Privacy Policy

Last updated: January 2025

1. Data We Collect

We collect only what's necessary to provide the lockin service:

• Email address - For account authentication via Supabase
• Social media usernames - Twitter, LinkedIn, Reddit accounts you connect
• Goal data - Titles, descriptions, and deadlines you create
• OAuth tokens - Encrypted tokens to post on your behalf
• Push notification tokens - To send deadline reminders

2. How We Use Your Data

• Authenticate you securely using Supabase Auth
• Generate AI-powered posts using OpenAI (title and description only)
• Post to your connected social media at deadlines
• Send push notifications 2 hours before deadlines

3. Data Storage

• All data stored in Supabase (PostgreSQL database)
• OAuth tokens encrypted at rest using AES-256
• Backend hosted on Railway (USA)
• We do not sell or share your data with third parties

4. Third-Party Services

• Supabase - Authentication and database
• OpenAI - AI post generation (receives only goal title/description)
• Firebase - Push notifications
• Twitter/LinkedIn/Reddit - Social posting APIs

5. Your Rights

• Access: View your data in the app settings
• Deletion: Email support@lockin.cloud to delete your account
• Export: Contact us for a data export

6. Data Retention

We retain your data while your account is active. After account deletion, all data is permanently removed within 30 days.

7. Contact

Questions about privacy? Email support@lockin.cloud

Home • Support