Privacy Policy — Enkrateia

1. What we collect and why

We collect only what the program requires to function. Nothing is collected for advertising.

Always collected (program operation)

Email address — your account identifier. Used to log in and receive your graduation artifact.
Program state — current day, phase, check-in ratings. Required to run the 90-day program.
Blocking configuration — whether the App Store is blocked, which web domains are blocked. Stored so blocking can be restored if the app is reinstalled.
Push notification token — to send daily check-in reminders and milestone alerts.
Partner email and name — if you set up an accountability partner. Used only to send the 5 program notification emails.

Collected only with your consent

Craving event counts — the number of times the block screen appeared per hour and per day. Never which apps triggered it. Used for your craving curve graph and anonymous research.
Journal entries — encrypted on your device with AES-256-GCM before upload. We store only ciphertext. See "Journal encryption" below.
Screen time self-report — hours per day at program start and Day 90. Used for your graduation summary only.
Product analytics — which screens were visited, which features were used. No personal content. Collected via PostHog with your explicit consent during onboarding.
Website analytics (optional) — landing-page traffic and waitlist conversion events using Google Analytics and/or PostHog, only after you accept the analytics prompt on the website.

Never collected

Which specific apps you blocked. Apple's Family Controls uses opaque tokens — the app never knows the app names.
URLs you visited or browsed.
Health data, location data, or contacts.
Journal content in plaintext — ever.
Payment information — handled entirely by Apple.

2. Journal encryption

Your journal entries are encrypted on your device using AES-256-GCM before they're sent anywhere. The encryption key is generated once, stored in your iPhone's Secure Enclave (iOS Keychain), and never transmitted to our servers or anyone else.

This means: if your device is lost or wiped without a backup, your journal entries cannot be recovered — not by us, not by anyone. This is intentional. Your journal is yours.

We will state this clearly in the app and will not pretend otherwise.

3. Accountability partner

If you add an accountability partner, we'll send them emails in 5 situations: when you start the program, when you hit milestones (Days 7, 30, 60, 90), if you miss a check-in for 48 hours, if you use the crisis override and confirm a temporary deactivation, and when you graduate.

Partners receive status updates only — never your journal content, check-in notes, or which apps you blocked. Every partner email includes an unsubscribe link.

4. Third-party services

We use the following services to operate Enkrateia:

Service	Purpose	Data shared
Supabase (US)	Database and authentication	Account info, program state, encrypted journal ciphertext. Row-level security — your data is isolated and inaccessible to other users.
RevenueCat	Subscription management	Purchase status only. We never see your payment details.
Apple	Payment processing, app distribution, Sign in with Apple	Governed by Apple's privacy policy.
Resend	Email delivery	Partner email address and program milestone data for the 5 notification emails.
Sentry	Crash and error monitoring	Technical error reports, stripped of personally identifiable information before transmission.
PostHog	Product analytics	Screen visits and feature usage — no personal content. Only active if you consented during onboarding. Withdrawable in Settings.
Google Analytics	Website analytics	Landing-page usage and conversion events (IP anonymization enabled). Only active if you accept website analytics consent.

5. Data retention and deletion

Your data is retained for the duration of your program plus 90 days — to allow the future-self letter delivery, if applicable. After that, inactive accounts are scheduled for deletion.

To delete your account immediately:

Go to Settings → Delete account (at the bottom of the screen). This clears all your data from our servers within 30 days. We will confirm deletion by email.

Or email us: [email protected]

6. Data export

You can request a copy of all data we hold about you. Email [email protected] and we'll send a JSON export within 72 hours. The export includes your program data, check-ins, and craving event counts. It will not include decrypted journal entries — we don't have the key.

7. Age requirement

Enkrateia is for adults 18 and older. If you are under 18, do not use this app. We do not knowingly collect data from anyone under 18. If we become aware that a user is under 18, we will delete their account promptly.

8. Changes to this policy

If we make material changes, we'll notify you via email and show the updated policy in the app before it takes effect. You can always find the current version at this URL.

9. Contact

For privacy questions and data requests:
[email protected]

For support:
[email protected]

Enkrateia Privacy Policy · Version 1.0 · Effective April 26, 2026
Native Group LLC