toward balance · privacy
Quiet by design.
Effective 10 June 2026
- Your data is yours. Your areas, activities, and logged occurrences are stored only so we can show them back to you, on your devices.
- No analytics, no trackers, no ads. We don't sell or share your data, and there is exactly one cookie — the one that keeps you signed in.
- You can leave anytime. Export everything as JSON, or delete your account — which permanently deletes all of your data, immediately.
Who we are
Toward Balance ("Balance", "we") is a personal-balance app for iOS and the
web, available at towardbalance.app,
built and operated by Cameron Dunn. Questions about this policy or your
data: privacy@towardbalance.app.
What we collect, and why
Your account
Sign-in is handled by Clerk, our
authentication provider. Clerk collects your email address and, optionally,
your name and profile photo, and manages your sign-in codes, passwords, and
sessions — none of which touch our servers. Our own database deliberately
does not store your email address: it holds only an opaque
link to your Clerk account, plus your app settings (such as reminder time
and timezone).
Your content
The heart of the product: the names and emoji of your balance areas, the
titles of your activities, and the timestamps of the occurrences you log.
We store this so your devices can show it back to you, and for no other
purpose. We keep it until you delete it — or delete your account.
Push notifications · optional
If you enable notifications on iOS, we store the Apple push token for your
device so our server can ask Apple to deliver reminders and updates.
Notification payloads carry only wake-up hints — never your content.
Tokens are deleted when you sign out of a device, when Apple reports
them invalid, when you delete your account, and automatically after
30 days unused (e.g. if you uninstall the app).
Your calendar (iOS) · optional
If you grant calendar access, Balance reads today's events on your
device to suggest things you might want to log.
Calendar data never leaves your device — it is not sent to
our servers, ever.
Diagnostics & logs
Like every web service, our servers keep operational logs: your account ID,
IP address, app version, and technical details of requests and errors. The
apps also report technical errors (for example, "sync failed") with
diagnostic context so we can fix bugs. These logs never include your areas,
activities, or occurrences, and they are deleted automatically after
90 days.
What we don't do
- No analytics or behavioural tracking, no advertising, no tracking pixels, no fingerprinting.
- We never sell, rent, or share your personal information for marketing — including as "sell" or "share" are defined by the California Consumer Privacy Act.
- One cookie only: the session cookie that keeps you signed in (set by Clerk). It is strictly necessary for the service; there are no marketing or analytics cookies.
Where your data lives
A small set of infrastructure providers process data on our behalf:
| Service | What it does | What it holds | Where |
|---|
| Clerk | Sign-in & accounts | Email, optional name/photo, sessions | United States |
| Neon (on AWS) | Our database | Your content & settings | United States (Oregon) |
| Fly.io | Runs our servers | Data in transit, operational logs | United States |
| Better Stack | Log storage | Operational logs (90 days) | European Union (Germany) |
| Apple | Push delivery & TestFlight | Device push tokens; TestFlight install/crash statistics | Per Apple's policies |
Depending on where you live, this means your data may be processed outside
your country — including in the United States and the European Union. We
rely on these providers' standard data-protection terms for those
transfers.
How long we keep things
| Data | Kept for |
|---|
| Your content & settings | Until you delete it, or delete your account |
| Device push tokens | Until sign-out, Apple reports them invalid, account deletion, or 30 days unused |
| Operational logs & diagnostics | 90 days |
| Encrypted database backups | 7 days, then expire automatically |
Your rights & controls
- Export. Account → Download my data gives you a
JSON archive of everything you've authored — settings, areas,
activities, and your full occurrence history.
- Delete. Account → Delete account is immediate
and permanent: the moment our authentication provider confirms the
deletion, our database permanently deletes everything tied to your
account. Backups expire within 7 days and logs within 90.
- Everything else. For correction, objection,
restriction, or any other request, email us. If you're in the EU or UK
these are your GDPR rights — access, rectification, erasure,
portability, restriction, and objection — and we honour them for
everyone, wherever you live. You also have the right to complain to
your local data-protection authority.
Where the GDPR applies, our legal bases are: performance of a contract
(storing and syncing your content — the service you asked for) and
legitimate interests (operational logs and diagnostics, for security and
reliability).
Security
Everything in transit uses HTTPS/TLS. Our infrastructure providers encrypt
data at rest. On iOS, your session and widget data are stored in the device
Keychain. No system is perfect — if we ever learn of a breach affecting
your data, we will tell you.
Children
Balance is not directed at children under 13, and we don't knowingly
collect personal information from them. If you believe a child has created
an account, contact us and we'll delete it.
Changes to this policy
If this policy changes, we'll update this page and its effective date.
For material changes we'll say so in the app.