Privacy Policy

Last updated: March 2026

Applies to the Locked In mobile application

1. Who We Are

Locked In is a time-tracking and personal productivity application designed to help individuals focus on what matters, understand how they spend their time, and share their progress with friends. References to “Locked In”, “we”, “us” or “our” in this Privacy Policy refer to the company operating the Locked In app.

We are the data controller of the personal information you provide to us. This means we determine how and why your data is processed. If you have any questions about this policy or your data, please contact us at:

Email: contact@litebyte.co.uk

2. What Personal Data We Collect

When you use the Locked In app, we may collect the following categories of personal data:

Account & Identity Information

  • Full name or display name
  • Email address
  • Password (stored in encrypted form — we never store your password in plain text)
  • Profile photo (if you choose to add one)

Time Tracking & Activity Data

  • Sessions you record, including start time, end time, and duration
  • Activity labels and categories you create or assign to sessions
  • Notes or descriptions you attach to sessions
  • Streak and goal data associated with your account

Social & Sharing Data

  • Friends or connections you add within the app
  • Activity or focus session data you choose to share with friends
  • Any interactions with friends' shared content within the app

Analytics & Insights Data

To provide you with productivity insights — such as your most focused activity, average session length, and time-of-day patterns — we process the time tracking data you generate. This processing occurs to deliver the core features of the app and remains under your control.

Usage & Technical Data

  • App usage data, including screens visited and features used
  • Device type, operating system, and app version
  • IP address
  • Session timestamps and crash reports

3. How We Use Your Personal Data

We use the information we collect for the following purposes:

Delivering Core Features

  • To create and manage your account
  • To record, store, and display your time tracking sessions
  • To generate your personal productivity analytics and insights
  • To enable friend connections and the sharing of focus activity where you choose to do so

Service Improvement

  • To understand how the app is used and improve its features and performance
  • To monitor and address technical issues, bugs, and security concerns

Communications

  • To send you important service-related notices and updates
  • To respond to any support requests you submit

Legal & Safety

  • To comply with applicable laws and regulations
  • To prevent fraud, abuse, or misuse of the app
  • To protect the rights and safety of our users and team

We will not sell your personal information to third parties or use it for advertising purposes.

4. Legal Basis for Processing (UK & EU Users)

We are required under the UK GDPR to have a lawful basis for processing your personal data. We rely on the following:

  • Contract performance: to fulfil our obligations to you when you use Locked In — including storing your sessions, generating analytics, and enabling social features you have opted into
  • Legitimate interests: to improve the app, ensure security, and communicate with you about relevant service updates
  • Legal obligation: to comply with applicable laws
  • Consent: where you have specifically opted in, for example to optional push notifications or marketing communications

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

5. Third-Party Infrastructure & Sub-Processors

To deliver the Locked In app, we use the following trusted third-party infrastructure providers who process data on our behalf. These providers are carefully selected and operate under strict data processing agreements.

Supabase (Database & Authentication)

We use Supabase, Inc. to host and manage our application database and user authentication. Supabase acts as a data processor on our behalf, processing data only in accordance with our instructions.

Key facts about Supabase:

  • Your data is stored in the region we specify and does not leave that region without prior notice
  • All data is encrypted at rest using AES-256 and encrypted in transit via TLS
  • Supabase is SOC 2 Type 2 compliant, audited annually by an independent third party
  • Supabase is GDPR compliant and a Data Processing Addendum (DPA) is in place

For more information, see Supabase's privacy policy.

Other Third Parties

We may use additional third-party services for crash reporting, analytics tooling, and push notifications. We will update this policy if we introduce new sub-processors that materially affect how your data is handled. We do not sell your personal data to any third party, ever.

6. International Data Transfers

Our infrastructure provider, Supabase, is a US-based company. Where data is transferred outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission and UK ICO
  • Data Processing Addenda with all sub-processors

We take all reasonable steps to ensure your data is protected to the same standard regardless of where it is processed.

7. Data Retention

We retain your personal data for as long as necessary to deliver our services and meet our legal obligations. Specifically:

  • Account data — retained for the duration of your account, plus up to 2 years after account closure
  • Time tracking and activity data — retained for the duration of your account
  • Usage and analytics data — typically retained for up to 2 years

When we no longer have a legitimate need to retain your data, we will securely delete or anonymise it. You may also request deletion at any time (see Section 8).

8. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of your personal data (including all tracked sessions and analytics)
  • Right to restriction — to request that we limit how we use your data
  • Right to data portability — to receive your data in a commonly used, machine-readable format
  • Right to object — to object to processing based on legitimate interests
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at contact@litebyte.co.uk. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

9. Data Security

We take the security of your personal data seriously. Our security measures include:

  • Encryption of data at rest (AES-256) and in transit (TLS), provided through our infrastructure partners
  • Secure authentication and access controls within the app, including Row Level Security policies ensuring users can only access their own data
  • Access to personal data is restricted to authorised team members on a need-to-know basis
  • Regular security reviews conducted by our infrastructure providers

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. If you believe your data has been compromised, please contact us immediately at contact@litebyte.co.uk.

10. Children's Privacy

The Locked In app is not intended for use by individuals under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with their data without appropriate consent, please contact us immediately and we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, technology, or legal requirements. When we make material changes, we will notify you via the app or by email. The date at the top of this document indicates when it was last revised.

We encourage you to review this policy periodically. Continued use of the Locked In app after updates constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Email: contact@litebyte.co.uk

Phone: +44 7741 150103

Locked In — Stay focused. Track what matters.