Privacy Policy
Last Updated: January 30, 2026
Summary
- We read HealthKit data (heart rate variability, sleep) to calculate stress scores
- We never access raw health data—only aggregate scores are synced
- If you connect a budget app (YNAB, Lunch Money), we access monthly spending totals only
- Your data is stored securely and encrypted
- We do not sell your data or share it with third parties
- You can delete all your data at any time
PurchaseRewind ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our iOS app and browser extension.
Information We Collect
Health Data (iOS App Only)
With your explicit permission, we access the following HealthKit data:
- Heart Rate Variability (HRV) — Used to estimate stress levels
- Sleep Analysis — Used to assess sleep quality
Important: We only read aggregate metrics. We do not access individual heart rate readings, workout data, or any other health information.
Device Information
- Device identifier — A random ID generated on your device to link your iOS app and browser extension
- Device type — Whether you're using iOS, Chrome, Safari, or Firefox
Usage Data
- Intervention responses — When you choose "I'll Wait" or "Continue Anyway" on shopping sites
- Timestamps — When data syncs occur
Budget App Data (Optional - Premium Feature)
If you choose to connect a budget app, we access the following data with your explicit authorization:
YNAB (You Need A Budget)
When you connect your YNAB account via OAuth, we access:
- Budget names and IDs — To identify which budget to display
- Monthly category budgets — Budgeted amounts by category for the current month
- Monthly spending totals — Aggregate spending by category for the current month
We do NOT access: Individual transactions, account balances, account numbers, payee information, memos, or any financial institution credentials.
Lunch Money
When you connect Lunch Money with your API key, we access:
- Monthly budget totals — Your budgeted amounts by category
- Monthly spending totals — Aggregate spending by category
We do NOT access: Individual transactions, linked account details, or any financial institution credentials.
How We Use Your Information
We use your information solely to:
- Calculate physiological risk scores — Combining HRV and sleep data to determine if you may be in a stress-influenced state
- Display purchase interventions — Showing gentle reminders on shopping sites when elevated stress is detected
- Show budget context — If you've connected a budget app, displaying your monthly budget vs. spending during checkout interventions to help you make informed decisions
- Sync data between devices — Ensuring your browser extension reflects your current state and budget information
We do not use your data for:
- Advertising or marketing
- Selling to third parties
- Building user profiles
- Any purpose unrelated to the core app functionality
Data Storage and Security
Where Data Is Stored
- On your device — Health calculations happen locally on your iPhone. Budget API tokens (YNAB access tokens, Lunch Money API keys) are stored securely in the iOS Keychain and never transmitted to our servers.
- On our servers — Only aggregate scores (stress level, sleep quality, risk level) and budget summaries (monthly totals only) are synced to enable the browser extension
Budget Data Handling
- Authentication tokens — Stored locally on your device using iOS Keychain; never transmitted to our servers
- Budget summaries — Only monthly budget and spending totals are synced to our servers for browser extension display
- Data refresh — Budget data is fetched directly from YNAB/Lunch Money APIs by your device; we do not act as a proxy
- No third-party sharing — Your budget data is never shared with any third party
Security Measures
- All data transmitted between your devices and our servers is encrypted using TLS/HTTPS
- Aggregate scores are stored in a secure, encrypted database
- Authentication tokens are stored securely using iOS Keychain and browser secure storage
- We use industry-standard security practices
Data Sharing
We do not share your personal information with third parties, except:
- Service providers — We use Railway for hosting, which processes data on our behalf under strict confidentiality
- Legal requirements — If required by law, court order, or government request
We will never sell your data.
Your Rights and Choices
Access and Control
- View your data — See your current stress and sleep scores in the app
- Revoke HealthKit access — Disable in iOS Settings > Privacy > Health > PurchaseRewind
- Disconnect budget apps — Disconnect YNAB or Lunch Money at any time in Settings > Budget Apps. This immediately revokes our access and deletes stored budget data.
- Unlink devices — Remove browser extension connections from the iOS app
- Delete your account — Use the "Delete Account" option in Settings, or contact us at privacy@purchaserewind.app to permanently delete all your data
Data Retention
- We retain your data only while your account is active
- Budget data is retained only while your budget app is connected; disconnecting immediately removes it
- Upon account deletion, all data (including any budget data) is permanently removed within 30 days
Children's Privacy
PurchaseRewind is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected such information, please contact us immediately.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by email. Your continued use after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or your data, contact us at:
Email: privacy@purchaserewind.app
California Privacy Rights (CCPA)
California residents have additional rights:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information (we do not sell data)
- Right to non-discrimination for exercising privacy rights
European Privacy Rights (GDPR)
If you are in the European Economic Area, you have rights including:
- Right to access your data
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
Our legal basis for processing is your explicit consent (for HealthKit data) and legitimate interest (for providing the service).
To exercise any of these rights, contact us at privacy@purchaserewind.app.