Privacy Policy (iOS)
Last updated: June 30, 2026
This Privacy Policy describes how the iOS Regain App (“Regain,” “the app,” “we,” “us,” or “our”) handles information when you install and use it on an Apple device. The Android version of Regain is covered by a separate Privacy Policy (Android).
1. General information
The data controller for this app is EpowerX Labs Private Limited, a private limited company registered in India with its registered office at Plot No. 77, JBR Tech Park, 6th Rd, Whitefield, EPIP Zone, Bengaluru, Karnataka 560066, India. EpowerX Labs Private Limited is the GDPR controller for any personal data processed in connection with this app.
For privacy, GDPR, or CCPA queries, contact privacy@regainapp.ai. For general support, contact help@regainapp.ai.
2. What the app does on iOS
Regain is an iOS focus app. The blocking feature uses Apple’s Screen Time API. The app does NOT require an account, does NOT collect personal information, and does NOT use third-party analytics or advertising SDKs.
3. Screen Time API disclosure
Regain uses Apple's Screen Time technology (FamilyControls, DeviceActivity, and ManagedSettings frameworks) to block distracting apps and websites. This technology does not provide Regain or EpowerX Labs with the ability to read, collect, or modify the list of apps installed on the user’s device. The apps selected for blocking are identified by opaque tokens generated by Apple and stored on-device inside the app’s App Group (group.ai.regainapp.shared); these opaque tokens cannot be used by Regain, EpowerX Labs, or any third party to discover the name or identity of the apps.
4. Information collected on iOS
The following enumerates exactly what data is associated with the iOS app, and who is responsible for collecting each category. Most categories are collected by Apple or by RevenueCat (a third-party processor) rather than by Regain as a controller — see Section 6 for the data-processor list and Section 13 for the CCPA categories Regain itself collects (none).
- Focus session records. Start time, end time, completion status, and references to the on-device app-blocking tokens. Stored locally in an on-device SQLite database (managed by the GRDB library) inside the app sandbox. Never transmitted to Regain’s servers.
- RevenueCat-collected data. The RevenueCat SDK collects the following device-level information for subscription-state management: an anonymous app-user identifier (a UUID generated at first launch, NOT linked to email, name, or phone), Apple’s Identifier for Vendor (IDFV, a per-vendor device identifier that resets on full uninstall of all of that vendor’s apps), app version, iOS version, and country code. Purchase events (subscribe, renew, cancel, restore) are recorded against the anonymous identifier. These purchase events are the only events RevenueCat receives. RevenueCat’s complete collection list and retention rules are documented at revenuecat.com/privacy — Regain forwards users to that document for the canonical list because RevenueCat is the data processor for this category.
- App Store purchase receipt. Handled by Apple and validated by RevenueCat for entitlement state. Receipt contents are governed by Apple’s policies; Regain receives only entitlement metadata (active/inactive, product ID, expiry) from RevenueCat’s response.
- Server logs at
regainapp.ai. When the app fetches theme images via the on-device image-loading library, the origin server records standard HTTP access logs (IP address, user agent, requested path, timestamp). No cookies are set. Retention: 30 days. - App Store Connect analytics. Anonymized installation, session, and (when users opt in to share with developers) per-crash stack-trace data provided by Apple. Regain does NOT ship Sentry, does NOT ship Firebase Crashlytics, and does NOT use any other third-party crash-reporting SDK; this is the ONLY source of crash data Regain receives.
5. What the app does NOT collect on iOS
Explicit negative inventory — the iOS Regain app does NOT collect any of the following:
- name — no first name, last name, display name, or user handle.
- email — no email address.
- phone — no phone number.
- postal address — no street, city, or postal-code data.
- IDFA / AppTrackingTransparency. The app does NOT use the AppTrackingTransparency framework, does NOT request the ATT prompt, and does NOT collect IDFA (Identifier for Advertisers).
- HealthKit data. The app does NOT use HealthKit, does NOT include HealthKit, and does NOT request HealthKit permissions.
- contacts — no access to the device address book.
- photos — no access to the photo library.
- location — no GPS, no Core Location, no IP-based geolocation lookup beyond standard country code routing.
- camera — no camera access.
- microphone — no microphone access.
- push notification token. The app does NOT register for remote notifications and does NOT send any push notification token to a server.
- third-party crash SDK. Regain does NOT ship Sentry, does NOT ship Crashlytics, does NOT ship Firebase Crashlytics, and does NOT use any equivalent third-party crash-reporting tool.
6. Data processors (third-party services we transmit data to)
Regain transmits data to exactly one third-party processor:
- RevenueCat (revenuecat.com/privacy) — Regain’s subscription-state and receipt-validation processor. Transmits the data described in Section 4 above.
7. Open-source libraries (no data transmission to third parties)
The following open-source libraries execute on-device only. They are listed for transparency, not because they introduce a data-sharing relationship:
- Kingfisher — image-loading library; fetches from URLs the app passes it, which currently resolve only to
regainapp.aiorigins under Regain’s control. - Factory — dependency-injection framework; performs no network access of any kind.
- GRDB.swift — SQLite wrapper; reads and writes only the local on-device database file.
8. Subscriptions and purchases
iOS subscriptions and in-app purchases are managed by Apple’s App Store. You can cancel a subscription at any time via Apple ID Settings: https://apps.apple.com/account/subscriptions. To request a refund for an iOS purchase, visit Apple’s Report a Problem page: https://reportaproblem.apple.com. EpowerX Labs does not handle iOS payments and cannot issue refunds for iOS purchases directly.
9. Data retention
Local data (focus sessions, app-block tokens, settings) persists for the lifetime of the install on-device and is deleted automatically when the app is uninstalled. RevenueCat retains subscription data per its own policy linked in Section 6. Server access logs are retained for 30 days.
10. Security
All network traffic (RevenueCat API calls and image fetches) is encrypted via TLS. On-device data is protected by the iOS app sandbox and App Group access control. Because there is no server-side user account, there is no password storage or authentication-credential risk for Regain to manage.
11. Children’s privacy (COPPA)
Regain is rated 4+ in the App Store age rating. The app does not knowingly collect data from children under 13. Because there is no account creation, no identifiable data is collected from any user regardless of age.
12. Rights of data subjects (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:
- Right of access — to confirm whether we process your personal data and obtain a copy.
- Right to rectification — to request correction of inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”) — to request deletion of your data.
- Right to restrict processing — to limit how we use your data.
- Right to data portability — to receive your data in a structured, machine-readable format.
- Right to object — to object to processing, and the right to lodge a complaint with your supervisory authority.
Because Regain itself does not collect any personally identifying data directly (RevenueCat-collected data is governed by RevenueCat’s own policy linked in Section 6), most of these rights are inapplicable to data Regain itself holds. The policy nonetheless enumerates all six rights explicitly. To exercise any of them, contact privacy@regainapp.ai.
13. California residents (CCPA)
Categories of personal information collected by Regain directly: none (per the inventory in Sections 4 and 5 above). You have the right to know what personal information is collected, to request deletion, and to opt out of the sale of personal information. The opt-out right is inapplicable because Regain does not sell personal information. For CCPA queries, contact privacy@regainapp.ai.
14. International data transfers
RevenueCat operates in the United States. Standard Contractual Clauses apply to data transferred from EU users to RevenueCat (see RevenueCat’s policy for details). Regain’s origin server logs are generated at a Hetzner data center in Helsinki, EU.
15. Changes to this policy
Updated versions of this Privacy Policy are posted at the same URL; the “Last updated” date at the top of the page reflects the most recent change. Material changes are communicated via an in-app notice on the next launch.
16. Contact
For privacy and GDPR/CCPA queries: privacy@regainapp.ai.
For general support: help@regainapp.ai.
Postal address: EpowerX Labs Private Limited, Plot No. 77, JBR Tech Park, 6th Rd, Whitefield, EPIP Zone, Bengaluru, Karnataka 560066, India.