Privacy

Privacy Policy

How Escape handles information — which is: almost none. No accounts, no personal data on our servers, no advertising, no data sales. Full details, jurisdiction-by-jurisdiction, below.

Effective Date: May 24, 2026 Last Updated: May 24, 2026

1. Introduction

Escape ("we", "us", "our") is an iOS application. We respect your privacy and are committed to protecting it through our compliance with this Privacy Policy ("Policy"). All contact regarding this Policy: [email protected].

This Policy describes how we handle information when you use the Escape mobile application and related services (collectively, the "Service"). Privacy is not just a feature of Escape — it is a foundational design choice. We have built the Service so that we do not collect, store, or have access to your personal data.

By using the Service, you agree to the terms of this Policy. If you do not agree, please do not use the Service.

This Policy is incorporated by reference into our Terms of Use, available at escapethegrip.com/terms.

2. Plain-English Summary

The full details are below, but in plain English:

We do not collect, store, or process your personal data on any servers operated by us. We have no user accounts, no email collection, no profile system, no server-side database of users.
All your data stays on your device. Streak data, journal entries, voice notes, course progress, custom-block lists, and selected apps for blocking are stored locally on your device using Apple's secure storage.
Optional iCloud sync uses your own Apple iCloud account, encrypted by Apple, and we do not have access to it.
One anonymous analytics service (TelemetryDeck) receives anonymous, aggregated, non-identifying event signals like "an app was opened" or "a paywall was viewed" — never your name, email, location, IP address, or any content you create.
One website analytics service (GoatCounter) runs only on the website, counts page views in aggregate only, and discards IP addresses after deriving country.
We do not sell, rent, lease, share, or trade any data to advertisers, third parties, or anyone else. We have no advertising in the app and no advertising partners.
Apple processes all payments. We never see your name, email, address, credit card, or any other payment information.
The Service is funded entirely by subscriptions. No advertising, no data sales, no sponsored content, no affiliate revenue. This is a deliberate business-model choice that aligns our incentives with your privacy.

If you want full details, the sections below cover each topic.

3. Who We Are

The Service is operated by the operator of Escape. All contact:

Email: [email protected]

For purposes of European Union General Data Protection Regulation (GDPR), United Kingdom GDPR, and similar laws, the operator of Escape is the "data controller" with respect to any limited personal data that may be processed in connection with the Service, and may be reached at the email address above.

4. Information We Do NOT Collect

To make our privacy posture explicit, here is what we do not collect:

We do not collect your name, real or chosen
We do not collect your email address
We do not collect your phone number
We do not require you to create an account or register
We do not collect your physical address
We do not collect your payment information (Apple handles all payments)
We do not collect your IP address in identifiable form
We do not collect precise or approximate location data
We do not access your contacts, photos, microphone, camera, or other device sensors except as described below
We do not read your messages, emails, or browsing history
We do not monitor your activity outside the Service — Escape has no awareness of what you do in other apps, on the web, or anywhere else on your device
We do not collect your journal entries, voice notes, or any other content you create in the Service
We do not use device fingerprinting
We do not use Apple's advertising identifier (IDFA) and we do not display the App Tracking Transparency permission prompt
The Apple Identifier for Vendor (IDFV) is used briefly on your device only, as one input to our anonymous analytics hash described in Section 5.1 below — the raw IDFV is never transmitted off your device
We do not use third-party advertising or analytics SDKs beyond the single anonymous service named below
We do not sell, rent, lease, or trade any data, period
We do not share data with data brokers
We do not have advertising partners or affiliates that we share data with

Our App Store privacy nutrition label is "Data Not Collected", and this Policy reinforces and explains that commitment.

5. Information We Do Collect (Limited)

5.1 Anonymous Analytics via TelemetryDeck (iOS App)

We use TelemetryDeck, a privacy-focused, EU-hosted analytics service operated by TelemetryDeck UG (haftungsbeschränkt), Germany, to receive anonymous, aggregated usage signals that help us understand how the Service is used.

Technical implementation. TelemetryDeck uses a SHA-256 cryptographic hash derived from a per-install salt to create an irreversible, anonymous identifier. This means:

The hash is mathematically irreversible — no one (including us or TelemetryDeck) can convert it back to your device's identifier
The salt is unique per installation, so the same device produces a different identifier if the app is reinstalled
The identifier is anonymous and cannot be cross-referenced with other apps, websites, or services

What TelemetryDeck receives:

Anonymous event signals (e.g., "user viewed paywall", "user completed onboarding screen 5", "subscription started", "course lesson opened")
Anonymous numeric counts (e.g., streak length bucket, day count of a course)
Anonymous categorical labels (e.g., "monthly" vs "annual" subscription plan)
Coarse, non-identifying device metadata (iOS major version, device family generation, app version, country bucketed at a level that prevents identification)

What TelemetryDeck does NOT receive (i.e., what is NEVER transmitted off your device):

Your name, email, phone number, or any other contact information
Your IP address (TelemetryDeck does not log IP addresses)
Your Apple ID, your IDFA (Apple's advertising identifier), or any cross-app tracking identifier
Your raw IDFV (the Apple Identifier for Vendor). The IDFV is used briefly and locally as one input to the salted SHA-256 hash; it is then discarded, and only the irreversible hash is transmitted. The IDFV itself never leaves your device.
Your journal entries, voice notes, or any user-created content
Your browsing history, blocked sites, or which apps you have selected for blocking
Precise device information (specific model, serial number, MAC address, etc.)
Any data that could be used to identify you individually or re-identify you across other apps or services

For more information about TelemetryDeck's privacy practices, see telemetrydeck.com/privacy.

5.1.1 Website Analytics via GoatCounter

Our website at escapethegrip.com uses GoatCounter, an open-source, privacy-friendly analytics service, for aggregate page-view counting only. GoatCounter does not use cookies and does not require a consent banner under EU/UK/California rules because no personal data is collected.

What GoatCounter receives:

Page URL visited
Referrer URL (where the visitor came from)
Browser family and screen size (for aggregate compatibility statistics)
Country (derived from IP address, then the IP address is immediately discarded)

What GoatCounter does NOT receive:

Your IP address (discarded after country derivation; never stored)
Your name, email, or any contact information
Anything you type on the website (we have no form-tracking)
Activity related to the in-app Service (this section is about the website only)
Cookies (GoatCounter is cookie-free by design)

This section applies only to the website. The iOS Service does not use GoatCounter.

For more information, see goatcounter.com/help/privacy.

5.2 Local Data Stored on Your Device

The Service stores the following data locally on your device only (using Apple's UserDefaults, Keychain, and file-system storage):

Your current streak start date, attempt count, and streak history
Journal entries (text, optional voice notes recorded by you)
Course progress, completed lessons, reflections you write
Practice game results (Mirror sessions, Quiz answers, etc.)
Custom site-block list (URLs you have added)
Selected apps for the iOS-level blocking feature (stored as opaque Apple tokens)
Notification preferences and reminder times
PIN code (stored in Apple's secure Keychain if you enable PIN protection)
Onboarding answers (your reasons, frequency, age range, etc.)
App usage state (current page, last-opened lesson, etc.)

This data never leaves your device except through the optional iCloud sync described below.

5.3 Optional iCloud Sync (Your Apple iCloud)

If you have iCloud enabled on your device and have allowed apps to use iCloud, the Service uses Apple's iCloud Key-Value Storage to sync a limited subset of the local data described above across your own Apple devices (e.g., from your iPhone to your iPad).

Important:

iCloud sync uses your Apple iCloud account, encrypted by Apple's standard iCloud encryption
We have no access to your iCloud data — we cannot view, retrieve, modify, or delete it
Apple controls iCloud encryption keys, storage, and access policies. See apple.com/legal/privacy and Apple's iCloud security overview for details
You can disable iCloud sync at any time in your device's iCloud settings

Items synced via iCloud (when enabled) include: streak data, journal entries (text only — not voice note audio files), course progress, custom-block list, app-blocking selection intent (per-device — Apple's tokens are device-specific by design), preferences, and personalization answers.

Items NOT synced via iCloud: PIN code (device-local only, in Keychain), voice note audio files (device-local only, in Documents folder), cached subscription state (device-local for security).

5.4 Apple — In-App Purchases

When you purchase a subscription, Apple processes the payment through its App Store and StoreKit systems. We do not receive, see, or store any payment information.

We receive only an opaque, verified transaction record from Apple confirming that a valid subscription is active. This record contains no personal information about you. Your Apple ID is not visible to us.

For information about Apple's privacy practices regarding your purchases, see apple.com/legal/privacy.

5.5 Apple — Family Controls and Screen Time APIs

When you enable the iOS-level app-blocking feature, the Service uses Apple's Family Controls, ManagedSettings, and DeviceActivity frameworks. These are local-only Apple APIs and require your explicit permission via an iOS system prompt.

No information about which apps you have selected for blocking is sent to us or to any third party. Apple's design uses opaque tokens that are meaningful only to the local device. Even if we wanted to know which apps you blocked, the Apple API would not tell us — by design.

These APIs may, separately, share information with Apple for purposes Apple controls (such as system diagnostics). See Apple's privacy policy for details.

5.6 Apple — Live Activities

If you enable Live Activities for Escape, the Lock Screen and Dynamic Island may show a countdown when you take a break from app-blocking. This is rendered by an iOS extension on your device. No information about the countdown is transmitted to us.

6. How We Use Information

The limited information we do receive (anonymous TelemetryDeck signals) is used solely for:

Understanding how features of the Service are used at an aggregate level
Identifying technical issues, errors, and crashes at an aggregate level
Measuring funnel conversion (e.g., what percentage of users complete onboarding, view the paywall, start a subscription)
Improving the Service based on aggregate patterns

We do not use information for:

Targeted advertising
Building user profiles
Re-identifying individual users
Selling, sharing, or licensing to third parties
Training artificial intelligence, machine learning, or large language models — whether ours or any third party's — using any user-created content, journal entries, voice notes, or any personally-attributable signals
Cross-context behavioral advertising (as defined by U.S. state privacy laws including California's CPRA)
Any purpose other than as described in this Policy

Apple's App Tracking Transparency. Escape does not track you across other companies' apps and websites. We do not call Apple's `requestTrackingAuthorization` API, and we do not use Apple's advertising identifier (IDFA). No ATT permission prompt is shown because no tracking is performed.

7. Legal Basis for Processing (GDPR / UK GDPR)

If you are located in the European Union, European Economic Area, or United Kingdom, the legal bases for our limited processing of any personal data are:

(a) Legitimate interest — for receiving anonymous analytics signals to improve the Service (Article 6(1)(f) GDPR)

(b) Performance of a contract — for delivering the Service you have downloaded (Article 6(1)(b) GDPR)

(c) Consent — to the extent any processing relies on your consent, you can withdraw it by deleting the Service from your device

Because we collect no personally identifiable information, most GDPR processing categories are not applicable.

8. Sharing of Information

We do not sell, rent, lease, trade, or otherwise share data with third parties for marketing, advertising, or commercial purposes.

The only third parties that receive any information are:

Apple Inc. — for the operation of the App Store, in-app purchases, push notifications, iCloud sync (your own account), Family Controls APIs, and other system services that Apple provides directly to your device
TelemetryDeck GmbH — for anonymous analytics signals as described in Section 5.1

We may disclose information if required to do so by law, regulation, legal process, or governmental request, or to:

(a) Comply with applicable law or respond to a valid legal request (b) Protect our rights, property, or safety, or that of our users or others (c) Detect, prevent, or address fraud, security, or technical issues (d) Enforce our Terms of Use

Because we hold no user-identifying information, the practical effect of any such request would be that we have no information to provide.

9. International Data Transfers

Because we do not store personally identifiable information ourselves, no international data transfers of your personal data occur through us.

The third parties we use have the following data-handling locations:

Apple — Operates globally; storage and processing locations governed by Apple's privacy policy
TelemetryDeck — Servers are located in the European Union (Germany). For users outside the EU, signals are transmitted to TelemetryDeck's EU infrastructure. Anonymous signals are not personal data under GDPR; nonetheless, TelemetryDeck's infrastructure is GDPR-compliant by design

10. Data Retention

Because all your data is stored locally on your device (and, if enabled, in your own iCloud account), retention is controlled entirely by you:

Data stays on your device for as long as the Service is installed and you do not delete it
Using Settings → Delete all my data within the Service removes all locally stored data immediately
Uninstalling the Service deletes all device-local data (note: iCloud-synced data persists in your iCloud account until you also delete it from another device or from iCloud settings)
TelemetryDeck retains anonymous signals for analytics purposes; because they are not linked to you individually, retention does not affect your privacy

We do not maintain server-side records of users, so we have nothing to retain or delete on our side.

11. Your Rights

11.1 Universal Rights (Available to All Users)

Regardless of your jurisdiction, you have the following practical rights:

Access and Review. All your data is on your device. You can view it in the Service.
Deletion. Use Settings → Delete all my data to immediately delete all locally stored data. Uninstalling the Service deletes all data from your device. iCloud data can be deleted via iCloud settings.
Stop Using the Service. You can stop using the Service at any time by uninstalling.
Disable Analytics. You can opt out of TelemetryDeck analytics by enabling Apple's "Limit Ad Tracking" setting at the system level, or by contacting us as described below to request that we exclude your future events.

11.2 Rights for European Union, EEA, United Kingdom, and Switzerland Residents

If you are located in the EU, EEA, UK, or Switzerland, you have the following rights under the GDPR or equivalent laws:

(a) Right of Access — to be informed about whether we process your personal data and, if so, to receive a copy (b) Right to Rectification — to correct inaccurate or incomplete personal data (c) Right to Erasure (Right to Be Forgotten) — to have your personal data erased (d) Right to Restriction of Processing — to limit how your personal data is used (e) Right to Data Portability — to receive your personal data in a structured, commonly used format (f) Right to Object — to object to processing based on legitimate interest (g) Right Not to Be Subject to Automated Decision-Making (which we do not do) (h) Right to Withdraw Consent — where processing is based on consent (i) Right to Lodge a Complaint with your local data protection authority

Because we hold no personally identifiable information, the effect of most of these rights is automatic: there is no personal data on our side to access, rectify, erase, or port. To exercise any right, contact [email protected].

11.3 Rights for California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

(a) Right to Know what personal information is collected, used, shared, or sold (b) Right to Delete personal information collected from you (c) Right to Correct inaccurate personal information (d) Right to Opt Out of the sale or sharing of personal information (e) Right to Limit Use of sensitive personal information (f) Right to Non-Discrimination for exercising your rights

We do not sell or share personal information for purposes covered by the CCPA. We do not use sensitive personal information beyond what is necessary for the Service.

To exercise these rights, contact [email protected].

11.4 Rights for Canadian Residents (PIPEDA / Provincial Laws)

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws (including Quebec's Law 25), substantially similar to those listed above. To exercise these rights, contact [email protected].

11.5 Rights for Residents of Other U.S. States

If you reside in a U.S. state that has adopted a comprehensive consumer privacy law — including but not limited to Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Florida (FDBR), Oregon (OCPA), Montana (MCDPA), Tennessee (TIPA), Iowa (ICDPA), Indiana (ICDPA), Delaware (DPDPA), New Jersey (NJDPA), New Hampshire (NHDPA), Maryland (MODPA), Minnesota (MCDPA), Nebraska (NIPA), and Rhode Island (DTPA) — you have rights substantially similar to those described above for California residents, including the rights to access, correct, delete, port (where applicable), and opt out of targeted advertising or sale of personal information.

Because we do not collect personally identifiable information, sell personal information, share it for cross-context behavioral advertising, or engage in profiling for decisions producing legal effects, most of these rights are satisfied by the design of the Service itself. To exercise any right, contact [email protected].

11.6 Quebec Law 25 Specific Rights

If you reside in the Province of Quebec, Canada, you have specific rights under the Act respecting the protection of personal information in the private sector (Law 25), including:

(a) The right to be informed about the collection, use, and disclosure of your personal information (b) The right to access and rectify personal information held about you (c) The right to portability — to receive personal information communicated by technological means in a structured, commonly-used format (d) The right to withdraw consent (e) The right to be informed of automated decision-making that produces legal or similarly significant effects (we do not engage in any such automated decision-making) (f) The right to file a complaint with the Commission d'accès à l'information du Québec

Because we hold no personally identifiable information, the practical effect of most of these rights is immediate. To exercise any right or make a complaint, contact [email protected].

11.7 Rights in Other International Jurisdictions

If you are in another jurisdiction with applicable privacy laws (such as Brazil's LGPD, India's Digital Personal Data Protection Act 2023, Australia's Privacy Act, Singapore's PDPA, South Korea's PIPA, Japan's APPI, or others), you may have similar rights. To exercise them, contact [email protected].

12. Children's Privacy

The Service is rated 17+ on the App Store and is not intended for use by anyone under the age of 17 (or the legal age of majority in your jurisdiction, whichever is older).

We do not knowingly collect personal information from children. If we learn that we have inadvertently collected personal information from a child under the applicable age, we will delete it as soon as practicable.

If you are a parent or guardian and believe your child has provided us with personal information, please contact [email protected].

For purposes of the U.S. Children's Online Privacy Protection Act (COPPA), the Service is not directed to children under 13.

13. Security

We take reasonable measures to protect any limited information that flows through the Service:

All data on your device is stored using Apple's standard secure storage mechanisms, including UserDefaults, the iOS Keychain (for sensitive items like your PIN), and the file system
Communications with TelemetryDeck use TLS encryption in transit
Communications with Apple's services use Apple's encrypted infrastructure
The Service uses Apple's standard application sandbox, which restricts access to other apps' data

However, no method of storage or transmission over the internet is 100% secure. While we use reasonable means to protect any limited information that may flow through the Service, we cannot guarantee absolute security.

If your device is lost, stolen, or compromised, any data stored locally on your device may be accessible to whoever has the device. We recommend using a device passcode and Apple's Find My iPhone feature.

14. Cookies and Similar Technologies

(a) iOS App. The Escape iOS application does not use cookies, web-storage tokens, advertising identifiers, or any similar persistent tracking technology. The iOS application is fully native and does not embed web views for tracking purposes.

(b) Website. Our website at escapethegrip.com does not use cookies for tracking, advertising, or analytics. The website's optional GoatCounter analytics (described in Section 5.1.1) is cookie-free by design. The website may use strictly-necessary technical mechanisms (such as session management for functional features, if any) but does not set tracking cookies and does not require a consent banner under EU, UK, or California rules.

(c) Third Parties. We do not allow third-party advertising cookies, retargeting pixels, or social-media tracking pixels on either the iOS app or the website.

15. Do Not Track Signals and Global Privacy Control

Some browsers and devices include a "Do Not Track" (DNT) signal or the Global Privacy Control (GPC) signal, which is recognized by California and certain other jurisdictions as a valid opt-out request. The Service does not engage in tracking, the sale of personal information, the sharing of personal information for cross-context behavioral advertising, or any other practice that DNT or GPC signals are designed to prevent. Accordingly, your DNT/GPC preferences are already honored by the design of the Service.

16. Third-Party Links and Services

The Service may contain links to third-party websites, including our website at escapethegrip.com and the App Store. This Policy does not apply to information collected by third parties. We are not responsible for the privacy practices of any third party. We encourage you to review the privacy policies of any third-party services you access.

17. Changes to This Privacy Policy

We may update this Policy from time to time. When we make material changes, we will:

(a) Update the "Last Updated" date at the top of this Policy (b) Take reasonable steps to notify you, where appropriate (e.g., through an in-app notice or release-notes update)

Because we do not collect your email or any other contact information, we cannot notify you of changes directly. We encourage you to review this Policy from time to time. Your continued use of the Service after changes take effect constitutes your acceptance of the updated Policy. If you do not agree to the updated Policy, please stop using the Service and delete it from your device.

18. Apple Privacy Nutrition Label

In compliance with Apple's App Store privacy disclosure requirements, our App Store privacy nutrition label currently displays:

Data Not Collected

This means we do not collect any data linked to you or any data used to track you across other companies' apps and websites. This Policy provides the detail behind that label.

If our practices ever change such that the label requires updating, we will update both the label and this Policy.

19. Governing Law

This Policy is governed by the laws of the Province of Ontario, Canada, and the federal laws of Canada applicable in Ontario. For consumers in jurisdictions with stronger privacy protections, those jurisdictions' laws apply to the extent they cannot be waived by contract.

20. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

Email: [email protected]

You can also contact us about this Policy by email about any topic, including:

Exercising your rights described in Section 11
Reporting a suspected privacy issue
Requesting more information about our practices
General privacy questions

We will respond to legitimate privacy requests within a reasonable timeframe, and within statutory time limits where applicable.

If you are not satisfied with our response, you may contact your local data protection authority or privacy regulator.

21. Acknowledgment

By using the Service, you acknowledge that you have read this Privacy Policy and understand how we handle (and do not handle) information.

This Privacy Policy is effective as of the date stated at the top of the document and supersedes all prior versions.

All contact: [email protected].

Last updated: May 24, 2026