Trust & Data

Privacy Policy

A clear explanation of how Time2Cash handles family data. The app is built to run a parent-led family system, not an advertising or tracking business.

No ads or tracking Parent-managed families In-app account deletion
Last Updated March 18, 2026 The current privacy terms published for the app, presented in a more readable format.
In Short No ads or tracking Time2Cash does not use third-party analytics, advertising SDKs, or behavioral targeting.
Control Parent-managed family data Parents create families, manage children’s data, and can delete accounts directly in the app.

Privacy Policy

Time2Cash (“the App”) is a family-oriented screen-time management and rewards application. This policy explains what data we collect, how we use it, how we protect it, and what rights you have regarding that data.

1. Data We Collect

We collect and process the following categories of data:

1.1 Account Data (Parent)

  • Email address — used for account creation, login, and password recovery.
  • Apple ID identifier — if you sign in with Apple, we receive an opaque user identifier from Apple. We do not receive your Apple ID email unless you choose to share it.
  • Display name — the name you enter for your parent profile, stored locally and on the server for family recovery.

1.2 Child Profile Data

  • Child display name and age — entered by the parent during family setup. Used for personalization and age-appropriate features.
  • Avatar — optional photo or emoji selected by the parent. Photos are stored locally on the device only and are not uploaded to our servers.

1.3 Device and Session Data

  • Device token — a random unique identifier generated on the child’s device and stored in the iOS Keychain. It is used to authenticate the child device and link it to the correct family. This is not an advertising identifier.
  • Session records — start time, end time, duration, and earned in-app currency (“Chronos”) for each timer session.
  • Screen Time data — collected via Apple’s Family Controls / DeviceActivity API on the child’s device. This includes app usage summaries and is processed locally and synchronized to the parent device via our server.

1.4 Financial and Rewards Data

  • Chronos balance and transaction history — in-app currency earned, spent, or withdrawn.
  • Withdrawal requests — records of child-to-parent currency exchange requests, including amounts, status, and parent notes.
  • Loan records — in-app loan amounts, repayment history, and tariff settings.
  • Savings goals and deposits — in-app savings features.

1.5 Subscription Data

  • Subscription status — whether you have an active subscription, its tier, and expiration date. All payment processing is handled by Apple via In-App Purchase. We never collect or store credit card numbers, bank details, or Apple Pay credentials.

1.6 Technical Data

  • App configuration — family settings such as Chronos rate, bonus rules, and notification preferences.
  • Referral data — invite codes and referral statistics.

2. How We Collect Data

  • Directly from you — when you create an account, set up a family, or configure settings.
  • Automatically — session timers generate records when used; Screen Time data is collected by Apple’s DeviceActivity framework on the child’s device.
  • From Apple — Sign in with Apple provides an opaque user ID and optional email. Apple In-App Purchase provides subscription status.

3. How We Use Data

We use collected data only to operate the product and support the family experience:

  • Provide core app features: timer sessions, rewards, parental dashboard, and family management.
  • Synchronize data between parent and child devices within the same family.
  • Manage subscriptions and premium features.
  • Enable device linking and family recovery after device loss or app reinstallation.
  • Respond to support requests.

We do not use data for advertising, profiling, behavioral targeting, or any purpose unrelated to app functionality.

4. Data Storage and Security

  • Server data is stored on Supabase (hosted on AWS in the EU region) with Row Level Security (RLS) policies that restrict access to authorized family members only.
  • Sensitive credentials such as device tokens and PIN hashes are stored in the iOS Keychain with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly protection.
  • Parent PIN is hashed using PBKDF2-SHA256 with 100,000 iterations and a random salt. We never store PINs in plaintext.
  • All network communication uses HTTPS/TLS with no App Transport Security exceptions.
  • Local files are protected with NSFileProtection.complete.

5. Data Sharing

We do not sell, rent, or trade personal data. Data is shared only with:

  • Supabase Inc. — our infrastructure provider, which hosts the database and authentication services. Supabase processes data on our behalf under their privacy policy.
  • Apple Inc. — for Sign in with Apple authentication and In-App Purchase processing.

We do not integrate any third-party analytics, advertising, or tracking SDKs.

6. Children’s Privacy

Time2Cash is designed for family use where a parent or legal guardian creates and controls the family account. Key protections:

  • Only a parent can create a family and add child profiles.
  • Child devices operate without a user account and authenticate via a device token linked to the family by the parent.
  • Children cannot communicate with other users, share data publicly, or make purchases.
  • All child data is managed by the parent and can be deleted by the parent at any time.
  • We do not knowingly collect data from children under 13 without parental involvement through our app’s family setup flow.

7. Data Retention

  • Active accounts: data is retained as long as the account exists.
  • Deleted accounts: when you delete your account via the in-app Delete Account option, all your data including account, family, children, sessions, transactions, loans, and withdrawals is permanently deleted from our servers immediately. This deletion is irreversible.
  • Local data: cleared from the device upon account deletion or app uninstallation.
  • Server backups: Supabase automated backups may retain data for up to 7 days after deletion, after which it is permanently purged.

8. Your Rights

You have the right to:

  • Access your data — view your family, children, sessions, and transaction data within the app.
  • Correct your data — edit child names, ages, and settings at any time.
  • Delete your data — use the Delete Account option in app settings. This permanently deletes all data from our servers.
  • Revoke consent — you can stop using the app at any time. Deleting your account removes all data. For Sign in with Apple users, the Apple ID link is also revoked upon account deletion.
  • Data portability — contact us to request an export of your data.

9. Third-Party Services

The app does not contain any third-party analytics, crash reporting, advertising SDKs, or tracking technologies. We do not use ATTrackingManager or request tracking permission.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the app or this page. The Last updated date at the top indicates the latest revision.

11. Contact

For privacy-related questions, requests, or to exercise your rights, contact us at support@time2cash.app.