Privacy Policy
Effective Date: April 1, 2026 Last Updated: April 23, 2026
Cala (“we,” “us,” or “our”) is a screen time management app that helps you build healthier digital habits. This Privacy Policy explains what information we collect, how we use it, and what choices you have.
1. Information Stored on Your Device
The core of Cala operates on your device. The following data is stored primarily in a local database on your device:
- Schedules and blocked apps — Your schedule configurations, time windows, and the apps or websites you choose to block. Apple’s Screen Time API uses opaque tokens to represent your app selections, which means Cala cannot determine which specific apps you have chosen — this is enforced by the operating system.
- Habits and tasks — Habit names, frequencies, completion history, task titles, notes, and due dates.
- Focus sessions — Session timestamps, durations, and completion data.
- Shield encounters and unlock history — Records of when blocked app shields were displayed and when you unlocked access.
- Progress data — Weekly reviews, statistics, and scores computed from your local activity.
- Preferences — App settings, theme, and onboarding state.
We do not receive a copy of your full local database. However, limited event metadata related to these features may be collected for analytics, diagnostics, subscription management, attribution, or support as described below. Uninstalling the app or using “Reset All Data” in Settings deletes the local copy from your device.
2. Information We Collect
2.1 Usage Analytics
We collect product analytics to understand how Cala is used and to improve the app. We do not require user accounts and we do not collect your name, email address, Apple ID, or the specific apps you block for analytics. Analytics may be associated with anonymous or pseudonymous identifiers, such as a PostHog device identifier or RevenueCat subscription identifier, so we can understand usage patterns, subscription status, and app quality without knowing who you are.
What we collect:
- App events (screens viewed, features used, sessions started or completed)
- Onboarding progress and quiz responses (e.g., daily screen time range, focus goals)
- Subscription events (paywall views, purchases, trial starts)
- App lifecycle events (opens, updates, installs)
- Feature configuration and usage metadata, such as selected onboarding options, habit/session labels associated with analytics events, and schedule or protection setup outcomes
- Device and app context needed for diagnostics and optimization, such as app version, device type, operating system version, language, region, attribution source, and experiment or feature-flag assignment
What we do not currently collect:
- Which specific apps you block or use
- Your location, photos, files, or device content
Analytics is processed by PostHog. PostHog assigns a randomly generated identifier to your device. If RevenueCat is available, Cala may connect PostHog analytics to RevenueCat’s anonymous subscription identifier so we can understand subscription-related product behavior without requiring an account.
2.2 Subscription and Purchase Data
We use RevenueCat to manage subscriptions and in-app purchases. RevenueCat processes your subscription status, Apple App Store purchase receipts, and an anonymous subscription identifier. Payment processing is handled entirely by Apple — we do not receive your Apple ID, payment method, or billing address.
2.3 Paywall Configuration
We use Superwall to configure and present subscription offers. Superwall receives information such as your subscription tier, app version, onboarding context, and anonymous attribution or device identifiers so it can show the correct offer.
2.4 Install Attribution
AdServices (automatic, no ATT consent required): RevenueCat collects an attribution token from Apple’s AdServices framework to measure Apple Search Ads performance. This token is generated by Apple, contains no personally identifiable information, and does not require App Tracking Transparency (ATT) consent. You cannot opt out of AdServices token collection, but the token cannot be used to track you across apps or websites.
Multi-channel attribution (with your permission): If you grant permission via Apple’s ATT prompt, we use Kochava to understand which advertising channels bring users to Cala. Kochava collects your Identifier for Advertisers (IDFA), install attribution data, and an install or device identifier. If you decline the ATT prompt, Kochava is fully disabled and no IDFA-based attribution data is collected. The app functions identically regardless of your choice.
When collected, Kochava attribution data is shared with RevenueCat and Superwall to measure advertising effectiveness.
2.5 Session Replay (With Your Permission)
When ATT permission is granted, PostHog may record anonymized session replays to help us understand app usability. All text inputs and images are automatically masked. Session replay is disabled if you decline the ATT prompt.
2.6 Information You Provide
If you contact us for support (e.g., via email or Discord), we may collect your name, email address, or other information you voluntarily provide. This information is used solely to respond to your inquiry.
3. How We Use Your Information
We use the information described above to:
- Provide the service — Process subscriptions, deliver features, and maintain the app
- Improve the app — Analyze usage patterns, identify issues, and develop new features
- Communicate with you — Respond to support requests and provide service-related notices
- Measure advertising — With ATT permission, understand which channels bring users to Cala
- Ensure compliance — Meet legal obligations and enforce our terms
We do not sell your personal information. We do not use your data to serve third-party advertisements within the app.
4. Third-Party Services
| Service | Purpose | Privacy Policy |
|---|---|---|
| PostHog | Analytics, feature flags, session replay | posthog.com/privacy |
| RevenueCat | Subscription management, AdServices attribution | revenuecat.com/privacy |
| Superwall | Paywall configuration | superwall.com/privacy |
| Kochava | Install attribution (ATT required) | kochava.com/privacy |
| Apple | Crash reports, App Store services | apple.com/legal/privacy |
5. Data Retention
- On-device data is retained until you delete it or uninstall the app.
- Analytics, subscription, and attribution data is retained by our third-party providers according to their respective privacy policies.
- Support communications are retained for as long as needed to resolve your inquiry.
6. Data Security
On-device data is protected by iOS device-level encryption within Apple’s App Group sandbox. Data transmitted to third-party services is sent over encrypted (HTTPS) connections.
7. Children’s Privacy
Cala is not directed at children under the age of 13. We do not knowingly collect information from children under 13.
8. Your Rights Under GDPR (EEA, UK, Switzerland)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the right to access, correct, delete, restrict, port, and object to processing of your data. To exercise your rights, contact us below. We will respond within 30 days.
9. Your Rights Under CCPA (California)
California residents have the right to know what personal information we collect, request its deletion, and opt out of sales. We do not sell personal information.
10. International Data Transfers
Information processed by our third-party services may be transferred to and stored in the United States or other countries, subject to appropriate safeguards.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by updating the “Last Updated” date.
12. Contact Us
Email: support@heycala.com Website: https://heycala.com
This privacy policy was last reviewed on April 23, 2026.