SiegeTime Privacy Policy

SIEGETIME PTY LTD · ACN 698 284 212 · ABN 93 698 284 212

Effective date: 5 June 2026 · Last updated: 5 June 2026 · Version 1.0

This Privacy Policy describes how SIEGETIME PTY LTD (ACN 698 284 212, ABN 93 698 284 212) ("SiegeTime," "we," "us," or "our") collects, uses, stores, shares, and protects personal information when you use the SiegeTime iOS application and any related services (collectively, the "Service").

We take your privacy seriously. SiegeTime is a subscription-funded app. We do not run advertising, we do not sell your data, and we do not use your information to build profiles for third-party advertising purposes. The business model is simple: you pay a subscription, we provide the app.

Please read this policy carefully. By using the Service, you acknowledge that you have read and understood it.

1. Information SiegeTime collects

We collect the following categories of information, organized by how they are created.

1.1 Account information

When you create a SiegeTime account using Sign in with Apple, we receive from Apple:

• A unique Apple User Identifier (a stable, anonymized identifier that Apple generates for your account and our app).
• Your display name, if you have chosen to share it with us through Sign in with Apple.
• An email address, either your real email or an Apple-generated relay address, depending on the privacy setting you selected during sign-in.

We do not receive your Apple ID password, payment method, or any other Apple account information. Sign in with Apple is our only authentication method.

You also choose a username, which is stored in our systems and visible to friends you add on SiegeTime.

1.2 Focus session data

Each time you start, complete, or quit a focus session, we record:

• Session start and end timestamps (server-recorded).
• The duration you committed to and the actual duration of the session.
• The target building you selected (for example, Library or Watchtower), which corresponds to a life domain you chose to focus on.
• A multiplier and effective minutes value calculated from your session duration.
• Session status (completed, quit, emergency out, or abandoned).
• A cumulative count of seconds spent foregrounding blocked apps during the session ("distraction_seconds"). This is a single integer representing total distraction time. It does not include the names of the blocked apps, per-app durations, or any other app-identity information. See §2 for how this is collected.
• A count of distraction events (the number of times foreground use exceeded the session threshold).
• A snapshot of the three Adversary patterns you selected during onboarding.

We also store per-60-second heartbeat records during active sessions. Each heartbeat carries cumulative distraction_seconds, cumulative foreground_events, and a client timestamp. Heartbeats are used for session validation only. Heartbeat rows are deleted 30 days after the associated session record is finalized.

1.3 App block list data (FamilyControls)

SiegeTime uses Apple's FamilyControls framework to enforce the app block list you select before each session.

The apps you choose to block are selected through the iOS-native FamilyActivityPicker interface, which is a system-provided Apple UI. Your selections for a given session are stored on your device only. They are not transmitted to SiegeTime's servers.

The only FamilyControls-derived value that leaves your device is distraction_seconds, described in §1.2 above. No app names, no per-app usage data, no Screen Time history, and no app identifiers are transmitted to SiegeTime.

SiegeTime never reads or stores the full list of apps installed on your device.

This is consistent with the FamilyControls entitlement justification filed with Apple for this app.

1.4 Campaign and narrative data

As you progress through SiegeTime's six-chapter campaign, we store:

• Your current chapter and session counts at each chapter entry point.
• Your personal vision text, which you write during Chapter 4 (100 to 200 words). This is stored on our servers and displayed in the app. It is not shared with anyone else or used as an input to any advertising or profiling system.
• Revision history for your vision text (stored append-only; edits are gated to 25-session milestones by our servers).
• The three Adversary patterns you selected during onboarding (drift, pull, noise, low road, slip, or lure).

1.5 Streak and aggregated stats

We store lifetime and daily aggregated statistics, including:

• Lifetime focus minutes, sessions completed, sessions quit, longest streak, and current streak.
• Daily totals for effective minutes, sessions, and streak eligibility.
• Rest days you declare.

These aggregates are used to drive the citadel progression display, achievement system, and Telos personalization. They are not shared externally except as described in §4.

1.6 Pro tool data (subscribers only)

If you subscribe to SiegeTime Pro, we additionally store:

• Goals and accomplishments log (Library): goal titles (up to 80 characters), optional notes, target dates, status, and accomplishment text you write.
• Identity journal (Great Hall): journal entry text, an optional mood tag (on a 5-point scale), word count, and the date created.
• Block lists (Watchtower): named app block list configurations you save for reuse. Each block list stores the name you give it and the app bundle identifiers for the apps you chose to include.
• Telos memory (Great Hall): each week, a structured weekly summary is written to our servers. This summary includes your top building for the week, streak state, notable session events, goals progress, a sentiment summary of your journal entries, and a 1 to 2 line reflection generated by the Telos AI system. This summary is used to personalize subsequent Telos interactions. See §3 and §4 for how it is used and shared.

1.7 Friend and referral data

If you add friends on SiegeTime, we store:

• Friend request records (sender, receiver, status).
• A materialized friend pair list.
• Each friend can view a read-only version of your citadel, including building levels, the life domains you have been building, and any cosmetic elements (banners, plaques). They cannot see your vision text, journal entries, goals, or session history.

If you issue a Founder Invitation, we store the invitation record including the custom message you write, an invitation code, and the email address you send it to (nullable until redemption). The receiver sees only your chosen display name and your custom message. No phone numbers, contact lists, or other identifying information is accessed or shared as part of the referral system.

1.8 Payment and subscription data

SiegeTime uses RevenueCat to manage subscription state. We do not process payment card information directly. Apple handles payment processing through the App Store. RevenueCat receives subscription events from Apple (purchase, renewal, cancellation, refund) via webhook and stores your subscription status, which is used to determine your access to Pro features.

We store subscription events and cohort status in our database. We do not store payment card numbers, bank account information, or billing addresses.

1.9 Device and technical data

We store a device registry that associates your account with the device(s) you use the app on. This is used for session conflict prevention and push notification delivery.

We store notification preferences, including which notification types you have enabled and your preferred notification times.

We collect technical event data for product analytics purposes. See §7 for the analytics tools we use.

1.10 Crisis-event records

If SiegeTime's crisis-detection system identifies high-risk language in content you enter at a Telos check-in, it records a crisis event. This record stores: your user ID, a one-way hash of the triggering text (not the text itself), the date and time, confirmation that safety resources were shown to you, and the duration for which Telos triggers were suppressed. Crisis event records are deleted 90 days after creation. This data is restricted-access and is not used for any purpose other than safety monitoring.

2. How information is collected

2.1 Direct input

Most of your data comes directly from you: the sessions you start, the vision text you write, the journal entries you create, the goals you set, the friends you add.

2.2 Device-side computation (FamilyControls)

The distraction_seconds value is computed on your device by the iOS DeviceActivity framework during an active session. Your device counts the seconds you spend in foreground use on the apps you have chosen to block. This computation happens entirely on-device. At session completion, the result (a single integer) is transmitted to our servers as part of the session completion payload. No intermediate per-app data leaves your device at any point.

DeviceActivity monitoring is active only during an active, user-started focus session. It is not active at any other time.

2.3 Server transmission

Session data, including distraction_seconds, is transmitted to our Railway API server at session completion and via 60-second heartbeats during the session. All transmissions use HTTPS.

Your vision text, goals, journal entries, and Telos memory summaries are transmitted to and stored on our Supabase database when you create or update them.

2.4 Apple and RevenueCat

When you make a purchase through the App Store, Apple sends a subscription event to RevenueCat, which notifies our server via webhook. We receive subscription status information but not your payment details.

2.5 Analytics instrumentation

We collect product analytics events (for example, session started, chapter advanced, Pro conversion) using PostHog. See §7 for details.

3. How information is used

We use the information we collect for the following purposes:

Focus session enforcement. Session data, distraction_seconds, and block list configuration are used to run your focus sessions, calculate effective minutes, apply distraction penalties, and update your citadel progression.

Citadel and campaign state. Building progress, streak data, chapter progress, and session history are used to maintain and display your citadel and campaign state.

Telos personalization. Your weekly summary (user_telos_memory), current-day context, goals, recent journal entries, picked Adversary patterns, and current campaign chapter are provided as input to the Telos AI system to generate personalized responses at the seven trigger surfaces (morning, pre-session, post-session, weekly review, streak risk, rest day, campaign dialogue). This input is bounded and structured. The Telos system is trigger-only. No user-initiated chat interface is available in V1.0.

Subscription management. Subscription status received from RevenueCat is used to determine your access to Pro features and to enforce Founder pricing terms.

Fraud and cheat prevention. Session tokens, clock-drift checks on heartbeat timestamps, and server-authoritative session state are used to prevent session manipulation.

Safety monitoring. The crisis-detection layer reads optional check-in text at Telos trigger surfaces to detect high-risk language. If detected, safety resources are surfaced and a crisis event is recorded as described in §1.10.

Refund processing. Subscription and transaction records are used to process refund requests within the windows described in §5.

Analytics and product improvement. Aggregate and event-level analytics data is used to understand how the app is being used, measure retention and engagement, and improve the product.

4. How information is shared

SiegeTime shares your information only in the following limited circumstances.

4.1 Infrastructure processors

We use the following third-party services that process your data on our behalf as data processors:

Supabase: our database and authentication provider. Your account data, session history, campaign progress, goals, journal entries, vision text, Telos memory, and all other stored user data are hosted on Supabase's infrastructure, deployed in Australia (AWS Sydney, ap-southeast-2 region). Data stored in Supabase does not leave Australia.

Railway: our API server host. Session writes, trust-sensitive writes, and our server-side session validation logic run on Railway, deployed in Australia (Sydney region). Data processed by our Railway API does not leave Australia.

RevenueCat: our subscription management provider. RevenueCat receives subscription state events from Apple and exposes them to our API. RevenueCat processes your subscription status and Apple User Identifier. RevenueCat does not receive your journal entries, vision text, goals, or session content. RevenueCat's servers are located in the United States.

Anthropic: the AI model provider used by the Telos Strategic Agent. When a Telos trigger fires, a structured input package (weekly summary, current-day context, picked Adversary patterns, chapter state, and voice register constraints) is sent to Anthropic's API for processing. The response is a structured JSON object containing the generated line and metadata. Anthropic's API processes inputs in the United States. Anthropic's public API terms state that inputs submitted via the API are not used to train Anthropic's models by default. Journal entry content and vision text may appear in the Telos input package. Users should understand that this content is sent to Anthropic's US-based API when Telos is triggered.

PostHog: our product analytics provider. We send product event data (session lifecycle events, feature interactions, campaign progress events) to PostHog, deployed on PostHog's US Cloud. We do not send journal text, vision text, goal content, or distraction_seconds values as analytics events. PostHog processes data in the United States. See §9 for the cross-border transfer disclosure.

4.2 Friend visibility

Friends you add on SiegeTime can view a read-only version of your citadel, including building levels, domain distribution, and cosmetic elements. They cannot view your vision text, journal entries, goals, session history, or distraction data.

Referral recipients see only your chosen display name and the custom message you wrote for the invitation.

4.3 No advertising sharing

We do not share your personal information with advertising networks, data brokers, or any third party for advertising or marketing purposes. SiegeTime does not run advertising.

4.4 Legal compliance

We may disclose your information if required to do so by law, regulation, court order, or governmental authority, or to protect the rights, property, or safety of SiegeTime, our users, or others.

4.5 Business transfers

In the event of a merger, acquisition, or sale of all or a portion of our business assets, user information may be transferred as part of that transaction. We will notify users via the app or via email at least 30 days before any such transfer, and any acquirer will be required to honor this Privacy Policy or provide a new policy with at least equivalent protections.

5. Data retention

We retain your information for as long as your account is active. Specific retention rules by data type:

6. Your rights

6.1 Access

You may request a copy of the personal information SiegeTime holds about you by contacting us at privacy@siegetime.com. We will respond within 30 days.

6.2 Correction

If any information we hold about you is inaccurate, you may request correction. Most of your information (display name, username, notification preferences, vision text, goals, journal entries) can be corrected directly in the app. For account-level corrections, contact us.

6.3 Deletion

You may request deletion of your account and associated personal information by contacting us at privacy@siegetime.com or using the account deletion option in the app settings. We will process deletion requests within 30 days. Note:

• Deletion is permanent. Your citadel, campaign progress, session history, journal entries, goals, vision text, and Founder cohort status will all be permanently deleted. Founder cohort status cannot be restored after deletion.
• Subscription events are retained for financial record-keeping purposes as described in §5.
• Any data already included in aggregated, anonymized analytics that cannot be individually identified is not deleted.

The Australian Privacy Act 1988 (Cth) provides individuals with access and correction rights. The deletion right as described above is aligned with standard practice under the Act.

6.4 Export

You may request an export of your personal data in a machine-readable format by contacting us at privacy@siegetime.com.

6.5 GDPR rights (EEA users)

SiegeTime's initial entity is Australian and its primary launch markets are Australia and the United States. If SiegeTime has users in the European Economic Area at the time the App Store listing is made available in EEA territories, the EU General Data Protection Regulation (GDPR) may apply.

If you are located in the European Economic Area, you may have additional rights under the General Data Protection Regulation, including the right to object to processing, the right to data portability, and the right to lodge a complaint with your local supervisory authority. Contact us at privacy@siegetime.com to exercise these rights.

Our legal basis for processing personal information is:

• Contract performance: processing your account data, session data, and subscription data to provide the Service.
• Legitimate interests: product analytics, fraud prevention, and safety monitoring, where these do not override your privacy interests.
• Consent: where required by applicable law, for example for push notifications.

7. Cookies and tracking technologies

SiegeTime is a native iOS application. We do not use web cookies.

We use the following tools for analytics and attribution:

PostHog (product analytics): we send product event data to PostHog to understand how the app is used. Events include session lifecycle events (start, heartbeat, complete, quit), chapter progress, feature interactions, and conversion events. We do not send personal content (journal text, vision text, goal content) as analytics events. PostHog is deployed on US Cloud; see §9 for cross-border transfer disclosure.

SKAdNetwork (attribution): for paid advertising attribution (if and when paid user acquisition is active), we use Apple's SKAdNetwork framework, which provides aggregate, privacy-preserving install attribution to advertising networks without exposing individual user identity.

RevenueCat (subscription analytics): RevenueCat tracks subscription lifecycle events for the purpose of managing your subscription state and generating aggregate revenue analytics. RevenueCat does not receive your personal content.

We do not use advertising tracking identifiers (IDFA) without your explicit opt-in consent via Apple's App Tracking Transparency framework.

8. Children's privacy

SiegeTime is rated 17+ on the App Store.

We do not knowingly collect personal information from anyone under the age of 17. If we become aware that we have collected personal information from a person under 17 without verification of parental consent, we will delete that information promptly.

FamilyControls is used on a single-user, self-consent basis. The person using SiegeTime is blocking apps on their own device by their own choice. SiegeTime does not provide parental monitoring capabilities and is not designed for use by a parent to monitor a child's device.

9. International data transfers

SiegeTime is operated by an Australian entity (SIEGETIME PTY LTD, ACN 698 284 212, ABN 93 698 284 212). Our primary infrastructure (Supabase database and Railway API server) is deployed in Australia (Sydney). Data stored and processed by these services remains in Australia.

However, three service providers process data in the United States:

Anthropic (Telos AI processing): when Telos triggers fire, the structured input package is sent to Anthropic's API, which processes data in the United States. This is the primary cross-border data transfer under this policy. Journal entry content and vision text may appear in this input package.

PostHog (product analytics): product analytics events are processed in the United States via PostHog's US Cloud deployment.

RevenueCat (subscription management): subscription status events are processed in the United States by RevenueCat.

Under Australian Privacy Principle 8 (APP 8) of the Privacy Act 1988 (Cth), we take reasonable steps to ensure that overseas recipients handle personal information consistently with the Australian Privacy Principles. Before disclosing information to Anthropic (US), we confirmed that Anthropic's API terms prohibit training on API inputs by default, and we direct users' attention to this transfer in §4.1 of this policy.

If you are an EEA user, see §6.5 regarding the applicable transfer mechanism for EEA territories. The specific transfer mechanism for US-bound transfers (Anthropic, PostHog) will be specified before EEA App Store territories are activated.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you within the app and, where required by law, by email. The effective date at the top of this policy will be updated.

Your continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes. If you do not accept the revised policy, you may delete your account as described in §6.3.

11. Contact

If you have questions about this Privacy Policy or about how your information is handled, please contact:

SIEGETIME PTY LTD
ACN 698 284 212
ABN 93 698 284 212
2/33 Sisley Street
St Lucia QLD 4067
Australia
Email: privacy@siegetime.com

← Back to SiegeTime