Privacy Policy
Last updated: May 6, 2026
HallPass ("the app") is a personal screen-time accountability tool. You set limits on apps, and a buddy approves or denies your requests for more time. This policy explains what we collect, why, and what we do with it.
What we collect
Account information
- Phone number — used to sign you in (one-time SMS code) and to identify you to the buddies you add.
- Display name — optional, shown to your buddies in the app.
- Apple Push Notification token — so we can deliver request and approval notifications.
Usage data
- Limits you create — labels, app/category selections, time thresholds, and your linked buddies. Stored on our server so your buddies can approve requests when you're not on the same device.
- Request history — the timestamps of requests you send, who approved or denied them, and any reason text you wrote. Visible to you, the buddy you asked, and (if granted) the people who approve you.
- Buddy connections — phone numbers of buddies you add are stored as cryptographic hashes so we can match them when those people sign in.
What we don't collect
- We do not read your contacts. The Contacts permission, if granted, is used only to populate the in-app buddy picker on your device — selected names and phone numbers stay on your device until you tap Add.
- We do not collect or transmit which apps you actually open or for how long. Screen-time enforcement happens entirely on your device through Apple's Family Controls / Screen Time API. We never see your app usage data.
- We do not use third-party advertising or analytics SDKs.
- We do not track you across other apps or websites.
How we use it
- Authentication — your phone number, via one-time codes delivered through Twilio Verify.
- Core features — sending requests to buddies, delivering approvals or denials back, showing your activity history.
- Push notifications — alerting you when a buddy responds, and alerting your buddy when you ask.
- Service operation — rate-limiting, abuse prevention, and basic operational logging (request paths, response codes — no body content).
Where it lives
- Account and request data is stored in a database operated by Turso (libSQL).
- API requests are routed through Cloudflare Workers.
- SMS delivery is handled by Twilio. Twilio sees your phone number and the verification code.
- Push notifications go through Apple Push Notification Service (APNs).
- We do not sell or share your data with third parties for advertising or any other purpose.
Data retention & deletion
Your account, limits, and request history are kept while your account is active. You can delete your account from inside the app (Settings → Delete account). Deleting removes your user record, sessions, push tokens, and request history within 30 days. Buddy hashes that pointed at your phone number become orphaned and are pruned with normal cleanup.
Children
HallPass is intended for users 13 and older. If you believe a child under 13 has signed up, contact us and we will remove the account.
Your choices
- You can revoke Family Controls authorization at any time in iOS Settings → Screen Time → HallPass. The app will stop applying any new limits.
- You can revoke Contacts and Notifications permissions at any time in iOS Settings.
- You can delete your account from inside the app.
Changes
If we materially change this policy, we'll update the "Last updated" date above and, where the changes are significant, notify active users in-app.
Contact
Questions, deletion requests, or anything else: [email protected].