Privacy Policy
Last updated: June 3, 2026
OneLimit ("we", "us", or "our") operates the OneLimit Parent and OneLimit Child mobile applications. This Privacy Policy explains what data we collect, how we use it, how we protect it, and your rights - including our commitment to children's privacy under COPPA, GDPR, and the UK Children's Code.
1. Who This Policy Applies To
OneLimit is designed for parents and guardians of children ages 7–16. The parent creates the account and manages all settings. The child app runs on the child's device to enforce screen time budgets set by the parent.
- Parent users: Adults who create a OneLimit account using Sign in with Apple
- Child users: Minors whose screen time is managed through the parent's account
2. Children's Privacy (COPPA Compliance)
We take children's privacy extremely seriously. OneLimit is designed so that the parent provides all identifying information about their child - the child never enters personal information directly.
What we collect about children
| Data | Who provides it | Purpose |
|---|---|---|
| First name | Parent enters in parent app | Display in parent dashboard |
| Age | Parent enters in parent app | Age-based budget suggestions |
| Avatar selection | Parent enters in parent app | Visual identification in the parent app |
| Profile photo (optional) | Parent optionally adds in parent app | Visual identification - stored on parent's device only, never uploaded |
| Screen time minutes per device | Collected from child's device | Budget enforcement |
| Device platform (iOS/PS5/Switch/Xbox/Windows) | Detected during device linking | Cross-device budget tracking |
What we do NOT collect from children
- No location data
- No browsing history or web content
- No contacts, messages, or call logs
- No photos from the child's device or any camera roll
- No social media activity or app content
- No biometric data
- No advertising or tracking identifiers
- No behavioral profiling
Optional child profile photo
Parents can optionally set a photo for their child's profile - for example, a family photo that makes it easy to identify which child is which in the app. If you choose to set one:
- The photo is stored on the parent's device only, inside the app's private storage
- It is never uploaded to our servers, never leaves the device, and is never shared with anyone
- You can remove it at any time from the child's profile settings
- If you delete the app or the child profile, the photo is deleted too
This feature is entirely optional. Choosing a built-in avatar works just as well and involves no photos at all.
Parental consent
The parent's act of creating an account via Sign in with Apple (which verifies the account holder is an adult), adding a child profile, and installing the child app on the child's device constitutes verifiable parental consent for the data described above. Apple's identity verification ensures that only adults can create OneLimit accounts.
Parental rights
Parents can at any time:
- Review all data collected about their child within the app
- Delete all child data by removing the child profile or deactivating the account
- Revoke consent by deactivating the account, which permanently deletes all family data
- Request a copy of their child's data by contacting privacy@onelimit.app
We respond to all parental data requests within 2 business days.
3. What We Collect
From parents
- Authentication: Apple ID token via Sign in with Apple (we never see your Apple password)
- Family settings: Timezone, budget amounts, schedules, lockout windows
- Push notification token: To deliver alerts (time requests, daily summaries, device status)
- Subscription data: Purchase receipts processed by Apple (we do not store payment details)
From children's devices
- Screen time usage: Minutes used per device per day (iOS via ScreenTimeKit, consoles via platform APIs)
- Device pairing data: A cryptographic shared secret generated during device linking
- Push notification token: To deliver budget updates and lock/unlock commands
Crash reporting and analytics
- Sentry (crash reporting): Collects crash stack traces and device metadata to fix bugs. No personally identifiable information is sent. Runs on both parent and child apps.
- PostHog (analytics): Collects anonymized usage events (e.g., "set budget", "link device") in the parent app only. No analytics are collected from the child app. No data is shared with advertisers.
4. What We Do NOT Collect
- No location or GPS data
- No browsing history, search queries, or web content
- No contacts, messages, call logs, or social media activity
- No photos from any camera roll or child's device (optional parent-set profile photos stay on the parent's device only - see Section 2)
- No app content monitoring or screenshot capture
- No keystroke logging
- No advertising identifiers (IDFA/GAID)
- No data from apps other than OneLimit on the child's device
- No biometric data (fingerprints, face recognition, voiceprints)
5. How We Use Data
All data is used solely to provide the OneLimit service:
- Enforcing screen time budgets across iPhone, PlayStation, Nintendo Switch, Xbox, and Windows PC
- Syncing usage data between parent and child apps in real time
- Sending notifications (budget warnings, daily summaries, time requests)
- Managing family accounts and co-parent sharing
- Processing subscriptions through Apple's App Store
- Improving app stability through crash reporting
We also keep anonymous, aggregate statistics - counts and trends that contain no personal data and cannot be traced back to any individual or child (for example, how many accounts were created in a given week, or how many accounts stopped being used). These aggregate figures help us understand product usage and improve the service. They are described in Section 8.
We do not use data for:
- Advertising or ad targeting
- Behavioral profiling of children
- Sale or rental to third parties
- Training AI or machine learning models
6. How We Store and Protect Data
- Infrastructure: All data is stored in Supabase (hosted on AWS in the EU) with Row Level Security - each family's data is isolated and inaccessible to other families
- Encryption: All data in transit uses HTTPS/TLS. Authentication tokens are stored in the device Keychain.
- Access control: Only authenticated family members can access family data. Server-side functions use scoped service roles.
- Console API credentials: PlayStation, Nintendo, and Xbox API credentials used for usage polling are stored encrypted and never shared.
7. Third-Party Services
We use the following third-party services to operate OneLimit:
| Service | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Apple (Sign in with Apple) | Authentication | Apple ID token | apple.com/privacy |
| Apple (App Store) | Subscriptions | Purchase receipts | apple.com/privacy |
| Apple (APNs) | Push notifications | Device tokens | apple.com/privacy |
| Supabase | Database and backend | All app data | supabase.com/privacy |
| Sentry | Crash reporting | Crash logs, device info | sentry.io/privacy |
| PostHog | Analytics (parent app only) | Anonymized events | posthog.com/privacy |
| Google Analytics | Website analytics (this website only, cookieless) | Anonymized usage, no cookies | policies.google.com/privacy |
| Resend | Weekly email summaries | Parent email address | resend.com/legal/privacy-policy |
We never sell, rent, or share personal information with third parties for advertising, marketing, or any purpose unrelated to providing the OneLimit service.
Children's data is shared only with the service providers listed above, under contractual obligation to protect it, and only to the extent necessary to deliver the service. The anonymous aggregate statistics described in Section 8 contain no personal data and are not shared with any third party for advertising or marketing.
8. Data Retention
We retain personal data only as long as needed to provide the service, and we keep anonymous aggregate statistics that contain no personal data. This section is our written data-retention policy (as required under COPPA, 16 CFR 312.10).
Retention periods
- Active accounts: Personal data is retained while the account is active
- Usage data: Daily screen time records are retained while the account is active to power history charts, and are deleted when the account is deleted
- Activity logs: Retained for up to 180 days, then automatically deleted
- Deleted accounts: When you delete your account, all personal and family data is permanently removed through immediate cascading deletion. This includes: usage records, device commands, device pairings, devices, budgets, schedules, chores, children profiles, the family record, the parent's email and authentication account, and any pseudonymous identifiers. No child information is ever kept after deletion.
- Deactivation feedback: If you choose to leave optional feedback when deactivating, the email address you provide is kept only to follow up on that feedback and is deleted within 30 days (sooner once the feedback is reviewed). It is never used for marketing.
- Backups: Database backups that may contain deleted data are rotated within 30 days
Anonymous aggregate statistics (retained)
To understand how the product is used and improve it, we keep a small set of anonymous, aggregate statistics that contain no personal data - for example, the total number of accounts ever created, how many accounts were created or stopped being used in a given week, and coarse, non-identifying categories (such as subscription tier, broad region at the continent level, or how long an account existed, grouped into ranges).
- What they contain: counts and coarse buckets only. No email, no name, no child data, no account identifier, no free text, and nothing that can be traced back to an individual or a child.
- Why we keep them (business need): to measure signups, retention, and churn so we can run the business and improve OneLimit. A simple count of current accounts cannot answer these questions because it shrinks every time someone leaves.
- Why this is compatible with deletion: these figures are anonymized before or at the moment of deletion and are never re-linked to a person. Deleting your account removes everything that identifies you or your children; only the anonymous totals remain, and they say nothing about any individual.
- How long: retained indefinitely, because they hold no personal data (GDPR Recital 26 - anonymous information is outside the scope of data-protection rules).
9. Your Rights
All users
- Access: View all data associated with your family in the app
- Deletion: Delete your account and all associated data at any time (Settings → Account → Deactivate)
- Portability: Request an export of your data by contacting privacy@onelimit.app
- Correction: Update child names, ages, and settings directly in the app
EU/EEA residents (GDPR)
In addition to the above, you have the right to:
- Object to processing based on legitimate interest
- Restrict processing in certain circumstances
- Lodge a complaint with your local data protection authority
- Withdraw consent at any time by deleting your account
Our legal basis for processing is legitimate interest (providing the parental control service the parent signed up for) and consent (for children's data, obtained through the parent as described in Section 2).
UK residents
OneLimit complies with the UK Children's Code (Age Appropriate Design Code). We apply the highest privacy settings by default, collect only what is necessary, and do not use children's data for profiling or marketing.
California residents (CCPA)
We do not sell personal information. You may request disclosure of what information we collect, request deletion, and exercise these rights without discrimination.
10. Console Platform APIs
OneLimit integrates with PlayStation Network, Nintendo Switch Online, and Microsoft Family Safety to provide cross-device screen time tracking. These integrations:
- Use official or reverse-engineered APIs to read usage data and manage time limits
- Store only the minimum authentication tokens needed to poll usage data
- Do not access game content, messages, friend lists, or purchases on these platforms
- May be subject to changes by Sony, Nintendo, or Microsoft that affect functionality
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Updating the "Last updated" date at the top
- Sending a notification through the app for significant changes
Continued use of OneLimit after changes constitutes acceptance of the updated policy.
12. Contact Us
For privacy questions, data requests, or concerns:
- Email: privacy@onelimit.app
- Response time: Within 15 days for all requests
If you believe we have not adequately addressed your privacy concern, you may contact the relevant data protection authority in your jurisdiction.