Politique de confidentialité
Privacy Policy
Last updated: July 7, 2026
1. Introduction
This Privacy Policy describes how RepLock ("App," "we," "us") collects, uses, and shares information when you use our mobile application on Android and iOS.
By using RepLock, you agree to this Policy. See also our Terms of Use.
2. Data Controller
Seyfi Can Zeyrek (Individual Developer)
Izmir, Türkiye
Privacy inquiries: sczgamesinfo@gmail.com
Support: sczgamesinfo@gmail.com
We have not appointed a Data Protection Officer. For EU/UK requests, contact sczgamesinfo@gmail.com.
3. Scope
This Policy applies to the RepLock mobile app (bundle ID com.pushup.screentime.replock) and related services. It does not cover third-party apps you choose to block or websites you visit outside our App.
4. Data We Collect
| Category | Examples | Purpose | Location | Retention | Shared with |
|---|---|---|---|---|---|
| App usage & blocking | Blocked apps, limits, usage time, wallet | Core features | On-device | Until delete/uninstall | No |
| Workout data | Reps, exercise type, steps, history | Earn screen time | On-device | Until delete/uninstall | No |
| Settings | Notifications, goals, emergency bypass settings | Personalization | On-device | Until delete | No |
| Anonymous ID | Firebase anonymous UID | Cloud features | Firebase | Until deletion request | |
| Push token | FCM token | Notifications | Firestore | Until refresh/delete | |
| Analytics | Feature usage, sessions | Improve app | Firebase Analytics | Per Google policy | |
| Crash data | Stack traces, device info | Bug fixes | Crashlytics | Per Google policy | |
| Subscriptions | Entitlements, product IDs | Premium access | RevenueCat / stores | Per provider policy | RevenueCat, Apple, Google |
| Advertising | Ad ID, interactions, consent | Ads (free tier) | AdMob | Per Google policy |
We do not collect: email registration, uploaded workout videos, accessibility text/passwords, or precise GPS.
5. How We Collect
- You provide: settings, blocked app choices, workout activity
- Automatically: usage stats (with permission), device info, analytics, crash logs
- Permissions: camera, motion/steps, usage access, accessibility (foreground app only), notifications, Family Controls (iOS)
- Third parties: Firebase, RevenueCat, Google AdMob
6. Why We Use Data
| Purpose | Data used |
|---|---|
| Provide blocking & wallet features | Usage, settings, local DB |
| Count reps & steps | Camera (on-device), motion sensors |
| Premium subscriptions | Store receipts via RevenueCat |
| Show ads (free users) | Advertising ID, consent |
| Push notifications | FCM token |
| Security & fraud prevention | App Check attestation |
| Improve stability | Analytics, Crashlytics |
7. Legal Bases
| Region | Bases |
|---|---|
| EU/EEA/UK | Contract, legitimate interest (analytics/crash), consent (ads where required) |
| Türkiye (KVKK) | Contract, legitimate interest, explicit consent (ads where required) |
| US | Notice; opt-out rights for CA residents (see §12) |
8. Sensitive Permissions
Camera
Used for on-device rep counting. Video is not uploaded to our servers.
Usage Access (Android)
Measures time in blocked apps. We do not read content inside other apps.
Accessibility Service (Android)
Detects foreground app package name to show block screen. We do not read passwords, typed text, messages, or screen content. This is not a system accessibility tool (isAccessibilityTool: false).
Family Controls (iOS)
Lets you select apps to manage via Apple's API.
Notifications
Local reminders and Firebase Cloud Messaging.
9. Sharing & Processors
| Processor | Purpose | Data | Region |
|---|---|---|---|
| Google Firebase (Analytics, Auth, Crashlytics, Firestore, Messaging, Remote Config, App Check) | Infrastructure | See §4 | US/EU |
| Google AdMob | Advertising | Ad ID, interactions | Global |
| RevenueCat | Subscriptions | Purchase info, app user ID | US |
| Apple App Store / Google Play | Payments | Per store | Per store |
We do not sell your personal information for money.
10. International Transfers
Data may be processed outside your country (including the United States). We use appropriate safeguards (e.g., Standard Contractual Clauses) where required.
11. Retention
- On-device data: until you delete it or uninstall the App
- Cloud data: per Firebase/RevenueCat policies or until you request deletion
- Analytics/crash: per Google's retention settings
12. Your Rights
Depending on your location, you may have rights to access, correct, delete, restrict, object, port data, and withdraw consent.
- EU/EEA/UK: See GDPR extension — contact sczgamesinfo@gmail.com; complain to your supervisory authority
- Türkiye: See KVKK Aydınlatma Metni (Turkish) — KVKK m.11 rights
- California: See CCPA section — know, delete, opt-out of share, non-discrimination
We respond within applicable legal timeframes.
13. Account & Deletion
We create an anonymous Firebase identifier — not a traditional login account. To request deletion of cloud-linked data, email sczgamesinfo@gmail.com. Uninstalling the App removes local data from your device.
14. Children
RepLock is intended for users 16 and older. We do not knowingly collect data from children under 16. Contact us to request deletion if you believe a child provided data.
15. Security
We use industry-standard measures including encrypted transport (TLS). No method is 100% secure. Emergency bypass PIN is stored locally — protect your device.
16. Automated Decisions
We do not make automated decisions with legal or similarly significant effects. Rep counting uses on-device algorithms, not profiling for employment or credit.
17. Changes
We may update this Policy. Material changes will be notified in-app or via store update notes. Continued use after the effective date constitutes acceptance.
18. Contact
sczgamesinfo@gmail.com
Seyfi Can Zeyrek, Izmir, Türkiye
Regional Extensions
GDPR/EEA/UK: See fragments/gdpr.en.md — incorporated by reference.
CCPA (California): Categories collected include identifiers, usage, diagnostics; opt-out via sczgamesinfo@gmail.com.
KVKK (Türkiye): See kvkk-aydinlatma.tr.md for Turkish aydınlatma metni.
GDPR / EEA / UK Extension (EN)
Your Rights (EU/EEA/UK)
Subject to applicable law, you may have the right to: access, rectify, erase, restrict processing, object, data portability, and withdraw consent (where processing is consent-based).
Legal Bases
| Processing | Basis |
|---|---|
| Core app features | Contract (Art. 6(1)(b) GDPR) |
| Analytics & crash fixes | Legitimate interest (Art. 6(1)(f)) — you may object |
| Advertising | Consent where required (Art. 6(1)(a)) |
| Push notifications | Consent / legitimate interest per message type |
Supervisory Authority
You may lodge a complaint with your local data protection authority.
International Transfers
Data may be processed in the United States and other countries. We rely on appropriate safeguards (e.g., Standard Contractual Clauses) where required.
Data Protection Contact
sczgamesinfo@gmail.com
UK GDPR
UK users have equivalent rights under UK GDPR. Contact sczgamesinfo@gmail.com for UK requests.
CCPA / CPRA Extension (EN) — California Residents
Categories Collected (12-month)
Identifiers (anonymous app ID, device ID, advertising ID), usage data, diagnostics, commercial information (subscription status).
Sources
Directly from your device and interactions with the app.
Business Purposes
Provide the service, analytics, security, advertising (free tier), subscription management.
Sale / Share
We do not sell personal information for money. Advertising partners may receive data for cross-context behavioral advertising — you may opt out where "Share" applies under CPRA via in-app ad settings or sczgamesinfo@gmail.com.
Rights
Know, delete, correct, opt-out of sale/share, limit use of sensitive personal information, non-discrimination.
Contact
sczgamesinfo@gmail.com — allow 45 days to respond.
Data Inventory Fragment (EN)
Source: legal-inventory.json
Data Collection Table
| Category | Examples | Purpose | Location | Retention | Shared with |
|---|---|---|---|---|---|
| App usage & blocking | Blocked app list, per-app limits, usage duration, wallet balance | Core self-control features | On-device (Drift SQLite) | Until deleted or app uninstall | Not shared |
| Workout & fitness | Rep counts, exercise type, workout history, step counts | Earn screen time, progress tracking | On-device | Until deleted or app uninstall | Not shared |
| Settings & preferences | Notification toggles, daily limits, goals, emergency bypass config | Personalization | On-device (SharedPreferences) | Until deleted | Not shared |
| Anonymous user ID | Firebase anonymous UID | Link FCM, RevenueCat, crash reports | Cloud (Firebase) | Until account deletion requested | Google (Firebase) |
| Push token | FCM device token (hashed path in Firestore) | Deliver push notifications | Cloud (Firestore) | Until token refresh or deletion | Google (Firebase) |
| Analytics events | Screen views, feature usage, session data | Improve app | Cloud (Firebase Analytics) | Per Google retention | |
| Crash diagnostics | Stack traces, device model, OS version | Fix bugs | Cloud (Crashlytics) | Per Google retention | |
| Subscription data | Purchase status, entitlements, product IDs | Premium access | Cloud (RevenueCat + stores) | Per RevenueCat/store policy | RevenueCat, Apple/Google |
| Advertising data | Ad ID, ad interactions, consent status | Show ads to free users | Cloud (AdMob) | Per Google policy | |
| Remote config | Feature flags, minimum app version | App configuration | Cloud (Firebase Remote Config) | Per Google policy |
Data We Do NOT Collect
- Email, phone, or name (no registration form)
- Photos or videos uploaded to our servers (camera processed on-device)
- Accessibility text content, passwords, or message content
- Precise GPS location
- Health records from HealthKit / Health Connect (not integrated)
Account & Deletion
Anonymous Firebase UID is created automatically. You may request deletion of cloud-linked data by contacting sczgamesinfo@gmail.com. Local data is removed when you uninstall the app.
Legal Bases (summary)
| Market | Primary bases |
|---|---|
| EU/EEA/UK | Contract, legitimate interest, consent (ads where required) |
| TR (KVKK) | Contract, explicit consent (ads/marketing where required) |
| US | Notice + opt-out rights where applicable (CCPA/CPRA for CA) |