Privacy Policy

Last Updated: May 2026

Andy Arevalo ("we," "us," or "our") is committed to protecting your privacy. This policy covers all our iOS, iPadOS, watchOS, and macOS apps: Student Guardian (SchoolSync), OnTime Speaker Pro, OnStage Timer Pro, Not Another Twin Calculator, Not Another Stage Timer, Not Another Countdown, Not Another Fasting Timer, Not Another Coloring Book, Duse – Habit Tracker, ThermoTimer, RoadWatch CA, CareLedger, PawLedger, PetSitterPro, Healko, Kickoff (Weight Loss & Fitness), NetForge: Engineer's Toolkit, and future releases.

1. Our Privacy Principles

Our apps are designed to keep your personal data on your device wherever possible. We follow these principles across the whole portfolio:

On-device by default — Notes, settings, history, health entries, client records, timer configurations, and similar app content are stored locally on your device using iOS data containers.
No advertising trackers — We do not include Google Analytics, Firebase Analytics, third-party ad SDKs, or social-plugin trackers in any of our apps.
No user profiles for marketing — We do not build cross-app user profiles, sell data to third parties, or share information with data brokers.
No accounts required by default — Most apps work without creating an account. Where an account is needed (e.g. CareLedger / PawLedger backend AI features), the account is used only for service operation.

Some apps DO need to access specific data on-device or send specific information to a service in order to work — for example, PetSitterPro needs GPS to record a pet-sitting visit, CareLedger sends a prescription image to our AI processing service when you tap "Scan", and Healko reads selected Apple Health metrics with your explicit permission. Those flows are described per-app in Section 3.

2. Google API Services Usage (Student Guardian)

Student Guardian (SchoolSync) uses Google API Services to provide email synchronization functionality. This section describes our use of Google user data in compliance with the Google API Services User Data Policy.

2.1 Data We Access

When you connect your Gmail account, we request access to:

Gmail Read-Only Access (gmail.readonly): To read and display your school-related emails within the app
Email Address (userinfo.email): To identify your account and display your email address in the app

2.2 How We Use Google User Data

Your Google data is used exclusively to:

Fetch and display emails from senders you designate as "trusted sources" (schools, teachers)
Extract calendar events and dates from school communications
Generate AI-powered summaries of school emails (with your explicit action)
Identify grade notifications and newsletter content

        Important: We do NOT use your Google data for advertising, marketing, or any purpose unrelated to the app's core functionality of organizing school communications.
      

2.3 Data Storage and Protection

Your Google data is protected through multiple security measures:

Local-First Storage: Email content is stored locally on your device, not on our servers
Encrypted Credentials: OAuth tokens are stored in iOS Keychain with AES-256 encryption
Secure Transmission: All API communications use TLS 1.3 encryption
No Server Storage: We do not store your emails, attachments, or email content on any external servers
Token Security: Access tokens are refreshed automatically and can be revoked at any time through your Google Account settings

2.4 Data Retention and Deletion

Email data is cached locally for offline access and deleted when you disconnect your account
You can disconnect your Google account at any time in Settings, which immediately deletes all cached email data
You can also revoke access via Google Account Permissions

2.5 AI/ML Training Disclosure

        We do NOT use Google user data for AI or machine learning model training. When you request an AI summary of an email, the email content is processed in real-time and is not stored or used to train any models. The AI summarization feature uses third-party APIs that process data ephemerally and do not retain your content.
      

2.6 Third-Party Sharing

We do not share, sell, or transfer your Google user data to third parties except:

When you explicitly request an AI summary (processed by our summarization service)
As required by law or valid legal process

3. Per-App Data Flows

The following table summarizes what each app accesses, where it stores data, and what (if anything) it sends to a network service. All on-device data stays on your device unless you explicitly export or share it.

3.0 On-device storage (all apps)

Habit entries (Duse), calculation records (Twin Calculator), timer configurations (Stage Timer / Speaker Timer / OnStage Timer Pro / ThermoTimer / Not Another Countdown), favorite cameras (RoadWatch CA), patient profiles & medications & dose events & caregiver notes (CareLedger), pet profiles & vaccination & weight & vet records (PawLedger), client & pet & visit & invoice & expense & mileage records (PetSitterPro), fasting protocol selection & fast history (Not Another Fasting Timer), countdown events (Not Another Countdown), saved targets & workspaces & run history (NetForge), match data & weight log (Kickoff), Home Assistant URL & sync history (Healko), email data & OAuth tokens & calendar events (Student Guardian).
Data remains on-device unless you intentionally export, share, or sync it.

3.1 RoadWatch CA — Location data

RoadWatch CA requests location permission to show traffic cameras near you, calculate distances, and sort by proximity. Location data stays on your device. Camera images are fetched directly from the public Caltrans API. We do not track location history, do not send location to our servers, and do not have any servers in the loop for RoadWatch CA at all.

3.2 CareLedger — Health data and AI scanning

CareLedger handles sensitive health-related information for personal and family medication management:

On-device storage — Patient profiles, medications, dose events, symptoms, and caregiver notes are stored exclusively on your device.
Apple HealthKit — CareLedger may read and write specific HealthKit categories (e.g. medication, mood) only with your explicit permission via iOS prompts. You can revoke this at any time in iOS Settings → Privacy → Health.
AI features (optional, user-initiated) — When you tap "Scan prescription" or request "Medication info", the specific text or image being processed is sent over TLS to our Cloudflare Worker proxy (see Section 5) which forwards the request to an upstream AI provider. The AI provider processes the request in real time and does not retain content. We do not store the request or response on our servers.
Export control — You choose when and how to export (e.g. Visit Prep PDF summaries).

        Important: CareLedger is a personal health-tracking utility for individual and family use. It is NOT HIPAA-compliant, does not provide medical advice, and should not be used by healthcare providers or covered entities. Always consult a qualified healthcare provider for medical decisions.
      

3.3 PawLedger — Pet health data and AI med-info

PawLedger stores pet health records (vaccinations, medications, weight, vet visits, photos) on-device. AI features that look up medication information send the medication name (text only) to our Cloudflare Worker proxy (see Section 5) for forwarding to an upstream AI provider. We do not store pet health records on our servers. PawLedger is not a veterinary diagnostic tool and does not provide veterinary advice.

3.4 PetSitterPro — Location, calendar, photos, biometric, contacts

PetSitterPro is a business tool for independent pet sitters. With your explicit permission per iOS prompts, it accesses:

Location (precise GPS) for live visit tracking — recorded route is stored on-device and attached to the visit record.
Calendar (EventKit) to surface conflicts with your existing schedule.
Photos library only when you attach a receipt photo to an expense.
Face ID / Touch ID to lock the app between sessions; the biometric check itself is performed by iOS, not the app.
Contacts you enter (client name / phone / email) stay on-device for invoicing and visit reports.

None of the above is transmitted to our servers; reports and invoices are generated on-device and shared via Apple's standard share sheet when you choose to send them.

3.5 Healko — Apple Health and Home Assistant bridge

Healko is a home-automation utility that bridges Apple Health to a Home Assistant instance you control. With your explicit permission per iOS prompts:

It reads selected Apple Health metrics that you authorize (e.g. heart rate, steps, sleep) and sends those values, over TLS, directly to the Home Assistant URL you provide.
It writes values from your Home Assistant sensors back into Apple Health on your behalf.
Your Home Assistant URL and access token are stored only in the iOS Keychain on your device. They are not transmitted to our servers.
If you use Nabu Casa Cloud, traffic goes through Nabu Casa per its own terms; Healko is not a party to that connection.

        Important: Healko is a home-automation utility, not a medical device. It does not diagnose, treat, cure, or prevent any disease. The values displayed are the same metrics already stored in Apple Health on your device. Always consult a qualified healthcare provider for medical advice.
      

3.6 Kickoff — HealthKit and match-data fetching

Kickoff is a weight-loss and fitness tracker. With your explicit permission via iOS, it may read weight and body-fat values from Apple Health and write back any weight you log in-app. When you connect a league URL, Kickoff fetches public match data directly from that URL; no Kickoff servers are involved in this loop. All entries are stored on-device. Kickoff is not medical advice; do not use it to make medical decisions.

3.7 Student Guardian — Email, OAuth, calendar, AI summaries

Student Guardian uses Apple Sign-in plus IMAP / Gmail OAuth to read school-related emails you select. Email content is cached locally for offline access. With your explicit action, the app can send a specific email's text to our Cloudflare Worker proxy (see Section 5) for AI summarization. Section 2 above describes the Gmail-specific flow in more detail; this section applies equally to other email providers if connected.

3.8 NetForge — Network diagnostics on your behalf

NetForge runs network-diagnostic operations (DNS lookups, ping, traceroute, port scans, TLS inspection, etc.) on behalf of you, against hosts and IPs that you type in. The app sends those network requests directly from your device to the target host. Results are stored on-device. NetForge does not collect telemetry about the targets you scan, does not phone home, and does not send any of your queries to our servers.

3.9 Apps with no network use

The following apps operate entirely on-device with no network requests except where you explicitly initiate sharing: Not Another Twin Calculator, Not Another Stage Timer, Not Another Countdown, Not Another Fasting Timer, Not Another Coloring Book, Duse, ThermoTimer, OnStage Timer Pro, OnTime Speaker Pro.

4. Payment Processing

All transactions occur through Apple's system using your Apple ID. We receive only anonymized subscription status from Apple, never your payment details. Apple's own Privacy Policy applies to that transaction.

5. Service Providers

For the apps that have AI features (CareLedger prescription scanning + medication info, PawLedger pet-med info, Student Guardian email summaries), we operate a Cloudflare Worker proxy that receives the specific request from your device and forwards it to a third-party AI provider for processing. The Worker:

Does not log or persist your request body or the response.
Authenticates each request with a per-device token so we can rate-limit abuse, but does not associate the token with any personal identity.
Operates on Cloudflare's standard infrastructure under Cloudflare's own privacy and security terms.

The upstream AI provider (a major commercial LLM vendor) processes each request ephemerally and is contractually prohibited from training on or retaining the data per its enterprise API terms. We do not allow data to be used for model training under any circumstances.

5.1 What this means in practice

If you never tap the AI scan / AI summary buttons, no data leaves your device for these flows. The Cloudflare Worker is only invoked when you initiate an AI feature.

5.2 No third-party analytics SDKs

Our apps do not include Google Analytics, Firebase Analytics, advertising SDKs, social plugins, or behavioral tracking tools. The Cloudflare Worker described above is operational infrastructure for specific AI features, not an analytics service.

6. User-Initiated Data Sharing

Exported information (such as timer reports via email/messages or shared calendar events) remains outside our control once shared.

7. Child Safety

Our apps contain no child-specific data collection mechanisms. Student Guardian is designed for adults (parents or students) to manage school communications they receive; the app does not actively collect, profile, or process children's personal data.

8. Data Security

We implement industry-standard security measures to protect your data:

Encryption at Rest: Sensitive data stored using iOS Keychain (AES-256)
Encryption in Transit: All network communications use TLS 1.3
Secure Authentication: OAuth 2.0 with PKCE for third-party account connections
No Plain Text Storage: Tokens and credentials are never stored in plain text
Automatic Token Refresh: Access tokens are short-lived and automatically refreshed

9. Your Rights

You have the right to:

Access: View all data stored by our apps on your device
Delete: Remove all app data by deleting the app or using in-app data deletion options
Revoke: Disconnect third-party accounts (Gmail and other connected email providers) at any time via the app's Settings or directly in your account dashboard for that provider
Export: Export your data where export functionality is provided

10. Policy Updates

Changes will be published on this page with an updated "Last Updated" date. Continued use of our apps after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or to exercise your data rights:

Email: [email protected]
We typically respond within 48 hours.