Privacy Policy
Last updated: February 25, 2026
1. Who We Are
Need for Steps ("we", "us", or "our") is owned and operated by Dzmitry Bukuyazau (Poland).
Contact: [email protected].
2. Information We Collect
Depending on how you interact with the iOS application ("App"), we collect:
- Health & Fitness Data — step count data accessed from Apple HealthKit with your permission. This data is read-only and used solely to determine app unlock status.
- App Lock Configuration — your selected apps and step goals stored locally on your device.
- Usage Analytics Events — feature usage events (e.g. onboarding progress, subscription actions, goal completion), device model, OS version, locale, IP-derived coarse location. Collected via PostHog.
- Subscription Data — subscription status processed locally on your device via Apple StoreKit 2. No third-party subscription processor is used.
3. How We Use Your Information
- Read step count from Apple HealthKit to determine if apps should be unlocked based on your configured step goals.
- Operate, maintain and improve the App's performance, UX and security.
- Analyse feature usage to improve the App and protect against fraud.
- Comply with legal obligations and enforce our Terms of Service.
4. HealthKit Data
We access your step count data from Apple HealthKit solely to provide the core app functionality. This data:
- Is never sold or shared with third parties for advertising or marketing purposes.
- Is not stored on our servers — processing happens entirely on your device.
- Is accessed only with your explicit permission.
5. Third-Party Processors
We share data only with the processor below under a GDPR-compliant agreement:
| Processor | Data Categories | Purpose | Region |
|---|
| PostHog Inc. | Usage analytics events | Product analytics & behaviour insights | US |
Subscription management is handled entirely on-device via Apple StoreKit 2. No third-party subscription or crash reporting processors are used.
Note: HealthKit step data is never shared with any third-party processor.
6. International Data Transfers
When personal data leaves the EEA, transfers rely on the EU-US Data Privacy Framework or Standard Contractual Clauses.
7. Data Retention
- HealthKit data — not stored; read in real-time from Apple Health.
- App configuration — stored locally on your device until you delete the app.
- Raw analytics events — 12 months (aggregated statistics retained indefinitely).
8. Your Rights
You can access, correct, erase, or port your data, object to processing, or lodge a complaint with a supervisory authority. Email [email protected].
9. Security Measures
TLS 1.3 in transit, AES-256 at rest, role-based access control.
10. Children's Privacy
The App is not directed to children under 13 and we do not knowingly collect data from them.
11. Changes to This Policy
Material changes will be announced in-App and via email at least 14 days before taking effect.
12. Contact Us
Email: [email protected]