PRIVACY

Privacy Policy Last updated: April 30, 2026 Loud Unicorn LLC ("we," "us," "our") built Pay Not To Do. This policy explains exactly what data Pay Not To Do collects, why, and how it is handled. 1. What Data We Collect and Why Commitment and Streak Data (core app functionality): - Commitment definitions — the goals and tasks you create, stored locally on your device. We do not see or have access to your commitments. - Completion records — whether you marked each commitment as complete or missed on a given day, stored locally. - Snooze history — timestamps of when you used the snooze feature, stored locally to enforce daily snooze limits. - Streak counters — consecutive-day completion counts, stored locally for display in the app. - Commitment stakes — the personal accountability amounts you set for each commitment, stored locally only. All of the above is stored exclusively on your device. None of it is ever uploaded to our servers or accessible to us. Notification Preferences: - If you grant notification permission, Pay Not To Do uses local notifications to remind you of daily commitments and approaching deadlines. These notifications are generated and delivered entirely on your device by iOS. We do not use push notifications or any notification server infrastructure. - We do not send marketing notifications unless you explicitly opt in to a separate opt-in flow (if offered in a future version). 2. What We Do NOT Collect - We do not collect or store any personal information (name, email, phone number, location) - We do not use analytics SDKs (no Firebase, no Amplitude, no Mixpanel, no third-party analytics) - We do not use crash reporting services that identify users - We do not track your behavior on our servers - We do not use advertising SDKs or share data with ad networks - We do not access your contacts, photos, microphone, camera, or location - We do not transmit any commitment or streak data to our servers — Pay Not To Do has no backend infrastructure for user data 3. Data Storage — Local Device Only All user data in Pay Not To Do is stored exclusively on your device. There is no cloud sync, no CloudKit, no Core Data syncing, and no remote server storing your commitments. Your commitment history, snooze records, streak data, and preferences live only on your iPhone and are never transmitted over the network (except for StoreKit subscription verification, handled entirely by Apple). 4. Third-Party Services - Apple StoreKit 2 — subscription processing for Pay Not To Do Pro. Apple processes all payments and handles all personally identifiable payment information. We receive only anonymized transaction receipts to verify active subscriptions. Apple's privacy policy applies: apple.com/privacy - Apple Local Notifications — used to deliver daily commitment reminders on your device. No notification data is sent to our servers. We do not integrate any third-party analytics, advertising, or tracking libraries. 5. Children's Data Pay Not To Do is not directed at or intended for children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a minor has used the app, please contact us at support@loudunicorn.com. 6. Data Retention and Deletion All data is stored locally on your device. To delete all Pay Not To Do data, simply uninstall the app. Uninstalling permanently removes all locally stored commitments, completion records, snooze history, and streak data. There is no server-side account or database to delete. We do not hold copies of your data. 7. Security Because all data is stored locally on your device and protected by iOS sandboxing, your data is as secure as your iPhone itself. We do not transmit user data to external servers, so there is no network-based security risk from our side. Commitment and streak data is stored using standard iOS storage mechanisms. A jailbroken device could theoretically modify this data. Pay Not To Do is intended as a good-faith accountability tool, not a tamper-proof enforcement system. 8. Changes to This Policy We will notify you of material changes via an in-app notice. Continued use constitutes acceptance. The "Last updated" date at the top indicates when this policy was last revised. 9. Contact Loud Unicorn LLC support@loudunicorn.com Arizona, USA ──────────────────────────────────────── GDPR — Your Rights (EU/EEA Users) Last updated: April 30, 2026 This section applies to users in the European Union (EU) and European Economic Area (EEA) under the General Data Protection Regulation (GDPR). 1. Data Controller Loud Unicorn LLC is the data controller for personal data processed through Pay Not To Do. Contact: support@loudunicorn.com 2. Legal Basis for Processing We process minimal personal data under the following legal bases (GDPR Article 6): Contractual necessity (Art. 6(1)(b)): Processing your commitment data, completion records, and snooze history is necessary to provide the core Pay Not To Do service — tracking daily commitments and streaks. Consent (Art. 6(1)(a)): By granting notification permission, you consent to the app delivering local commitment reminders on your device. 3. Your Rights Under GDPR Right of Access (Art. 15): You have the right to know what personal data we hold about you. Because all data is stored locally on your device and we do not operate a backend server, we do not hold copies of your data. You can view all stored data directly within the app. Right to Rectification (Art. 16): You can modify or update your commitments at any time within the app. Right to Erasure / "Right to be Forgotten" (Art. 17): You can delete all your personal data by uninstalling Pay Not To Do. This permanently removes all local data. There is no server-side data to delete. Right to Restriction of Processing (Art. 18): You can restrict data processing by revoking notification permission in iOS Settings > Notifications. Commitment tracking will continue locally but reminders will stop. Right to Data Portability (Art. 20): Because we do not store data on our servers, there is no centralized dataset to export. All data lives on your device. Contact support@loudunicorn.com if you need assistance. Right to Object (Art. 21): You can object to processing at any time by uninstalling the app or revoking permissions. Right to Withdraw Consent: You can withdraw notification permission consent at any time in iOS Settings > Notifications. 4. How to Exercise Your Rights Email: support@loudunicorn.com Response time: We will respond to verified requests within 30 days of receipt. 5. Supervisory Authority If you believe your data protection rights have been violated, you have the right to lodge a complaint with the supervisory authority in your EU/EEA member state of residence. 6. International Data Transfers Pay Not To Do stores all data locally on your device. We do not transfer personal data to servers outside the EU/EEA. StoreKit subscription verification is handled by Apple and governed by Apple's GDPR commitments and Standard Contractual Clauses. 7. Contact GDPR inquiries: support@loudunicorn.com Loud Unicorn LLC, Arizona, USA ──────────────────────────────────────── CCPA/CPRA — Your Rights (California Residents) Last updated: April 30, 2026 This section applies to California residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). 1. Categories of Personal Information We Collect Under CCPA categories, Pay Not To Do collects: - Device identifiers (iOS device ID used for StoreKit subscription verification — handled by Apple, not by us) - Behavioral data (commitment completion records and streak history) — stored locally on your device only We do NOT collect: name, email, phone number, location, browsing history, biometric data, or any sensitive personal information as defined by CPRA. 2. How We Use Personal Information - To track daily commitment completion and maintain streak records locally on your device - To verify active subscriptions via StoreKit - To deliver local notifications for commitment reminders 3. Do We Sell or Share Personal Information? No. We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising. We do not have a backend server or third-party analytics integrations. 4. Your CCPA/CPRA Rights Right to Know (CCPA §1798.100): You have the right to know what personal information we collect. All data is stored locally on your device. We do not maintain server-side copies. Right to Delete (CCPA §1798.105): You can delete all your data by uninstalling Pay Not To Do. Contact support@loudunicorn.com to request deletion of any records we may hold (though we do not maintain user databases). Right to Correct (CPRA §1798.106): You can modify your commitments directly in the app at any time. Right to Opt-Out of Sale/Sharing (CCPA §1798.120): We do not sell or share personal information, so there is nothing to opt out of. Right to Limit Use of Sensitive Personal Information (CPRA §1798.121): We do not collect sensitive personal information as defined by CPRA. Right to Non-Discrimination (CCPA §1798.125): We will not discriminate against you for exercising your CCPA/CPRA rights. 5. How to Exercise Your Rights Email: support@loudunicorn.com We will verify your identity and respond within 45 days (extendable by 45 days if needed, with notice). 6. Authorized Agent California residents may designate an authorized agent to submit requests on your behalf. The agent must provide written proof of authorization. 7. Contact California Privacy Inquiries: support@loudunicorn.com Loud Unicorn LLC Arizona, USA