Steadwin — Privacy Policy
This policy describes what data Steadwin collects, why, and what we do (and don't do) with it. Steadwin is intentionally privacy-friendly: anonymous use is fully supported, and sign-in is optional — required only if you want cloud backup or a Premium subscription that follows you across devices.
1. The short version
- Sign-in is optional. The fasting tracker, journaling, mood/weight/water logs and notifications all work fully anonymously. Sign in with Apple or Sign in with Google is required only at the paywall, or to enable cloud backup.
- By default, your fasting data stays on your phone — fasts, weight, water, mood, journal — in a local database. Data is uploaded to our self-hosted backend only when you sign in and use cloud sync.
- We collect anonymous usage analytics and crash reports to fix bugs and improve the app. None of it identifies you personally.
- We never sell your data, never show ads, never use cross-app trackers. Sub-processors are listed in §11 below.
- Local deletion = uninstall. Cloud deletion = Profile → Account → Delete account (signed-in users only); we purge cloud rows + photos within 30 days.
2. What Steadwin stores on your device
Stored locally in your phone's app sandbox. Never leaves the device unless you explicitly use Profile → "Copy backup":
- Fasts you log (start time, end time, protocol, notes)
- Weight log entries
- Water intake entries
- Mood entries
- Journal entries
- Your chosen fasting goal (weight / autophagy / mental clarity / energy / spiritual)
- Your preferences (units, theme, language, notifications, quiet hours)
- A randomly-generated anonymous device identifier (a UUID — used only to remember your settings across app reopens; cannot be tied to you personally)
We do not ask for your name, email, phone number, address, or any government identifier. The optional display name in Profile is stored only on your device.
3. What Steadwin sends off the device
Three categories of data leave your device, only for these purposes:
3.1 Crash reports → Sentry
When Steadwin crashes or hits an unexpected error, we send a technical report to Sentry (Functional Software, Inc., USA). The report contains:
- Stack trace (which line of code crashed)
- Device model + OS version
- App version
- A short trail of recent in-app actions (e.g. "opened Profile, tapped Save")
- IP address (used by Sentry to roughly locate the crash; not stored long-term by us)
This does not include your fasting data, weight, journal, or any health information. Reports are retained for 90 days, then auto-deleted. Sentry's policy: sentry.io/privacy.
3.2 Anonymous analytics → PostHog
To understand which features people use, we send anonymous events to PostHog (PostHog Inc., USA + EU):
- "Onboarding started"
- "Goal selected: weight"
- "Fast started"
- "Paywall viewed"
Events are tied to the random UUID stored on your device. They contain no health data, no journal text, no weight numbers, no body data. PostHog's policy: posthog.com/privacy.
3.3 Subscription processing → RevenueCat + Google Play / Apple App Store
If you start a free trial or purchase a subscription, payment is processed by Google Play (Android) or Apple App Store (iOS) — Steadwin never sees your credit-card or banking details. RevenueCat receives a record of the purchase so we know whether you're a paying customer:
- Your stable identifier — anonymous device UUID before sign-in, or your Apple/Google sign-in subject after sign-in (so a subscription bought on one device works on another)
- The subscription product you bought
- Country and currency
- Renewal / expiry date
RevenueCat's policy: revenuecat.com/privacy.
3.4 Sign in with Apple / Sign in with Google → our self-hosted backend
When you choose to sign in (optional — only required at the paywall or for cloud backup), the provider sends us:
- A stable user identifier ("sub") issued by Apple or Google. The only ID we use to recognise you across devices.
- Your email address (Sign in with Apple may use a
@privaterelay.appleid.comproxy if you chose to hide your real email).
We do not request your name, profile picture, contacts, or any other profile detail. Sign-in happens against our self-hosted backend at https://api.ift.deemaco.com, operated by us on infrastructure rented from Hetzner Online GmbH (Germany, EU).
3.5 Cloud sync (optional, signed-in users only) → our self-hosted backend
If you sign in AND have an active Premium subscription, your fasting data syncs to our self-hosted backend so it follows you across devices and survives a phone wipe:
- Fasts, weight logs, water logs, mood entries, journal entries, settings (units / notifications / quiet hours / locale).
- Photos attached to journal entries (Premium feature) — uploaded to MinIO (S3-compatible storage) on the same Hetzner server. Each photo is bound to your user account and removed when you delete the entry or your account.
Server stores: your Apple/Google sub + email; the same row data your device has, with a server-side timestamp for sync conflict resolution; a device record (UUID + platform + last-seen) per device you've signed in on. Encryption: TLS in transit, LUKS at-rest. Not end-to-end encrypted — anyone with administrative access (currently only the developer) could in principle read your data; we minimise this risk by not granting access to anyone else. Retention: cloud data is kept while your account is active. Account deletion (in-app or via email) removes all rows + photos within 30 days.
4. What Steadwin does NOT do
- Sign-in is optional — never required to use the fasting tracker.
- No advertising SDKs (no AdMob, Facebook Audience Network, Unity Ads, etc.).
- No cross-app tracking. We do not read IDFA (iOS) or Advertising ID (Android).
- No selling of data. Ever.
- No reading of contacts, calendar, files outside the app.
- Photos: requested only when you tap "Add a photo" on a journal entry, and only for the photo you select.
- No camera (v1 uses the existing photo library) or microphone access.
- No location collection.
- No social-media SDKs. Sign in with Google uses Google's standard OAuth with no broader Google profile or contacts integration.
5. Permissions Steadwin requests
| Permission | Why |
|---|---|
POST_NOTIFICATIONS (Android 13+) | Local milestone reminders and quiet-hours-respecting end-of-fast notifications. No marketing pushes. |
VIBRATE | Haptic feedback on button taps and milestones (toggleable in Profile). |
6. Cloud features
Steadwin is local-first by default: anonymous users have nothing synced to a server. Cloud backup is part of the Premium subscription and is opt-in via Sign in with Apple or Sign in with Google. See §3.4 (sign-in) and §3.5 (cloud sync) for details on what's stored, where, retention, and deletion.
You can use the entire fasting tracker, journaling, and notifications without ever signing in. None of your fasting, weight, water, mood, or journal data leaves your device unless you sign in.
7. Children's privacy
Steadwin is intended for adults. We do not knowingly collect data from children under 13. Parents who believe their child has used Steadwin can email ahmed@deemaco.com; most data lives only on-device, removed when the app is uninstalled.
8. Your rights — access, deletion, export
- Access (local data): Profile → Data → "Copy backup" exports your on-device dataset as JSON to your clipboard.
- Local deletion: Uninstall the app. Local data is removed by your operating system. We retain no copy.
- Cloud deletion (signed-in users): Profile → Account → Delete account removes all your rows + photos from our backend within 30 days. You can also email ahmed@deemaco.com with the email tied to your sign-in.
- Anonymous analytics deletion: email us with the device UUID (Profile → About). We purge PostHog events tied to that UUID within 30 days.
- Crash report deletion: Sentry auto-deletes after 90 days; for earlier deletion, email us.
If you live in the EU/UK (GDPR), California (CCPA/CPRA), Brazil (LGPD), or other jurisdictions with data-subject rights, you have the right to access, correct, delete, restrict, and port your data, and to lodge a complaint with your local data protection authority. Email ahmed@deemaco.com to exercise any of these rights.
9. Data security
- On-device data is stored in your app sandbox — other apps cannot read it.
- Data sent to Sentry, PostHog, and RevenueCat is transmitted over TLS (HTTPS).
- Steadwin is currently a solo-developer project; no employees have access.
If we suffer a data breach affecting any limited information we collect, we will notify affected users within 72 hours via in-app banner.
10. International data transfers
Sentry: Germany (EU). PostHog: EU + US. RevenueCat: US. Hetzner backend: Germany (EU). Apple ID + Google Identity: US. EU/UK users: US transfers covered by the EU-US Data Privacy Framework or Standard Contractual Clauses, depending on the service.
11. Third-party services Steadwin uses
| Service | Purpose | Data received |
|---|---|---|
| Sentry (Functional Software, Inc.) | Crash reporting | Stack traces, device info, IP, breadcrumbs |
| PostHog Inc. | Product analytics | Anonymous event names + device UUID; also your sign-in user ID if signed in |
| RevenueCat Inc. | Subscription state | Purchase records, sign-in identifier or anonymous UUID |
| Google Play Billing | Android payments | Per Google's own policy |
| Apple App Store | iOS payments (when launched) | Per Apple's own policy |
| Apple ID | Sign in with Apple — only if you sign in | Stable Apple user ID, your email (real or Private Relay) — see §3.4 |
| Google Identity | Sign in with Google — only if you sign in | Stable Google user ID and your email — see §3.4 |
| Hetzner Online GmbH (Germany, EU) | Hosts our self-hosted backend (Postgres + MinIO + API) for any user who signs in | All data described in §3.4 + §3.5 — at rest on disks Hetzner physically operates. Hetzner has no logical access to database content. |
12. Updates to this policy
If we materially change what data is collected or how it is used, we will update the "Last updated" date and show an in-app banner the next time you open Steadwin. EU users will be asked for fresh consent where required. We will not retroactively use historical data in ways inconsistent with the policy in effect at the time of collection.
13. Contact
Email: ahmed@deemaco.com · Repository: github.com/ahmedwahba47/intermittent-fasting-tracker
If you'd like a copy of this policy in Arabic, email us — a translation is in progress.