.i.posthog.com). PostHog’s privacy policy is at https://posthog.com/privacy.

TikTok (advertising measurement). If you install or open ruffup after tapping one of our TikTok ads, the TikTok Business SDK shares anonymous app events (for example, completing onboarding, viewing the paywall, starting a trial, or subscribing) with TikTok so we can measure and improve those ads. This works through Apple’s privacy-preserving SKAdNetwork and aggregated reporting. We do not collect Apple’s advertising identifier (IDFA), we do not show the App Tracking Transparency prompt, and we do not track you across other companies’ apps or websites. TikTok’s privacy policy is at https://www.tiktok.com/legal/page/row/privacy-policy/en.

4. Notification permission

If you allow notifications, the app uses AlarmKit (iOS 26+) or UserNotifications (older iOS) to schedule local alarm notifications on your device. These never leave your phone. If you decline, the app still works but your alarms will not fire while it’s in the background.

5. Permissions

ruffup may ask for:

You can revoke either at any time in iOS Settings → ruffup.

6. Children

ruffup is not directed at children under 13 and does not knowingly collect data from them.

7. Your rights

You can:

We respond to verified rights requests within 30 days.

Where the General Data Protection Regulation (GDPR) or UK GDPR applies, our legal bases for processing are:

We do not make automated decisions that produce legal or similarly significant effects about you.

9. Data retention

10. International data transfers

ruffup is operated from outside the European Union. RevenueCat, PostHog, and TikTok are all based in the United States. When you purchase a subscription, your anonymous purchase record is transferred to and processed in the US by RevenueCat; the anonymous analytics, crash, and advertising-measurement events described in section 3 are likewise transferred to and processed in the US by PostHog and TikTok. Each relies on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for these transfers. RevenueCat’s Data Processing Agreement and SCCs are available at https://www.revenuecat.com/legal/, PostHog’s at https://posthog.com/dpa, and TikTok’s business-products terms at https://www.tiktok.com/legal/.

11. Supervisory authority

If you are in the EU, UK, or EEA, you have the right to lodge a complaint with your national data protection authority. Contact details for EU/EEA authorities are at https://edpb.europa.eu/about-edpb/about-edpb/members_en and for the UK at https://ico.org.uk.

12. Data controller (EU / UK users)

For the purposes of the GDPR and UK GDPR, the data controller is:

Justin Lim (sole proprietor) — 8809 Washington Blvd, Unit 322, Culver City, CA, 90232, United States — email support@ruffup.app.

This address is also published on our App Store listing under the Digital Services Act.

13. Changes

If we materially change how data is handled, we’ll update this page and the “Last updated” date above.

14. Contact

Questions? Email support@ruffup.app.