TwoHundred Management Ltd ("we", "us", or "our") built Stack: Daily Pledge (the "App") as a simple day-counter and daily pledge tool. This policy explains what information the App handles, why, and what your rights are. We have designed the App to collect as little data as possible.
We collect minimal information necessary to keep your progress safe across devices:
All App data — your day count, pledge history, chapter history, and preferences — is stored locally on your device
using Apple's standard UserDefaults mechanism. This data is always available offline and
does not require an account to function. Your chapter and relay data is also synced via Apple's
iCloud Key-Value Store, which allows your progress to transfer between your own devices signed in
to the same Apple ID. This data is governed by
Apple's iCloud terms and privacy policy.
When you sign in with Apple, the App syncs your chapter history and relay history to our backend hosted on Supabase (Supabase Inc., USA). This allows your progress to survive phone switches, reinstalls, and upgrades. Synced data includes:
This data is linked to your Supabase user account (which is linked to your Apple ID). It is protected by Row-Level Security — only you can read or modify your own data. You can delete your account and all server-side data at any time from Settings within the App (see Section 8).
The App includes a "relay" feature — anonymous messages from people who have reached the same milestone as you. This feature involves two types of data exchange with our backend, hosted on Supabase (Supabase Inc., USA):
Reading relay messages: When you reach a relay point, the App fetches a short anonymous message from our database. No user identifier, device ID, or personal data is sent as part of this request. We receive only standard server-log information (IP address and timestamp) that Supabase's infrastructure logs automatically, which we do not use to identify or track individuals.
Writing relay messages: Paid users can write a relay message for someone behind them. When you submit a relay message, the text you write is sent to our Supabase database along with the target day number and your current day number. No personal identifier or device ID is attached to this submission. Your message is stored anonymously and may be shown to other users at the corresponding milestone. Messages can be reported by other users and are automatically removed after multiple reports.
Supabase's privacy policy is available at supabase.com/privacy.
The App offers an optional one-time in-app purchase processed by Apple through StoreKit. All payment and billing information is handled by Apple; we never see, receive, or store your payment details. Apple's privacy policy governs these transactions and is available at apple.com/legal/privacy.
We use RevenueCat (RevenueCat Inc., USA) to manage purchase entitlements. RevenueCat's SDK collects a device vendor identifier (IDFV), purchase history, app version, and operating system version to verify your purchase status. This data is linked to your device (not your identity) and is used solely for the purpose of managing your in-app purchase. RevenueCat does not use this data for advertising or tracking. RevenueCat's privacy policy is available at revenuecat.com/privacy.
The App is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that a child under 13 has created an account, we will delete it promptly.
We do not sell, trade, or share your personal data with third parties. The third-party services the App communicates with are:
Your on-device data is retained for as long as the App is installed. Account data synced to our servers is retained until you delete your account. Relay messages you write are stored anonymously on our servers indefinitely or until removed through content moderation. When you delete your account, all account data (chapter history, relay history) is permanently and immediately deleted from our servers.
Depending on where you live, you may have rights under applicable privacy laws (including GDPR, UK GDPR, and CCPA) such as the right to access, correct, or delete personal data held about you.
Account deletion: You can delete your account at any time from within the App by going to Settings → Delete Account. This permanently removes your authentication record and all synced data from our servers. Local data on your device is also erased. This action cannot be undone.
If you have any other privacy concerns, please contact us and we will respond within 30 days.
Authentication tokens are stored in the iOS Keychain, which is encrypted by the Secure Enclave. On-device data is protected by iOS's built-in security model, including device encryption. Server-side data is protected by Supabase's infrastructure security, including encryption at rest and in transit. Row-Level Security policies ensure each user can only access their own data.
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the App after any changes constitutes acceptance of the revised policy.
If you have any questions or concerns about this privacy policy, please contact us at:
hello@twohundred.ai
TwoHundred Management Ltd
© 2026 TwoHundred Management Ltd. All rights reserved.