Privacy Policy

Effective Date: March 16, 2026

1. Introduction

BinVision Solutions Inc. (“BinVision,” “we,” “us,” or “our”) is a corporation incorporated under the laws of the Province of British Columbia, Canada. We operate the Lock On mobile application and related services (collectively, the “Service”).

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Service. It is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), the British Columbia Personal Information Protection Act (PIPA), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and applicable requirements of the Apple App Store and Google Play Store.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: Email address and authentication credentials when you sign up via email (one-time passcode), Apple Sign In, or Google Sign In. If you use social sign-in, we receive a unique identifier and, if you grant access, your name and email.
  • Commitment data: The apps you select, daily time limits, pledge amounts, and commitment durations you configure within the Service.
  • Payment information: When you add a payment method, your card or bank details are collected and processed directly by our payment processor, Stripe, Inc. (“Stripe”). We do not store your full card number or bank account details. We receive and store only a Stripe customer identifier and a reference to your default payment method.
  • Communications: If you contact us for support or feedback, we collect the information you provide in that correspondence.

2.2 Information Collected Automatically

  • App usage data: With your permission, the Service reads aggregated screen time data from your device’s built-in screen time API (Screen Time on iOS, UsageStatsManager on Android). This includes package names (or bundle identifiers) and the number of minutes spent in each app per day. This data is used solely to evaluate whether you have met your commitment limits.
  • Device information: Your device timezone (used to align daily summaries) and push notification token (used to deliver notifications).
  • Daily summaries: For each active commitment, we store a daily summary including your limit, actual usage, and whether a charge was triggered.

2.3 Information from Third Parties

  • Authentication providers: Apple and Google may share your email address and a unique user identifier when you use their sign-in services.
  • Subscription platform: RevenueCat, Inc. (“RevenueCat”) processes your in-app subscription purchases through the Apple App Store or Google Play Store and shares your subscription status, renewal dates, and cancellation events with us.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and operate the Service: Create and manage your account, process commitments, track screen time against your limits, and charge your payment method when you exceed a commitment.
  • Subscription management: Process subscription purchases, verify your entitlements, and manage billing through the Apple App Store, Google Play Store, and RevenueCat.
  • Notifications: Send push notifications about commitment progress (e.g., when you reach 50%, 80%, or 100% of a daily limit) and transactional messages (e.g., charge receipts).
  • Improvement and analytics: Understand how the Service is used and identify areas for improvement. We use Mobana for attribution and conversion analytics.
  • Support: Respond to your inquiries and provide customer service.
  • Legal compliance: Comply with applicable laws, regulations, and legal processes, and enforce our Terms of Service.

4. Legal Basis for Processing

We process your personal information on the following bases:

  • Consent: You consent to data collection when you create an account, grant screen time access, enable notifications, or add a payment method. You may withdraw consent at any time (see Section 9).
  • Contractual necessity: Processing is necessary to perform the Service as described in our Terms of Service — for example, monitoring screen time and processing accountability charges.
  • Legitimate interest: We process data for analytics and service improvement where such processing does not override your rights and freedoms.
  • Legal obligation: We may process data to comply with applicable laws, such as tax and financial reporting requirements.

5. How We Share Your Information

We do not sell your personal information. We share information only with the following categories of recipients:

  • Stripe: Processes payment methods and accountability charges on our behalf. Stripe’s handling of your data is governed by the Stripe Privacy Policy.
  • RevenueCat: Manages in-app subscriptions. See the RevenueCat Privacy Policy.
  • Mobana: Provides onboarding flow hosting and conversion analytics. See the Mobana Privacy Policy.
  • Apple & Google: Process in-app purchases and provide authentication services. Subject to Apple’s and Google’s respective privacy policies.
  • Infrastructure providers: We use cloud hosting and database providers to operate the Service. These providers process data on our behalf under data processing agreements.
  • Legal requirements: We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Retention

We retain your personal information as follows:

  • Account data: Retained for as long as your account is active. When you delete your account, we remove your personal information within 30 days, except as required by law or for legitimate business purposes (e.g., financial records).
  • Commitment and usage data: Retained for the duration of the commitment plus 90 days to allow for dispute resolution, then anonymized or deleted.
  • Charge records: Anonymized (personal identifiers removed) and retained for seven (7) years to comply with financial and tax record-keeping requirements. The retained record includes only the date, amount, and payment processor reference — no information linking the record to your identity.
  • Analytics data: Aggregated, non-identifiable analytics data may be retained indefinitely for Service improvement.

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Secure token-based authentication (JWT) with secure storage of credentials on your device using platform-native secure storage (Keychain on iOS, Keystore on Android).
  • Access controls limiting employee access to personal data on a need-to-know basis.
  • Regular security reviews and dependency auditing.

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

8. International Data Transfers

Your personal information may be processed and stored in Canada, the United States, or other countries where our service providers operate. When your data is transferred outside of your jurisdiction, we ensure appropriate safeguards are in place, including contractual data processing agreements with our providers.

9. Your Rights and Choices

9.1 All Users

  • Access and correction: You may access and update your account information within the app.
  • Account deletion: You may delete your account at any time through the app settings. This removes your personal data from our systems promptly, and in any event within 30 days, subject to legal retention obligations. For details, see our Account Data page.
  • Notification preferences: You may disable push notifications through your device settings at any time.
  • Screen time access: You may revoke the Service’s access to screen time data through your device’s system settings. Note that this will prevent the Service from tracking your commitments.
  • Withdraw consent: Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

9.2 Canadian Residents (PIPEDA / PIPA)

Under PIPEDA and British Columbia’s PIPA, you have the right to access, correct, and challenge the accuracy of your personal information held by us. You may also file a complaint with the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia.

9.3 California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the CCPA/CPRA:

  • Right to know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to correct: You may request correction of inaccurate personal information.
  • Right to opt out of sale/sharing: We do not sell or share (as defined by the CCPA/CPRA) your personal information.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

To exercise any of these rights, contact us at [email protected].

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a person under 18, please contact us immediately at [email protected], and we will promptly delete such information.

11. Third-Party Links and Services

The Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to read the privacy policies of any third-party services you access through the Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the “Effective Date” at the top of this page and, where appropriate, by sending a push notification or in-app notice. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

BinVision Solutions Inc.
British Columbia, Canada
Email: [email protected]
Web: https://lockon.app