Steadwin — Privacy Policy
This policy describes what data Steadwin collects, why, and what we do (and don't do) with it. Steadwin is intentionally privacy-friendly: there is no login, no account creation, and your fasting data stays on your device by default.
1. The short version
- No account, no login. Ever.
- Your fasting data stays on your phone — fasts, weight, water, mood, journal — all in a local database. Not uploaded to any server unless you explicitly opt in to a future Cloud Backup feature.
- We collect anonymous usage analytics and crash reports to fix bugs and improve the app. None of it identifies you personally.
- We never sell your data, never show ads, never use trackers beyond Sentry (crashes) + PostHog (anonymous analytics) + RevenueCat (subscription state).
- Uninstall = delete. No retained copies on our servers. We don't have servers (yet).
2. What Steadwin stores on your device
Stored locally in your phone's app sandbox. Never leaves the device unless you explicitly use Profile → "Copy backup":
- Fasts you log (start time, end time, protocol, notes)
- Weight log entries
- Water intake entries
- Mood entries
- Journal entries
- Your chosen fasting goal (weight / autophagy / mental clarity / energy / spiritual)
- Your preferences (units, theme, language, notifications, quiet hours)
- A randomly-generated anonymous device identifier (a UUID — used only to remember your settings across app reopens; cannot be tied to you personally)
We do not ask for your name, email, phone number, address, or any government identifier. The optional display name in Profile is stored only on your device.
3. What Steadwin sends off the device
Three categories of data leave your device, only for these purposes:
3.1 Crash reports → Sentry
When Steadwin crashes or hits an unexpected error, we send a technical report to Sentry (Functional Software, Inc., USA). The report contains:
- Stack trace (which line of code crashed)
- Device model + OS version
- App version
- A short trail of recent in-app actions (e.g. "opened Profile, tapped Save")
- IP address (used by Sentry to roughly locate the crash; not stored long-term by us)
This does not include your fasting data, weight, journal, or any health information. Reports are retained for 90 days, then auto-deleted. Sentry's policy: sentry.io/privacy.
3.2 Anonymous analytics → PostHog
To understand which features people use, we send anonymous events to PostHog (PostHog Inc., USA + EU):
- "Onboarding started"
- "Goal selected: weight"
- "Fast started"
- "Paywall viewed"
Events are tied to the random UUID stored on your device. They contain no health data, no journal text, no weight numbers, no body data. PostHog's policy: posthog.com/privacy.
3.3 Subscription processing → RevenueCat + Google Play / Apple App Store
If you start a free trial or purchase a subscription, payment is processed by Google Play (Android) or Apple App Store (iOS) — Steadwin never sees your credit-card or banking details. RevenueCat receives a record of the purchase so we know whether you're a paying customer:
- Your anonymous UUID
- The subscription product you bought
- Country and currency
- Renewal / expiry date
RevenueCat's policy: revenuecat.com/privacy.
4. What Steadwin does NOT do
- No login. No email collection. No phone number collection.
- No advertising SDKs (no AdMob, Facebook Audience Network, Unity Ads, etc.).
- No cross-app tracking. We do not read IDFA (iOS) or Advertising ID (Android).
- No selling of data. Ever.
- No reading of contacts, calendar, photos, files.
- No camera or microphone access.
- No location collection.
- No social-media SDKs.
5. Permissions Steadwin requests
| Permission | Why |
|---|---|
POST_NOTIFICATIONS (Android 13+) | Local milestone reminders and quiet-hours-respecting end-of-fast notifications. No marketing pushes. |
VIBRATE | Haptic feedback on button taps and milestones (toggleable in Profile). |
6. Cloud features (not yet enabled)
Steadwin v1 is local-first: nothing syncs to a server. A future Premium Cloud Backup will sync your data to our server (self-hosted, EU). When that feature ships, this policy will update to describe what is stored, for how long, encryption practices, and deletion process.
Until then, no health, fasting, weight, water, mood, or journal data is sent to any server, ever.
7. Children's privacy
Steadwin is intended for adults. We do not knowingly collect data from children under 13. Parents who believe their child has used Steadwin can email ahmed@deemaco.com; most data lives only on-device, removed when the app is uninstalled.
8. Your rights — access, deletion, export
- Access: Profile → Data → "Copy backup" exports your full dataset as JSON to your clipboard.
- Deletion: Uninstall the app. We retain no copy.
- Anonymous analytics deletion: email ahmed@deemaco.com with the device UUID (Profile → About). We purge PostHog events tied to that UUID within 30 days.
- Crash report deletion: Sentry auto-deletes after 90 days; for earlier deletion, email us.
If you live in the EU/UK (GDPR), California (CCPA/CPRA), Brazil (LGPD), or other jurisdictions with data-subject rights, you have the right to access, correct, delete, restrict, and port your data, and to lodge a complaint with your local data protection authority. Email ahmed@deemaco.com to exercise any of these rights.
9. Data security
- On-device data is stored in your app sandbox — other apps cannot read it.
- Data sent to Sentry, PostHog, and RevenueCat is transmitted over TLS (HTTPS).
- Steadwin is currently a solo-developer project; no employees have access.
If we suffer a data breach affecting any limited information we collect, we will notify affected users within 72 hours via in-app banner.
10. International data transfers
Sentry: Germany (EU). PostHog: EU + US. RevenueCat: US. EU/UK users: US transfers covered by the EU-US Data Privacy Framework or Standard Contractual Clauses, depending on the service.
11. Third-party services Steadwin uses
| Service | Purpose | Data received |
|---|---|---|
| Sentry (Functional Software, Inc.) | Crash reporting | Stack traces, device info, IP, breadcrumbs |
| PostHog Inc. | Product analytics | Anonymous event names + device UUID |
| RevenueCat Inc. | Subscription state | Purchase records, anonymous UUID |
| Google Play Billing | Android payments | Per Google's own policy |
| Apple App Store | iOS payments (when launched) | Per Apple's own policy |
12. Updates to this policy
If we materially change what data is collected or how it is used, we will update the "Last updated" date and show an in-app banner the next time you open Steadwin. EU users will be asked for fresh consent where required. We will not retroactively use historical data in ways inconsistent with the policy in effect at the time of collection.
13. Contact
Email: ahmed@deemaco.com · Repository: github.com/ahmedwahba47/intermittent-fasting-tracker
If you'd like a copy of this policy in Arabic, email us — a translation is in progress.