ScrollscoreScrollscore

Privacy Policy

Last updated: April 20, 2026

This Privacy Policy describes how Scrollscore (“we,” “our,” or “us”) collects, uses, and shares information when you use our iOS application (the “App”). By using the App, you agree to the practices described below.

Plain-English summary

  • Your raw screen-time data never leaves your phone.
  • We see only the daily total you explicitly tap “Post” on — nothing per-minute, nothing continuous.
  • We do not sell your data. Ever.
  • You can delete your account and all associated data anytime from Settings.

1. Information we collect

Information you give us

  • Account info: name, email, profile photo (optional), and a username you choose.
  • Goals + preferences: daily screen-time goal, motivations you selected, country.
  • Posts: each time you tap “Post to Feed,” we receive the total minutes you choose to share for that day, an optional caption, and a visibility setting (public or friends-only).
  • Social interactions: friend connections, reactions (fire, crown, grim), comments you write.

Information collected automatically

  • Device tokens for push notifications.
  • Basic session logs from our backend (timestamps, endpoint paths, response codes) used only to debug and secure the service. These are kept in server logs for up to 30 days.
  • Crash reports from Apple's built-in TestFlight/App Store crash reporting (only if you opt in via iOS Settings → Privacy → Analytics).

What we do NOT collect

  • Per-app screen-time breakdowns in real time.
  • Which specific apps you open, when, or for how long — unless you explicitly opt into sharing that breakdown with a post.
  • Location data, contacts (beyond a one-time hashed lookup if you use “Find friends from Contacts”), camera roll, or microphone.
  • Health data, financial data, or browsing history.

2. Apple Family Controls & on-device processing

Scrollscore uses Apple's Family Controls and DeviceActivity frameworks. These are system-level APIs controlled by iOS, not by us. Two important facts follow from that:

  • Raw activity data lives inside a sandboxed iOS extension on your phone. Our servers cannot read it, even if we wanted to. Apple does not let us.
  • When you tap “Post,” the App sends a single number — your total minutes for the chosen day — plus optional caption and an optional app breakdown list you explicitly opted to share. We never receive a continuous stream of activity.

You can revoke Screen Time access at any time in iOS Settings → Screen Time → Apps with Screen Time Access. Doing so disables most of Scrollscore's features but doesn't delete your account.

3. How we use information

  • To operate and improve the App (post your daily score, render your streak, power the social feed).
  • To generate personalized coaching tips and captions using AI models (see §5).
  • To send push notifications about reactions, comments, and new followers.
  • To authenticate you securely across devices.
  • To contact you about service changes, critical security updates, or beta feedback.
  • To comply with legal obligations.

4. How we share information

We do not sell your personal information. We share limited information in three narrow cases:

  • Other users: your display name, avatar, total minutes for days you post, streak count, reactions, and comments are visible to people you share with (friends-only posts are limited to confirmed friends; public posts may appear in the community feed).
  • Service providers: we use the vendors below to operate Scrollscore. Each receives only the data needed for its function and is contractually required to protect it.
  • Legal compliance: if required by subpoena, court order, or applicable law — we will push back on overbroad requests and notify you when legally permitted.

Service providers we use

  • Supabase — database and authentication hosting.
  • Railway — application server hosting.
  • Anthropic — AI (Claude) for generating coaching tips, insights, and caption suggestions. Prompts include aggregate stats only (total minutes, goal, streak, top-app names) — never your identity or post history.
  • Apple APNs — delivering push notifications.
  • Sign-in providers you choose to use — Apple, Google. We receive only the basic profile fields you approve during sign-in.

5. AI-generated content

Coaching tips, insights, and caption suggestions you see in the App may be generated by Anthropic's Claude models. The prompts we send describe aggregate usage (e.g. “user averages 3h, goal 2h, top app Instagram”) — never your name, email, specific posts, or friends. Anthropic does not train on this data under our API agreement.

6. Children

Scrollscore is not intended for users under 13. If you believe we have collected information from a child under 13, contact us at support@scrollscoreapp.com and we will delete it promptly.

7. Data retention

  • Account data: retained until you delete your account.
  • Posts: retained until you delete them or delete your account.
  • Server logs: 30 days.
  • Backups: rolling 30-day backups for disaster recovery — deletions propagate to backups within that window.

8. Your rights

Depending on where you live, you may have rights to:

  • Access or export a copy of your data.
  • Correct inaccurate data.
  • Delete your data.
  • Restrict or object to certain processing.
  • Withdraw consent you previously gave.
  • Lodge a complaint with your local data protection authority.

You can exercise most of these directly in the App (Settings → Edit Profile, Delete Account). For export requests, email support@scrollscoreapp.com from your account email and we'll respond within 30 days.

California residents (CCPA/CPRA)

California residents have the rights described above plus the right to know what personal information we collect, the right to know whether we sell or share it (we don't), and the right to non-discrimination for exercising these rights.

EEA, UK, and Swiss residents (GDPR)

Our lawful bases for processing are (a) performance of the contract to provide you the service, (b) your consent (for optional features like AI tips), and (c) our legitimate interests in keeping the service secure and reliable. You have the additional right to data portability and to withdraw consent at any time.

9. Security

We use industry-standard encryption in transit (HTTPS/TLS) and at rest. Passwords are hashed with bcrypt. Access to production systems is restricted and audited. No system is 100% secure — if you believe your account has been compromised, contact us immediately.

10. International data transfers

Our servers are hosted in the United States. If you are outside the US, using Scrollscore means your data is transferred to and processed in the US, which may have different privacy laws than your jurisdiction.

11. Changes to this policy

If we make material changes to this Privacy Policy, we will notify you in the App and/or by email before the changes take effect. Continued use of Scrollscore after the effective date means you accept the updated policy.

12. Contact

Questions about this Privacy Policy? Email us at support@scrollscoreapp.com.