Singletick is an app from Jules HQ, built around a simple promise: your content never leaves your phone in a form anyone but you can read. This page is the long version of that promise. It also enumerates every third party Singletick speaks to, what they see, and what your rights are under privacy law.

1. Who we are

In this policy, "Singletick" refers to the Singletick mobile application (iOS + Android) and the Singletick website (singletick.app); "Jules HQ", "we", "our" refers to the studio that provides it. For privacy enquiries contact hello@juleshq.co.

2. What we do not collect

Singletick does not collect, read, store, or transmit any of your personal content — ever. The following is true by design. The app's source enforces it; tests pin it.

• The contents of any habit, todo, note, pledge, mood entry, focus session, or any other entry you create. We never see them. We never store them on our servers (we don't run any). We never share, sell, or analyse them.
• Your account, name, email address, phone number, or any identifier you would recognise as "yours". Singletick has no sign-up.
• Your master passphrase, any key derived from it, or any data encrypted under it.
• Your contacts, photos, calendar events, location, or any device sensor not directly powering a feature you tapped.
• Any free-form text you typed anywhere in the app.

3. What stays on your device

Everything you create in Singletick — habits, todos, notes, pledges, mood entries, focus sessions, settings — lives on your device only, encrypted with a key derived from a passphrase only you know. Even if your phone is taken apart and the storage chip read directly, the data is opaque without your passphrase.

4. Limited operational data

4a. Anonymous app analytics

A short list of named events with no content payload — for example habit_completed, paywall_viewed, purchase_completed. Habit names, streak counts, identifiers, and free-form text are never sent.

4b. Crash reports

Stack traces, device model, OS version, and app version. No personal data, no entry contents. Used solely to diagnose crashes.

4c. Push notifications

A device-scoped push token (rotates per install, not tied to your identity). We use it only to wake the app for local reminders; we never send notification payload content over the network.

4d. Remote feature flags

The app fetches a small key/value blob to read feature flags. Sent: nothing about you. Received: a JSON object of strings and booleans.

4e. Subscription state

For Pro subscribers only: a randomly generated, anonymous identifier (not tied to your name or email) and the receipt forwarded by Apple / Google for entitlement checks. Singletick is never the merchant of record.

4f. Health data (opt-in)

Step count, sleep duration, and heart-rate variability — only when you explicitly opt in via the in-app permission flow. The data stays on your device and powers on-device insights. We never upload it.

4g. Encrypted backup (your own cloud)

For Pro subscribers who enable backup: a single encrypted blob is uploaded to your own Google Drive (in a hidden, app-only folder) or your own iCloud private container. The encryption happens on your device; what reaches Google or Apple is opaque bytes. Singletick does not have access to your cloud account; your cloud provider does not have access to a key that can decrypt the blob.

5. Where data goes

The third parties that touch any data, however small:

• Google — anonymous app analytics, crash reports, push tokens, feature flags, and your own Drive backup. Subject to Google's privacy policy.
• Apple — App Store, your own iCloud backup, health data (opt-in), push notifications. Subject to Apple's privacy policy.
• Subscription processor — anonymous subscription state for Pro users only.

6. Your rights

Under GDPR, CCPA, LGPD, and India's DPDP Act:

• Right to access — your content is on your device. Open the app, look at it.
• Right to deletion — Settings → Backup → Delete cloud backups, then Settings → Reset all local data, then uninstall the app. See the Delete account page for the step-by-step.
• Right to data portability — Settings → Backup → Export to JSON or CSV.
• Right to restriction — disable any optional permissions (health data, push notifications) in your OS settings.

7. Children's privacy

Singletick is not directed at children under 13 (16 in the EU, 18 in some jurisdictions). We do not knowingly collect data from children. If you believe a child has used Singletick, contact hello@juleshq.co and we will assist.

8. International transfers

Operational data flows to our sub-processors' infrastructure under their standard contractual arrangements for international transfers. We rely on each sub-processor's own legal-basis posture for any transfers that happen.

9. Data retention

Your encrypted content lives on your device until you delete it. Backup blobs in your own cloud live until you delete them. Anonymous analytics events are retained per the sub-processor's default policy (none of which contain anything personally identifiable to you in our case).

10. Changes to this policy

We will post material changes to this policy on this page with a refreshed "Last updated" date. Continued use of Singletick after a change indicates acceptance of the revised policy.

11. Contact

Privacy enquiries: hello@juleshq.co.
Security disclosure: see the security page.