Privacy Policy

Overview

Penlock ("the App") is a private journaling application for iOS developed by Tony Bach ("we," "us," or "our"). We built Penlock with a single guiding principle: your journal is yours alone. This Privacy Policy explains how the App handles your data.

The short version: we don't collect, store, or transmit any of your personal data.

Data Collection

Penlock does not collect any personal data. Specifically:

• We do not collect your name, email address, or any personal identifiers
• We do not collect or transmit your journal entries, photos, tags, or any content you create
• We do not use analytics, tracking pixels, or any form of telemetry
• We do not use cookies or similar tracking technologies
• We do not collect device identifiers for advertising or profiling purposes

On-Device Storage

All data you create in Penlock — including journal entries, photos, tags, mood data, and preferences — is stored exclusively on your device using Apple's local storage frameworks. Your data never leaves your device through our App.

Photos

When you attach photos to journal entries, those photos are stored locally on your device within the App's private data container. We do not upload, process, or transmit your photos to any server.

Biometric Authentication

Penlock supports Face ID and Touch ID for securing your journal. Biometric authentication is handled entirely by Apple's iOS operating system through the LocalAuthentication framework. We never access, store, or process your biometric data. Apple's biometric data is stored in the device's Secure Enclave and is never accessible to apps.

Purchase Validation

Penlock uses RevenueCat to manage in-app purchase validation. When you make a purchase, RevenueCat processes the transaction with Apple's App Store to verify your purchase. This is the only third-party service used by the App. RevenueCat may receive:

• An anonymous app user ID (not tied to your personal identity)
• Transaction receipt data from Apple for purchase validation

RevenueCat does not receive any of your journal content, personal data, or usage patterns. For more information, see RevenueCat's Privacy Policy.

No Server Communication

Other than purchase validation through RevenueCat, Penlock does not communicate with any servers. There are no accounts to create, no data to sync, and no servers that store your information.

Data Export

Penlock allows you to export your journal entries. When you use the export feature, the exported file is generated locally on your device. How you choose to share or store that file afterward is under your control and subject to the privacy policies of whatever service you use.

Children's Privacy

Penlock does not knowingly collect any data from anyone, including children under the age of 13. Since we collect no data, there is no risk of inadvertent data collection from minors.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated "Last updated" date. Since we don't collect contact information, we cannot notify you directly of changes — we encourage you to review this page periodically.

Contact

If you have questions about this Privacy Policy or the App's privacy practices, you can reach us at:

hi@tonybach.io