← MundaneApps

Privacy Policy

Version 2026-07 · Effective date 2026-07-07

The plain-English version: we try to be a good houseguest. If you never sign in, nothing about you ever leaves your device. Heads-Up works fully offline. Analytics and crash reporting are anonymous and off by default; you opt in, and can opt out anytime. We never sell your data, and you can leave with it whenever you want. The legal detail is below.

This policy describes how the Heads-Up app ("the app", "we", "us"), made by MundaneApps, handles your data. It is written to be truthful and specific about what the app actually does: every claim below is checked against the app's source code before each release (see our release checklist).

1. The short version

2. Data collected, by mode

Local-only mode (no sign-in)

Nothing leaves your device. Your cadences, custom tags, notification schedule, theme preference, and app icon choice are stored only in the app's local storage on your device (and, if you use the home-screen widget, briefly in the OS's widget storage on that same device).

To save you a step, the optional "region" field in your profile is pre-filled using your SIM/carrier country if available, or your device's language/locale setting otherwise. This is a coarse, two-letter country code only (e.g. "US", "IN"), read directly on-device via the operating system, never a phone number or precise location, and no separate permission is required to read it. This happens whether or not you ever sign in; the value only leaves your device if you sign in and it syncs as part of your profile. You can change it at any time.

Signed-in mode (optional)

When you choose to sign in with Google or Apple, we additionally process:

DataPurpose
Email address (from your sign-in provider)Account identification; transactional email (see §6)
Optional profile: name, gender, occupation, region (region may be pre-filled from your SIM/carrier country or device locale, see above)Shown back to you in the app; not used for any other purpose
Cadence data (titles, schedules, tags, notes)Cloud backup and, on our Pro+ plan, cross-device sync
Purchase/subscription statusDetermining your plan tier (Free / Pro / Pro+)
A device identifier and a device label you can editEnforcing the Pro plan's single-device backup slot, and detecting when you've switched devices
Consent record: policy version and timestampEvidence that you accepted this policy and our Terms of Service

We do not collect your birth date, phone number, or precise location. We do not collect age or any data intended to identify whether you are a minor. See §8.

3. Analytics & crash reporting (optional, consent-based)

With your explicit opt-in consent, Heads-Up uses two services to understand how the app is used and to fix crashes:

Both are disabled by default. We ask once, during onboarding, and you can change your choice at any time in Settings → Privacy → "Share usage & crash data." When off, neither SDK is initialised and nothing is sent.

Neither service receives your name, email address, or the contents of your cadences. If you are signed in, events are tagged with the same anonymous account identifier used for sync (never your email). We do not use these tools for advertising or cross-app tracking, and we do not build an advertising profile of you.

4. Where your data is hosted

Signed-in data is hosted on Supabase, in the European Union (Frankfurt region). Cadence and profile data at rest lives in that region.

5. Who we share data with (sub-processors)

We use a small number of service providers to run the app's optional cloud features. None of them receive more data than they need, and none may use your data for their own purposes.

Sub-processorWhat they receivePurpose
SupabaseEverything in the "Signed-in mode" table aboveDatabase hosting, authentication
GoogleYour Google account info (if you sign in with Google), and your app-store purchase data (Play Store)Sign-in; subscription billing
AppleYour Apple ID info (if you sign in with Apple, currently unavailable, see §11), and your app-store purchase data (App Store, once launched)Sign-in; subscription billing
RevenueCatYour purchase/subscription status and an anonymous purchaser idSubscription management across stores
ResendYour email address, for the specific transactional emails listed in §6Sending those emails
PostHog (EU Cloud)Anonymous product-usage events and an opaque user id, only if you opt inProduct analytics to improve the app
Sentry (EU region)Crash/error diagnostics (stack trace, device/OS metadata, opaque user id), only if you opt inCrash reporting and stability

We do not sell any of this data, and we do not share it with anyone for advertising purposes.

6. Transactional email

If you sign in, we send you email only for account events you triggered or that affect your account directly:

These are transactional, not marketing, emails: we don't send newsletters or promotional email, and there is no separate marketing list to opt out of.

7. Retention: how long we keep your data

What happenedCloud contentDeletion markerYour device
You sign outUntouchedNoneUntouched
You delete one cadenceRemoved from our servers within 30 daysKept until you delete your accountRemoved immediately
Clear all data → This device onlyUntouched (re-downloads next sync)NoneWiped
Clear all data → EverywhereRemoved immediatelyKept until you delete your accountWiped
Subscription lapsesRemoved 30 days after lapsingKeptUntouched
You delete your accountEverything permanently deleted 30 days after you delete, unless you restore firstDeleted with the accountUntouched

In plain terms: content you delete is removed from our servers within 30 days, immediately if you use Clear All Data. Anonymous deletion markers (just an id and a "this was deleted" flag, no content) are kept so a device that comes back online later can't resurrect something you deleted; those markers are erased when your account is deleted.

8. Children

Heads-Up is not directed at children and is intended for users 18 and older (see our Terms of Service). We do not knowingly collect data from children, and we do not collect age or birth-date information from anyone, at any age.

9. Your rights

Regardless of where you live, you can:

If you are in the EU/EEA or UK, these rights are provided under the GDPR / UK GDPR. If you are in India, they are provided under the DPDP Act. We extend the same rights to users everywhere, regardless of location.

10. Contact

Questions, requests, or concerns about this policy: info@mundaneapps.com.

11. Changes to this policy

We may update this policy as the app changes. For a material change, the in-app policy version (currently 2026-07) is bumped, and signed-in users see a one-time notice the next time they open the app, with a link to review the change before continuing. Typo-level or clarifying edits do not trigger a new notice. This page always shows its current version and effective date.

Sign in with Apple is currently unavailable in this build (the developer is on a free Apple team); Google sign-in is available. This section will be updated when Apple sign-in ships.