Privacy Policy

Last updated: August 9, 2025

🛡️ Privacy first • No spam • Secure

1. Introduction

SLJ Labs Limited ("we," "our," or "us"), operating the Chime application, is a UK-based company committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chime iOS mobile application.

As a UK company, we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are registered with the Information Commissioner's Office (ICO).

Data Controller: SLJ Labs Limited, United Kingdom
Contact: privacy@chimealarm.app

2. Information We Collect

Information You Provide

  • Account Data: Name, email, profile picture (optional)
  • Authentication: Apple ID, Google Account, or email/password
  • Alarm Settings: Times, labels, sounds, and preferences
  • Group Data: Groups created/joined, shared alarms, invitation codes
  • Timer & Stopwatch: Your timer and stopwatch data

Information We Collect Automatically

  • Device Information: iPhone model, iOS version, app version
  • Usage Data: Features used, alarm success rates, app performance
  • Crash Reports: Technical data to improve stability
  • Universal Links: Group invitation interactions
  • Ad Data (Free Tier): Ad impressions and interactions via Google AdMob

Device Permissions (When Granted)

  • Notifications: To deliver alarm alerts
  • Calendar: To create events for your alarms (optional)
  • Contacts: To invite friends to groups (accessed only when sharing)
  • Motion & Fitness: For Step Counter challenges (optional)
  • Background Refresh: To ensure alarm reliability

Analytics Data (PostHog - Opt-in Only)

🔒 Your Control: Analytics require your explicit consent and can be disabled anytime.

  • App version, iOS version, and device model
  • Feature usage patterns and performance metrics
  • Error logs and crash reports (for app improvement)
  • UI response times and memory usage
  • Authentication method used (not credentials)
  • Session recording (separate opt-in required)

Data We DO NOT Collect

  • Location data or GPS coordinates
  • Contacts, photos, or media files
  • Personal communications or messages
  • Calendar events (processed locally only)
  • Financial or payment information

3. How We Use Your Information

Core App Functionality

  • Provide and maintain the Chime service across all devices
  • Enable secure authentication with Apple ID, Google, or email
  • Sync your alarms and settings across devices (CloudKit)
  • Enable group alarm coordination (Firebase)
  • Send critical alarm notifications and app updates
  • Provide customer support and technical assistance

App Improvement (With Your Consent)

  • Analyze feature usage to improve app functionality
  • Monitor performance and identify technical issues
  • Conduct A/B testing for new features (feature flags)
  • Track error patterns to enhance stability
  • Understand user behavior to optimize user experience

Data Processing Locations

  • Analytics Data: Processed by PostHog in EU data centers (GDPR-compliant)
  • Personal Data: Stored in Apple CloudKit (your region)
  • Group Data: Real-time coordination via Firebase (multi-region)
  • Authentication: Apple/Google servers + Firebase Auth

4. Information Sharing and Privacy Controls

🔒 Your Control

Only alarms you explicitly choose to share are visible to your friends. Private alarms remain completely private. Analytics data is only collected with your explicit consent.

Third-Party Services

We DO NOT:

  • Sell your personal information to third parties
  • Share your data with advertisers or marketers
  • Access your private alarms or personal content
  • Send promotional emails without your consent
  • Share analytics data with anyone except PostHog (and only with your consent)
  • Use your data for AI training or model development

We MAY share information:

  • With friends you've connected with (only shared alarms and group data)
  • When required by law or legal process
  • To protect the safety and security of our users
  • With service providers who help us operate the app (under strict data processing agreements)

5. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

  • Contract: To provide the Chime service you've requested
  • Consent: For analytics, marketing, and optional features
  • Legitimate Interests: To improve our service and ensure security
  • Legal Obligation: To comply with UK law

6. Payments & Subscriptions

Chime offers both free and premium subscription options:

  • Free Tier: Core features will always remain free
  • Payment Processing: All payments are processed through the Apple App Store. Where permitted by law and platform policies, subscription management may be handled by our payment service provider (currently RevenueCat)
  • Payment Security: We never directly receive, process, or store your payment card details
  • Subscription Data: Only subscription status and tier information is shared with us
  • Changes: We'll notify you at least 30 days before any pricing changes

For users in jurisdictions where alternative payment methods are required or permitted by law, we may offer additional payment options in compliance with local regulations.

7. Data Security

We implement industry-standard security measures including TLS encryption, secure authentication, regular security audits, and incident response procedures. We report any data breaches to the ICO within 72 hours as required by UK GDPR.

8. Data Retention

Configurable Data Retention

You control how long we keep your data with configurable retention periods in the app:

  • 1 Week (7 days) - Minimal data retention
  • 1 Month (30 days) - Default setting
  • 3 Months (90 days) - Extended usage patterns
  • 6 Months (180 days) - Long-term insights
  • 1 Year (365 days) - Maximum retention

Data older than your selected period is automatically deleted from all systems.

Account Data Retention

  • Authentication Data: Retained while your account is active
  • App Usage Data: Based on your retention settings
  • Analytics Data: Based on your retention settings (if opted in)
  • Group Data: Retained until you leave groups or delete account

Complete Data Deletion

You can request complete deletion of your account and all associated data through the app's Privacy Settings. This process:

  • Removes all personal data from our servers
  • Deletes analytics data from PostHog
  • Revokes authentication tokens
  • Removes you from all shared groups
  • Completes within 30 days (GDPR compliance)

9. Your Rights (UK GDPR)

✅ Your UK Data Rights

Under UK GDPR, you have extensive rights over your personal data.

Your UK GDPR Rights

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Delete your account and all data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Export your data
  • Right to Object: Opt-out of certain processing
  • Right to Withdraw Consent: Change permissions anytime
  • Right to Complain: Lodge a complaint with the ICO

Rights You Can Request via Email

  • Data Access: Detailed report of all data we have about you
  • Data Correction: Fix inaccurate information in your profile
  • Processing Restriction: Limit how we use your data
  • Data Portability: Transfer your data to another service
  • Objection to Processing: Stop certain data processing activities

Contact us at privacy@chimealarm.app for these requests. We respond within 72 hours.

How to Exercise Your Rights

You can exercise most rights directly in the app's Privacy Settings, or contact us at privacy@chimealarm.app. We respond within 30 days as required by UK GDPR.

To complain to the UK regulator: Information Commissioner's Office

10. Children's Privacy

Chime is not intended for children under 13 years old. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it.

11. International Data Transfers

As a UK company, we may transfer data outside the UK:

  • EU: PostHog analytics servers (adequate protection via EU-UK adequacy decision)
  • USA: Firebase, RevenueCat, AdMob (Standard Contractual Clauses)
  • Your Region: CloudKit stores data in your regional Apple data center

All transfers comply with UK GDPR requirements for international data transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through the app or via email. Your continued use of the app constitutes acceptance of the updated policy.

13. Contact Us

For privacy questions or to exercise your rights:

We respond to all privacy requests within 30 days as required by UK GDPR.

Back to Home