Privacy Policy
This Privacy Policy explains how Rooxy (the “App”) handles information when you use it. Rooxy is provided by Nikoloz Nutsubidze, an individual developer based in Georgia (“we”, “us”, “our”).
1. Information we collect
1.1 Information stored only on your device
The following stays on your iPhone and is never transmitted to us:
- Your alarms (times, days, sounds, missions, labels)
- App preferences and onboarding choices
- Your wake-up history and streak progress
- Downloaded AI alarm sounds (stored in the App’s Library directory)
- Step-count data used during walk-to-wake missions (read from Apple’s Motion APIs; never copied off the device)
1.2 Information processed by our backend
When you use AI-powered features, the App contacts our backend at alarmx.envato-duke.workers.dev (a Cloudflare Worker we operate). The Worker acts as a proxy to third-party AI providers so we don’t ship API keys to your device.
- AI alarm sound generation. When you ask Rooxy to generate a custom alarm jingle, we send the text prompt, the optional sound name, optional lyrics, and the requested duration to our Worker, which forwards them to PiAPI (ACE-Step model) and OpenAI for music and lyrics generation. The generated audio file URL is returned to your device and downloaded locally.
- Photo-mission verification. When you complete a photo-based wake-up mission (e.g. “take a photo of the sky”), the App resizes the photo to a maximum dimension of 768 pixels, encodes it, and sends it to our Worker, which forwards it to OpenAI’s vision API for verification. The verdict (valid / invalid, a confidence score, and a short reason) is returned to your device. We do not retain the photo after the request completes.
Our Worker logs only what is operationally necessary (request timestamps and error traces) and does not store the prompts, lyrics, or photos you submit. Once forwarded, the data is subject to the privacy practices of the AI provider receiving it; see §3.
1.3 Information collected by third-party SDKs
The App includes the following SDKs, each of which collects a limited set of information directly from your device:
- Firebase Crashlytics (Google). Crash logs, device model, OS version, and a randomly generated installation ID. Used to diagnose and fix crashes.
- Amplitude. Anonymous product-analytics events such as
app_launched,alarm_created,alarm_fired,alarm_completed,alarm_snoozed, mission outcomes, and screen views, along with non-identifying device attributes (device type, OS version, app version). Used to understand which features help people wake up on time. - Superwall. Paywall display events and subscription state for the purpose of managing in-app purchases. Superwall also reads Apple’s anonymous vendor identifier.
- Apple StoreKit. When you purchase a subscription, Apple processes the transaction. We receive only the subscription status, not your payment details.
None of these SDKs receive your name, email address, contacts, photos, alarm contents, or precise location.
1.4 App Tracking Transparency
When you first launch the App, iOS may show an App Tracking Transparency (ATT) prompt. We use this signal solely to decide whether to enable optional cross-app attribution inside the analytics SDKs above. We do not share data with advertising networks, and we do not participate in data brokerage. You can change your choice at any time in iOS Settings → Privacy & Security → Tracking.
2. Permissions the App requests
Each permission below is requested only when you use a feature that needs it. You can revoke any of them in iOS Settings.
- Alarms (AlarmKit). Required to schedule alarms that ring even when your phone is silent or in Focus.
- Camera. Used only for photo-based wake-up missions. Photos are sent to our backend for verification (§1.2) and are not stored after the mission completes.
- Microphone. Used for audio routing so alarms remain audible through the speaker. No audio is recorded or transmitted.
- Motion & Fitness. Used to count steps during walk-to-wake missions. Step data is read on-device only.
- Screen Time (Family Controls). Optional. If you enable the “prevent uninstall” feature, Rooxy uses Screen Time to block App deletion while an alarm is ringing, so the alarm can’t be uninstalled before you finish the mission.
- Notifications. Used to deliver alarm fallbacks and important reminders.
3. Third-party services
The App relies on the following third parties. Each has its own privacy policy governing how it handles data it receives from us:
- Google Firebase (Crashlytics) — firebase.google.com/support/privacy
- Amplitude — amplitude.com/privacy
- Superwall — superwall.com/privacy
- OpenAI (vision and lyrics generation, via our backend) — openai.com/policies/privacy-policy
- PiAPI (music generation, via our backend) — piapi.ai/privacy-policy
- Cloudflare (hosts our backend Worker) — cloudflare.com/privacypolicy
- Apple StoreKit (in-app purchases) — apple.com/legal/privacy
4. How we use information
- To run the App’s core feature: ringing your alarms reliably.
- To generate AI-powered alarm sounds and verify photo missions you initiate.
- To diagnose crashes and bugs.
- To measure, in aggregate, which features help users wake up on time, so we can improve the App.
- To process in-app subscription purchases.
We do not use your information for advertising, profiling, or automated decision-making that produces legal effects.
5. Data retention
- On-device data: remains on your device until you delete an alarm, clear app data, or delete the App.
- Backend (Cloudflare Worker): we do not persist the contents of jingle prompts or verification photos. Operational logs (timestamps, error traces) are retained no longer than 30 days.
- Third-party SDKs: retention is governed by each provider’s policy linked in §3.
6. Children’s privacy
Rooxy is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, please contact us and we will delete it.
7. Your rights
Depending on where you live, you may have the right to access, correct, delete, or export the personal data we hold about you, and to object to or restrict certain processing. Because Rooxy does not require an account and most data stays on your device, you can exercise most of these rights yourself by adjusting iOS settings, clearing the App’s data, or deleting the App. To exercise rights against our backend or our analytics providers, contact us using the details in §10 and we will action your request within 30 days.
8. International transfers
The third parties listed in §3 may process data outside your country, including in the United States. Where required, we and our providers rely on appropriate safeguards such as Standard Contractual Clauses.
9. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Effective” date at the top and, where appropriate, by surfacing a notice inside the App.
10. Contact
For any privacy-related question, request, or complaint:
Nikoloz Nutsubidze
Email: nickmailbox1986@gmail.com