Privacy Policy

TL;DR: We're a privacy-first app. Most of your data never leaves your device. When you use AI features, your text passes through our secure server to the AI and back — we do not store conversations by default. We have no accounts, no user tracking, and no ads. Here's the full picture.

Overview

Ziggy Zag LLC ("Ziggy Zag", "we", "our", or "us") develops and operates the "i hate the routine" mobile application for iOS and watchOS (the "App"). This Privacy Policy explains how we collect, use, and protect information when you use the App.

We built this app with a simple belief: your data is yours. Privacy isn't a feature we bolt on — it's how the whole thing works. The vast majority of what happens in the App happens entirely on your device and never touches a server.

Version 2 introduced AI features that communicate with a server. We think it's important to be upfront about exactly what that means. This policy covers everything: what we collect (very little), what stays on your device (almost everything), and what passes through our server when you use AI (temporarily, with minimal data retained only for safety and service integrity).

Information We Collect

We collect the bare minimum needed to make the App work. Here is what we collect:

Device Token
When you first open the App, it generates a random identifier (a UUID) and stores it in your device's secure Keychain. This token is sent with server requests so we can manage your rate limits and premium status. It is not tied to your name, email, Apple ID, or any personal information — it is a random string of characters that cannot be used to identify you.

Rate Limit Counts
We store simple counters of how many AI calls you have made — daily, monthly, and lifetime. These are just numbers (like "7"), stored alongside your device token. No details about what you asked, what the AI said, or anything else. Just counts, so we know whether you have reached your limit.

Premium Status
If you subscribe to premium, we store your subscription expiration date alongside your device token. Just a date, so the App knows whether to unlock premium features.

Age Verification Band
If you use AI features, the App asks whether you are 18 or older. We store only a broad age band ("adult" or "under 18") alongside your device token for one year. We do not collect your date of birth or exact age. This is required by Apple's App Review Guideline 4.7 and Anthropic's usage policy.

AI Report Data
If you choose to report an AI response (via the in-app report option), we store: your reason (up to 200 characters), a brief excerpt of the reported message (up to 500 characters), a 16-character hashed reference derived from your device token, and a timestamp. This data is stored for 90 days, then automatically deleted. Reports are user-initiated only — nothing is reported without your action.

Subscription Validation Identifiers
When your subscription is validated, we store a mapping between your Apple transaction ID and your device token in our server-side key-value store. The device mapping expires after 35 days (refreshed on each validation). The transaction binding is retained for the duration of your subscription. These identifiers contain no personal information.

Operational Metadata
When you use AI features, our server logs limited operational data: hashed device identifiers, the AI model used, token counts, estimated cost, and rate-limit status. This does not include the content of your messages or AI responses. It is used for service reliability and abuse prevention — not for advertising, profiling, or behavioral tracking.

That is what we collect. A random ID, some counters, some dates, and — only when you use specific features — the items described above. None of it identifies you personally.

AI Features

The App includes optional AI features powered by Claude, a large language model made by Anthropic, PBC. Here is exactly how they work:

When you use an AI feature — like asking for help building a routine, planning your day, or triaging your thoughts — your text travels from the App, through our secure server (hosted on Cloudflare), to the Anthropic API, and the response comes back the same way. By default, our server acts as a pass-through: it forwards your request to the AI, returns the response, and does not store your conversation. We do not manually review your conversations; AI output is automatically scanned for safety before delivery. Two exceptions: (1) if you choose to report an AI response, a brief excerpt (up to 500 characters) is stored for 90 days so we can review it; (2) limited safety and operational metadata (such as hashed identifiers, model used, and token counts — not message content) may be logged for service reliability and abuse prevention.

Photos and AI: Photos are only sent to the AI when you explicitly tap "Ask Claude about this." The App will never send your photos to a server in the background or without your action.

Calendar context: When you use AI planning features, your calendar event titles and times may be included in the AI request so Claude can help you plan around your schedule. This information passes through the same secure path and is not stored on our servers.

Consent: Before you use AI features for the first time, the App displays an explicit consent dialog explaining that your text will be sent to Claude through our server. You must affirmatively accept to use AI features. You can decline, and the App works without AI — you just won't get AI-powered suggestions.

Sensitive information: Please avoid including sensitive personal information in AI conversations — such as government IDs, financial account numbers, or detailed medical diagnoses. The App is a planning tool, not a medical or financial service, and AI features are not designed to handle that kind of data.

AI limitations: AI-generated suggestions are for convenience and planning purposes only. They are not professional advice of any kind. The App is not a medical device and is not a substitute for professional medical, psychological, or therapeutic guidance. You are responsible for any decisions you make based on AI suggestions.

Anthropic's data policy: Anthropic retains API request logs for up to 30 days, then automatically deletes them. They do not use API data to train their models. In rare cases where content is flagged by their automated safety systems (for example, content that may involve harm or abuse), it may be retained for up to 2 years for abuse prevention. By using the App's AI features, you acknowledge this third-party retention. For details, see Anthropic's privacy policy. You can also contact Anthropic directly at privacy@anthropic.com regarding their data handling.

On-Device Data

The vast majority of what the App does happens entirely on your device. None of the following data ever leaves your phone or watch:

Calendar: The App reads your Apple Calendar (via EventKit) to display events in your day planner and calculate scheduling conflicts. Your calendar data stays on your device. (Event titles may be included in AI requests if you use AI planning features — see above.)

Location: Used only for calculating travel time to calendar events via Apple Maps. Your location data never leaves your device and is never sent to any server.

Camera and Photos: Used for capturing thoughts via photo. Photos are stored locally on your device. They are never sent anywhere unless you explicitly tap "Ask Claude about this."

Microphone and Speech: Voice input is transcribed on your device using Apple's built-in Speech framework. The App requests on-device transcription when your device and language support it. For some devices or languages, Apple's Speech framework may use server-based recognition per Apple's own policies. Audio is not stored by the App — only the transcribed text is saved locally.

Contacts: Accessed only when you tap "Add to Contacts" for a specific item. The App writes to your device contacts via Apple's Contacts framework. No contact data is ever sent to any server.

OCR (Text Recognition): The App can extract text from photos using Apple's on-device Vision framework. This happens entirely on your device — the extracted text is saved locally and never sent to a server.

Routines, steps, checklists, thoughts, and planner data: All stored locally on your device using Core Data. Never transmitted to any server, never backed up by us, never accessible to us.

If you use iCloud Backup, your App data may be included in that backup per your device settings — but that is between you and Apple, not us. Your device token is stored only in the local Keychain on your device and is not synced to iCloud Keychain.

Apple Watch

If you use the App on Apple Watch, your data syncs between your iPhone and Watch using Apple's WatchConnectivity framework. This sync happens directly between your paired devices, does not pass through any third-party servers, and is managed entirely by Apple's secure protocols. We never see or have access to this synced data.

Third-Party Services

We use three third-party services. There are no tracking SDKs, no ad networks, and no behavior analytics tools in the App. Here is what each service does:

Anthropic (Claude AI)
Processes AI requests when you use AI features. Anthropic retains API logs for up to 30 days, then deletes them. They do not train on API data. Safety-flagged content may be retained up to 2 years. Anthropic also collects standard API usage metrics (request counts, token usage) on their developer platform. See Anthropic's privacy policy.

Apple
Handles all subscription payments and in-app purchases through the App Store. When you subscribe, your Apple transaction ID passes through our server's memory for validation — we forward it to Apple's Server API, confirm your subscription is active, and to support ongoing subscription verification and prevent abuse, your transaction ID and device token are stored as a mapping in our server-side key-value store. The device mapping expires after 35 days (refreshed on each validation). The transaction binding is retained for the duration of your subscription. We never receive your name, email, or payment details. See Apple's privacy policy.

Cloudflare
Hosts our server infrastructure (the proxy that forwards AI requests and validates subscriptions). Cloudflare does not log request or response bodies — your messages and images are never stored on their servers. However, Cloudflare collects standard operational metrics as part of running their platform, including request counts, response status codes, CPU time, and bandwidth. This is infrastructure-level data, not user behavior tracking. See Cloudflare's privacy policy.

These are the only third-party services that receive any data from the App. We maintain appropriate data processing agreements with our service providers and only share the minimum data necessary for each service to function as described above. If we add or remove service providers in the future, we will update this policy accordingly. We are not responsible for the privacy practices of these third-party services and encourage you to review their privacy policies.

What We Don't Do

• No accounts. No email, no username, no password, no sign-up. Ever.
• No user behavior tracking. We do not track which screens you visit, how long you spend in the App, what features you use, or any usage patterns. There are no analytics SDKs in the App — no Google Analytics, no Firebase, no Facebook SDK, no crash reporting services. Our server logs limited operational metadata (token counts, cost estimates, rate-limit status) for service integrity — not for behavior profiling or marketing.
• No advertising. No ad networks, no ad identifiers, no ad tracking. The App has zero ads.
• No personal information. We do not know your name, email, location, or anything else that identifies you. The only demographic data we store is a broad age band (18+ or under 18) required for AI compliance, with no date of birth or exact age.
• No conversation history. We do not store your full AI conversations. The only exception: if you actively report an AI response, a brief excerpt (up to 500 characters) is retained for 90 days for safety review, then automatically deleted.
• No data sales. We do not sell, rent, lease, or trade your personal information to any third party, for any reason.

A note on infrastructure metrics: While we do not run any analytics ourselves, our infrastructure providers (Cloudflare and Anthropic) collect standard operational metrics as part of running their platforms — things like request counts, response codes, and API token usage. This is standard for any cloud service and does not include the content of your requests or any personally identifiable information.

Data Security

All communication between the App and our server uses HTTPS (TLS encryption), meaning your data is encrypted in transit. On-device data is stored using Apple's Core Data framework within the App's sandboxed container, and your device token is stored in the iOS Keychain (Apple's encrypted credential storage).

No security system is perfect. While we take reasonable measures to protect the limited data that passes through our server, we cannot guarantee absolute security. In the unlikely event of a data breach affecting device tokens or other server-side data, we will notify affected users as promptly as practicable and in accordance with applicable law, and we will post a notice on our website describing the incident and steps taken to address it. If you become aware of a security issue, please contact us at anthonyb@ziggy-zag.com.

Data Retention

Here is exactly how long data is retained:

• Daily AI call counts: 48 hours, then automatically deleted.
• Monthly AI call counts: 35 days, then automatically deleted.
• Lifetime AI call count: Persists as long as your device token exists. This single number is retained because it is necessary to enforce the App's free-tier usage limits. It contains no content or personally identifiable information.
• Premium status: Refreshed roughly every 24 hours or upon subscription expiry.
• Anthropic API logs: Up to 30 days, then automatically deleted by Anthropic. Safety-flagged content may be retained up to 2 years.
• Infrastructure metrics: Retained by Cloudflare and Anthropic per their respective data retention policies.
• On-device data: Persists until you delete the App. Deleting the App removes all local data.
• Device-to-subscription mapping: 35 days, refreshed on each subscription validation.
• Transaction-to-device binding: Retained for the duration of your subscription.
• Age verification band: 1 year, then automatically deleted.
• AI report data: 90 days, then automatically deleted.
• Moderation incident metadata: 90 days. Hashed device reference and timestamp only — no message content.
• Anti-abuse rate counters: 2 hours, then automatically deleted.

Your Choices and Rights

AI features are opt-in. The App asks for your consent before the first AI use. If you decline, AI features are disabled and no AI prompt or response processing occurs on our server. Subscription validation still communicates with our server if you are a subscriber. Age verification and report submissions send limited data to our server only when you actively use those features.

Every device permission is optional. Calendar, location, camera, microphone, contacts — the App requests each permission individually, and you can decline any or all of them. The App works without them; you just get fewer features.

Delete the App = delete your data. All on-device data is removed when you uninstall. Server-side data (your anonymous device token, rate limit counts, and premium status) will expire automatically via the retention periods listed above. There is no account to delete because there is no account.

Request deletion of server-side data. If you want your server-side data removed before it expires naturally, email us at anthonyb@ziggy-zag.com with "Data Deletion Request" in the subject line. Include any details that may help us locate your data (such as approximate dates of use). We will process your request within 30 days.

International Users and Your Privacy Rights

The App is available worldwide. Our servers are located in the United States (Cloudflare's global network) and data processed by Anthropic is handled in accordance with their privacy policy. By using AI features, your data may be transferred to and processed in the United States.

For users in the European Economic Area (EEA), United Kingdom, and Switzerland: To the extent that EU/UK data protection law (GDPR) applies to our processing of your data, we rely on the following legal bases: for device token generation, rate limiting, and subscription validation, we process data on the basis of legitimate interest in providing and securing the App's functionality (Article 6(1)(f) GDPR); for AI features that transmit your text to third-party services, we process data on the basis of your explicit consent, which you provide through the in-app consent dialog before first use (Article 6(1)(a) GDPR).

You have the right to access, correct, delete, restrict processing of, or request portability of your personal data. You also have the right to withdraw consent for AI features at any time (by disabling AI in the App). Because we do not collect personal information that identifies you, most of these rights are satisfied by design — we cannot look up "your" data because we do not know who you are. To exercise any of these rights, contact us at anthonyb@ziggy-zag.com. If you have concerns about our data practices, you may also lodge a complaint with your local data protection authority.

Data processed through our services may be transferred to the United States. We maintain data processing agreements with our service providers (Anthropic and Cloudflare), and such transfers are made pursuant to appropriate safeguards in accordance with applicable data protection law.

For users in California: Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have the right to know what personal information we collect, to request deletion, to request correction of inaccurate personal information, and to opt out of the "sale" or "sharing" of personal information. We do not sell or share your personal information with third parties for their own commercial or marketing purposes. The limited data we collect (anonymous device token, usage counts, subscription date) does not identify you. To exercise any of these rights, contact us at anthonyb@ziggy-zag.com with "Privacy Rights Request" in the subject line. We will respond within the timeframes required by applicable law.

Notifications

The App may request permission to send local notifications during your routines. These notifications are generated and delivered entirely on your device, do not transmit any data to external servers, and can be disabled at any time in your device's Settings. We do not send marketing notifications, re-engagement prompts, or "come back!" reminders.

Children's Privacy

The App is not directed at children under 13 (or the applicable minimum age in your jurisdiction) and does not knowingly collect personal information from children. AI features specifically require a declaration that the user is 18 or older; users who indicate they are under 18 are blocked from AI features entirely. Since we collect no names, emails, or accounts from any user — the App does not pose the data collection risks typically associated with children's privacy concerns.

If you are a parent or guardian and believe a child under 13 has used the App's AI features (which transmit text to third-party servers), please contact us at anthonyb@ziggy-zag.com with "Child Privacy Concern" in the subject line. We will take steps to delete any associated server-side data within 30 days of your request.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the App, our practices, or applicable law. When we do, we will post the revised version at this URL with a new effective date. For material changes that affect how we collect, use, or share your data, we will provide at least 30 days' notice through the App or on our website before the changes take effect. Your continued use of the App after the updated policy's effective date indicates your acceptance of the changes. If you do not agree with a revised policy, you may stop using the App and delete it from your device.

Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Michigan, United States, without regard to its conflict of law provisions. However, California residents retain all rights afforded to them under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Residents of the European Economic Area, United Kingdom, and Switzerland retain all rights afforded to them under the General Data Protection Regulation (GDPR) and applicable local data protection law. Nothing in this policy limits any mandatory consumer protection rights you may have under the laws of your jurisdiction of residence.