Privacy Policy
LockIn Privacy PolicyEffective June 10, 2026 · Last updated June 10, 2026
LockIn (“we,” “us,” “our”) is a mobile application that helps people discover and share quiet places to study, focus, and work. This Privacy Policy explains what data we collect, how we use it, who we share it with, and the rights you have over your information.
1. Information We Collect
Account information: When you create an account we collect your name, email address, and a unique user ID. If you sign in with Google or Apple, we receive the basic profile information those providers share with us (name, email, profile picture, and a stable subject identifier).Location data: With your permission, we use your device’s approximate GPS location to surface study spots near you and to bias address autocomplete. Location is used in-session — we do not build long-term location histories and we do not sell location data.Activity & content you submit: Study sessions you log (venue, start/end time, focus rating, optional notes), favorites you add, venue reports you submit (noise rating, crowd, WiFi quality, stay policy, bathroom info, optional comments, optional photos), and any bathroom access codes you contribute.Subscription & payment data: If you upgrade to LockIn Pro, our payment processor Stripe receives your card details directly — LockIn never sees or stores your full card number. We retain your Stripe customer ID, subscription status, plan, and renewal date.Device & diagnostic data: Device model, operating system version, app version, language, time zone, crash reports, and anonymized event analytics used to debug and improve the app.
2. Why We Collect It
We use the data above to (a) create and secure your account, (b) show you nearby venues and personalized recommendations, (c) process your Pro subscription, (d) send transactional emails such as receipts, payment-failure notices, password resets, and replies to support requests, (e) detect and prevent fraud, abuse, and spam, (f) measure aggregate usage to improve the product, and (g) comply with applicable law.
3. Third-Party Services We Share Data With
We do not sell personal data. We share the minimum necessary data with these processors acting on our behalf:· Stripe — payment processing for LockIn Pro subscriptions. Stripe receives your name, email, country, payment method, and subscription metadata. Stripe’s privacy policy applies to that data. (stripe.com/privacy)· Resend — transactional email delivery (receipts, payment-failure alerts, support replies). Resend receives your email address and the message body.· Google Maps Platform (Places API) — venue search, address autocomplete, and venue photos. Google receives the search queries and coordinates needed to fulfill those lookups.· MongoDB Atlas — managed database hosting. Your account data, submissions, sessions, and favorites are stored in MongoDB Atlas instances we operate.· Emergent — application hosting and authentication infrastructure (including Google sign-in). Emergent processes data on our behalf.· Apple & Google — if you signed in with Apple ID or Google, those providers handle authentication; they may receive limited information from LockIn (such as login events) to keep your session secure.We may also disclose information when required by law, to enforce our Terms of Service, or to protect the rights, safety, or property of LockIn, our users, or others.
4. Public Content
Venue reports, ratings, photos, and bathroom-code submissions you contribute are visible to other LockIn users and are associated with your initials or display name. Please do not include private information in public submissions. Bathroom codes you submit are user-generated content and not verified by LockIn; use them respectfully and at your own discretion.
5. Cookies, SDKs & Analytics
LockIn is a native mobile app — we don’t use browser cookies. We do use the following client-side SDKs that may collect device identifiers and event data: Stripe React Native (payments), Expo (app runtime), and standard crash-reporting tools. We do not use third-party advertising trackers or behavioral ad networks.
6. Data Retention & Deletion
We retain account data while your account is active. If you delete your account, we delete personal identifiers within 30 days. Public submissions (ratings, comments) may remain on the platform in de-identified form to preserve venue history. Stripe retains billing records as required by law (typically 7 years).You can request deletion at any time by emailing theo.lockinsupport@gmail.com from the email associated with your account.
7. Your Privacy Rights
California residents (CCPA/CPRA): You have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of any “sale” or “sharing” (we do neither). To exercise these rights, contact theo.lockinsupport@gmail.com.EEA/UK residents (GDPR): You have rights to access, rectify, erase, port, restrict, or object to our processing, and to lodge a complaint with your local supervisory authority. Our legal bases are contract performance (providing the service), legitimate interests (improving the service, fraud prevention), and consent (for location and notifications, where applicable).All users: You may access, export, or delete your data by contacting us at theo.lockinsupport@gmail.com.
8. Children’s Privacy
LockIn is intended for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, contact theo.lockinsupport@gmail.com and we will delete it.
9. Security
We use encryption in transit (HTTPS/TLS), encryption at rest for the database, hashed passwords (bcrypt), short-lived session tokens, and least-privilege access controls. No system is perfectly secure — please use a strong, unique password and report suspicious activity to theo.lockinsupport@gmail.com.
10. International Data Transfers
LockIn is operated from the United States. If you access the app from outside the U.S., your information will be transferred to and processed in the United States and other countries where our service providers operate. Where required, we rely on standard contractual clauses for international transfers.
11. Changes to This Policy
We may update this policy from time to time. We will revise the “Effective” date above and, for material changes, notify you in-app or by email at least 7 days before the change takes effect. Continued use of LockIn after the effective date constitutes acceptance.
12. Contact Us
Questions, concerns, or requests? Email theo.lockinsupport@gmail.com — we respond to privacy requests within 30 days.
© 2026 LockIn. All rights reserved.