The short version
In the iOS app: Grounded does not have an account system, does not have a backend, does not collect analytics, does not show ads, does not use trackers, and does not run a server that stores your data. Everything app-side happens on your iPhone. The website is statically hosted on Firebase Hosting (Google) which generates standard server logs as a CDN — see The website section below. If you uninstall the app, most local data goes with it. The Keychain-backed device identifier may persist across reinstalls (iOS Keychain behavior); use Settings › Privacy Settings › Delete Account & Data in the app for a full wipe.
Who this covers
This policy applies to the Grounded iOS app (the "App"), published by Alexie Aristides, an independent developer based in Victoria, Australia ("we", "our"), and to the marketing and support website at getgrounded-app.web.app (the "Site"). Alexie Aristides is the data controller for the purposes of the EU/UK GDPR and Australian Privacy Act 1988. It is written in plain English and is the only privacy policy we publish; Apple's own Privacy Policy covers the App Store and the underlying Apple frameworks the App relies on.
Data the App handles
The table below lists every piece of personal information the App touches, where it lives, and whether it ever leaves your device. Nothing in this list is sent to a server we operate, because we don't operate one.
- Your display name
- Whatever you type on the onboarding screen. Stored in iOS UserDefaults on your phone. Never transmitted.
- Local device identifier
- A random UUID generated once on first launch and stored in the iOS Keychain. Used only so the App can tell your installs apart on the same device. Never transmitted.
- Step count
- Read on request from Apple HealthKit on your device, with your permission. Converted to credits locally. The Health permission sheet also covers walking/running distance and active energy as readable categories; only your step count is currently used. All processed on-device. Never transmitted.
- Mindful minutes
- When you complete a Mindfulness focus session, the App writes a Mindful Session entry to Apple HealthKit so other apps that read HealthKit can see it. Stored by Apple on your device, not by us. No write happens for Deep Focus or Movement sessions.
- Location
- Used while the App is in use — and in the background if you grant "Always" — to detect arrival at a park or nature spot for a check-in. Live coordinates are never sent to us or any server we operate. The App calls Apple MapKit to find nearby parks; that nearby-search request is processed under Apple's Privacy Policy, not ours. If you save a custom nature spot (Premium), the coordinates you pick are stored locally in SwiftData on your iPhone — not transmitted off-device by Grounded.
- Selected blocked apps
- Picked from Apple's Family Activity Picker. iOS gives us opaque tokens we cannot decode. Stored in an App Group container on your device for the DeviceActivity extension.
- Focus sessions, streaks, credits
- Stored in SwiftData on your device. Never transmitted.
- Subscription purchase
- Purchases, renewals, refunds and billing are processed by Apple via the App Store and StoreKit 2 — those flows touch Apple's servers under Apple's Privacy Policy. Once purchased, Grounded checks your entitlement locally using Apple's Transaction.currentEntitlements API. We do not run a receipt server and never see your Apple Account, payment method, or order history.
Data we never receive or transmit
For clarity: nothing in the "Data the App handles" table above is sent to us. We do not receive or store your name, email address, Apple Account, phone number, contacts, photos, device identifiers (IDFA/IDFV), advertising identifiers, diagnostics, crash reports, or usage analytics. We do not use Firebase in the iOS app, Google Analytics, Amplitude, Mixpanel, Adjust, Facebook SDK, or any third-party analytics or advertising SDK. We do not fingerprint devices. We do not run a backend that could receive any of this even if it wanted to. Apple may also provide aggregated, opt-in App Analytics and crash reports to developers via App Store Connect under Apple's Privacy Policy; we do not use those reports for tracking.
If you email support, your message arrives in a Gmail inbox operated by Google — that is the one place we do receive personal data (your sender address, message content, timestamps, mail-provider metadata). Support emails are kept only as long as needed to handle your enquiry; we don't sell, share, or analyse them, and you can ask us to delete a thread at any time.
A note on Apple's privacy manifest. Apple's PrivacyInfo.xcprivacy rules require us to declare any data category the App touches — including data stored locally on your device for app functionality. Our manifest therefore declares "Name", "User ID", "Health & Fitness", and "Precise Location" as not linked to you and not used for tracking, with purpose "App Functionality" only. Those entries describe data that stays on your iPhone — not data we ever see.
Tracking
Grounded does not track you across apps or websites owned by other companies. The App's privacy manifest declares NSPrivacyTracking=false. The App Store "Data Used to Track You" label is empty. We do not participate in any ad network.
Third-party services used by the App
The only external services the App integrates with are Apple's own on-device frameworks:
- Apple HealthKit — reads step count (the permission sheet also covers walking distance and active energy); writes mindful minutes. Governed by Apple on your device.
- Apple Family Controls / DeviceActivity — applies shields to apps you chose to block.
- Apple MapKit — locates nearby nature spots.
- Apple Core Location — detects nature check-ins.
- Apple StoreKit 2 — processes and validates your subscription locally.
- Apple UserNotifications — schedules local reminders (end-of-window alerts, daily nudges). No remote push is used.
HealthKit, Family Controls, Core Location, and UserNotifications all execute on-device. MapKit and StoreKit are network-backed Apple services — they round-trip to Apple servers under Apple's Privacy Policy when finding nearby places or processing a purchase. In every case the data flows from your iPhone to Apple, not to us — we do not receive a copy.
The website
The marketing site at getgrounded-app.web.app is hosted on Firebase Hosting (Google) — used only as a static-file CDN for the website; the iOS app itself does not use Firebase. Firebase Hosting serves the HTML and may log standard HTTP request data (IP address, user agent, requested URL) as part of normal web-server operation. We do not place cookies, embed analytics scripts, or run third-party trackers on the site. A full description of Firebase Hosting's data handling is in Firebase's Privacy and Security documentation. This is the only third-party service that the website touches.
Children
Grounded is intended for use by people aged 16 and over (see our Terms of Service). It is not a parental-control product. We do not knowingly collect information from anyone under 16, and the App Store age rating is 4+ only because the App contains no objectionable content — not because it is intended for children. If you are a parent and believe your child has used Grounded, open Settings › Delete Account & Data in the App to wipe everything locally.
Your rights
Because we never receive your personal data, there is nothing on our side to access, correct, export, or delete. You control everything directly on your iPhone:
- Access / export: all data is visible inside the App. You can take screenshots or use iOS's own "On My iPhone" storage view.
- Deletion: open Grounded, go to Settings › Privacy Settings › Delete Account & Data — this wipes all local SwiftData, UserDefaults, App Group data, and the Keychain UUID. Note: Mindful Session entries Grounded wrote to Apple Health stay in your Health database (we don't have permission to delete them); to remove those, open Apple Health › Browse › Mindfulness › Show All Data and delete Grounded's entries there. Uninstalling Grounded usually removes the rest, but iOS Keychain items can persist across reinstall — use the in-app delete for a guaranteed wipe.
- Revoke permissions: Health, Location, Notifications, and Family Controls can all be revoked from iOS Settings at any time. The App degrades gracefully.
- Cancel subscription: Settings › your name › Subscriptions › Grounded Premium on iPhone.
If you are in the EU, UK, California, Australia, or another region with specific data-protection laws (GDPR, UK GDPR, CCPA/CPRA, the Privacy Act 1988), you have additional statutory rights including access, rectification, portability, erasure, and objection. Because we don't hold any of your data, the practical answer is the same: delete on-device and you're done.
Data residency and retention
Your data lives on your iPhone. There is no data-residency question because there is no server. If you enable iCloud device backups, iOS may include Grounded's on-device data in your encrypted iCloud backup, managed by Apple.
Security
Local data is protected by iOS's file-system encryption (Data Protection). The local device UUID lives in the Keychain, which is hardware-backed on Apple Silicon devices. We do not transmit user data and therefore do not manage TLS, key storage, or access controls on a backend — because there is no backend.
Changes to this policy
If this policy changes, we will update the "Last updated" date above. If we ever add a feature that changes how data is handled — for example adding an optional cloud sync — we will update this policy and, where appropriate, ask for your explicit consent inside the App before the new feature is enabled.
Contact
Questions, concerns, or requests? Email alexiedemo1@gmail.com. We aim to reply within five business days.