Legal · Privacy Policy

Privacy Policy

Effective: April 28, 2026 · Last updated: April 30, 2026

TL;DR

Hitme is offline-first. There is no user account, no login, no analytics, no advertising, no third-party tracking. Your gameplay, hand history, and balances live in a local database on your phone and never leave it. The only data that ever leaves your device is (a) your subscription receipt, if you choose to subscribe to Hitme Pro, and (b) the email address you give us, if you choose to join the iOS waitlist.

Contents

Who we are
What we collect
How we use it
Third-party services
Device permissions
Children
Your rights
Deletion
Retention
Security
Changes
Contact

01Who we are

"Hitme" (the "App") is operated by the developer reachable at devwriterco@gmail.com ("we," "us," or "the developer"). This Privacy Policy explains what data the App and the marketing site (together, the "Service") collect, how it is used, and the limited circumstances in which any of it leaves your device.

This policy is written to satisfy the disclosure requirements of the Apple App Store, the Google Play Store, the GDPR, the UK GDPR, the CCPA/CPRA, and the Children's Online Privacy Protection Act (COPPA). If a specific regional right applies to you, see §7 Your rights.

02What we collect

Inside the app — stored on your device only

Hitme is offline-first. The following data is created and stored locally on your phone in an SQLite database. It is not transmitted to us or to any third party:

Apps you've chosen to block — the package name and display name of apps you select in onboarding (e.g., com.instagram.android).
Per-app time balances — how many seconds you've earned for each blocked app and when blocks are scheduled to lift.
Hand history — every blackjack hand you play, including cards dealt, bet amount, and outcome.
Daily stats — total clean time, hands played, win/loss tallies, biggest win, biggest loss, current and best streak.
Settings — haptics on/off, sound on/off, theme selection, hardcore mode toggle.

This data exists only on your device. We have no server. We have no copy. If you delete the app, this data is destroyed.

Subscription data — handled by RevenueCat

If — and only if — you subscribe to Hitme Pro (monthly, yearly, or lifetime), the subscription transaction is processed by Apple or Google and the receipt is validated through RevenueCat, a third-party subscription-management platform. RevenueCat receives:

An anonymous identifier generated by the App for your installation (a random UUID — not your name, email, or device ID).
The Apple/Google receipt token, including the product purchased, the renewal status, and the price tier.
Standard request metadata (IP address, user agent) which RevenueCat receives by virtue of you connecting to its servers.

RevenueCat exists so we can verify "is this user a Pro subscriber?" without running a backend. We do not associate this data with your real-world identity, and we do not receive your billing details — those stay with Apple or Google. RevenueCat's privacy policy is at revenuecat.com/privacy.

iOS waitlist email

If you submit an email address on the iOS waitlist page, we store that email address (and any optional context you wrote in the "what app is fixing your dopamine right now?" field) for the sole purpose of emailing you once when iOS launches. We do not run a newsletter, we will not market unrelated products to you, and we will not share or sell this address.

You can unsubscribe at any time by emailing devwriterco@gmail.com with the subject line "remove me." We will delete your address within 30 days.

What we do not collect

No account, no login, no username, no password.
No analytics SDK (no Firebase Analytics, no Amplitude, no Mixpanel, no PostHog, no Segment).
No crash-reporting SDK (no Crashlytics, no Sentry, no Bugsnag).
No advertising SDK and no advertising identifier.
No location data of any kind.
No contacts, photos, microphone, or camera access.
No web cookies for tracking. The marketing site uses no third-party cookies and no analytics.

The accessibility service described in §5 has the OS-level capability to read window content from any app. The App does not exercise that capability except for the picture-in-picture dismissal noted there. No screen contents, text fields, or app-window data are read for any other purpose, stored, logged, or transmitted.

03How we use it

The local data described above is used exclusively to operate the App's features — keeping score, running the game, enforcing blocks, and showing you stats. It is not used for advertising, profiling, or any "improvement of services" purpose that would imply transmission off your device.

Subscription data routed through RevenueCat is used for one purpose: confirming your Pro entitlement so the App unlocks Pro features.

iOS waitlist email is used for one purpose: sending you a single notification when the iOS app is publicly available.

04Third-party services

The complete list of third parties that ever receive any data from the Service:

Apple App Store / Google Play Store — for app distribution and subscription billing. Their privacy policies apply to anything they collect from you directly.
RevenueCat — to validate subscription receipts and confirm Pro entitlement, only if you subscribe.

That is the entire list. We do not use Google Analytics, Facebook SDK, TikTok pixel, AppsFlyer, Adjust, Branch, or any other third-party SDK.

05Device permissions (Android)

The App requests the following Android permissions. Each is used only for the stated purpose and never used to send data off your device:

PACKAGE_USAGE_STATS — to detect whether a blocked app has been opened, so the App can intercept it. Required for the core feature.
BIND_ACCESSIBILITY_SERVICE — to detect when a blocked app is in the foreground or running in a picture-in-picture window, so the App can intervene. Android grants this service the technical ability to read window content from any app; the App exercises that ability at exactly one moment — when an unlock session ends while the unlocked app is in picture-in-picture mode, the App dismisses the picture-in-picture window so playback actually stops. No window content is read for any other purpose, stored, logged, or transmitted.
SYSTEM_ALERT_WINDOW — to draw the unlock-session countdown overlay on top of other apps.
FOREGROUND_SERVICE / FOREGROUND_SERVICE_SPECIAL_USE — to keep the block enforcer running reliably.
QUERY_ALL_PACKAGES — to show your installed apps in the "pick your poison" list.
POST_NOTIFICATIONS — to surface session and timer notifications.
RECEIVE_BOOT_COMPLETED — to restore active blocks after a reboot.

06Children

Hitme is not directed to children under 13 (or under 16 in jurisdictions where that is the relevant threshold). The App's content is rated for teen audiences and contains simulated gambling-themed mechanics (blackjack against a virtual dealer, with no real-money wagers). We do not knowingly collect data from children. If you believe a child has provided data to us via the iOS waitlist, contact devwriterco@gmail.com and we will delete it.

07Your rights

Depending on where you live, you have rights under the GDPR, UK GDPR, CCPA/CPRA, or similar laws. Because virtually all data is on your device, most of these rights are exercised by you, on your phone, without our involvement:

Right of access / portability — your data lives in a local SQLite database on your phone. You may request an export by emailing us; for in-app data we cannot export it for you because we do not have it.
Right to delete — uninstall the app to destroy all local data. To delete waitlist email or RevenueCat-linked subscription data, see §8 Deletion.
Right to correct — for waitlist email, write to us. For local data, edit in-app.
Right to opt out of "sale" or "sharing" of personal information — we do not sell or share personal information for cross-context behavioral advertising. There is nothing to opt out of.
Right to withdraw consent — for the waitlist, unsubscribe at any time.
Right to lodge a complaint — with your local data-protection authority.

08Deletion

Because Hitme has no accounts, "account deletion" reduces to three concrete actions, depending on what you want to delete. The dedicated data deletion page walks through each one. In short:

In-app data — delete via Settings → "Reset data," or by uninstalling the app.
Subscription / RevenueCat data — email devwriterco@gmail.com with "delete subscription data." We will instruct RevenueCat to delete the anonymous app-user record within 30 days.
iOS waitlist email — email us with "remove me." We will delete the address within 30 days.

09Retention

Local data — kept until you delete it or uninstall the app. No automatic expiry.
Subscription / RevenueCat record — retained while your subscription is active and for up to 24 months thereafter for tax and dispute purposes.
iOS waitlist email — retained until iOS launch + 90 days, or until you unsubscribe, whichever is first.

10Security

Local data is stored in your operating system's app sandbox. RevenueCat receipts and waitlist emails are transmitted over TLS. We use unique anonymous identifiers rather than reusable personal identifiers wherever practical. No system is bulletproof, but our attack surface is small precisely because we collect very little.

11Changes

If we update this policy materially, we will revise the "Last updated" date at the top, and — if the change is significant — surface it in-app on your next launch. Continued use of the Service after a change constitutes acceptance.

12Contact

Privacy questions, requests, complaints, deletion requests:

Email: devwriterco@gmail.com
Subject lines we recognize: "delete subscription data," "remove me," "privacy request."

— THE HOUSE ALWAYS WINS · BUT NEVER WITH YOUR DATA —