Legal

Privacy Policy

Last updated: February 24, 2026

At Clepsy, we believe in helping you reclaim your time while fiercely protecting your privacy. This Privacy Policy outlines how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other global privacy laws.

1. Identity of Controller

Clepsy
Data Protection Officer: privacy@clepsy.com
General Contact: support@clepsy.com

2. Data We Collect

Following the principle of data minimization, we only collect what is strictly necessary:

  • Account Data: Email address for waitlist registration and eventual account creation.
  • App Usage Data: Time spent on "redirected" apps and "blocked" apps. This is core to Clepsy's operational mechanics (earning time to unlock apps).
  • Technical Data: Basic device identifiers required for screen time tracking mechanisms to function securely on your device.

3. Legal Basis for Processing

We process your data based on:

  • Consent: For joining our waitlist and receiving marketing communications.
  • Contract: For providing the core Clepsy service (tracking positive app usage to unlock recreational apps).
  • Legitimate Interest: For preventing fraud, ensuring security, and understanding aggregate app performance.

4. How We Use Your Data

Your data is used strictly for:

  • Providing the core time-locking and unlocking mechanics of the Clepsy app.
  • Sending you updates about our launch via our waitlist.
  • Improving the functionality and stability of our services.

We do NOT use your app usage data for targeted advertising, nor do we sell it to data brokers.

5. Data Sharing

We only share data with essential service providers necessary to operate Clepsy:

  • Database Providers: Upstash (Redis) for managing waitlist registrations securely.
  • Analytics Providers: Privacy-first analytics to understand aggregate, anonymized landing page traffic.

We strictly enforce Data Processing Agreements with all third-party vendors.

6. Your Privacy Rights

Depending on your jurisdiction (e.g., GDPR, CCPA), you hold strict rights over your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Deletion: You can request that we erase your personal data ("Right to be Forgotten").
  • Right to Object: You can object to processing based on legitimate interest or direct marketing.
  • Right to Data Portability: You can request your data in a structured, machine-readable format.
  • Right to Withdraw Consent: You can withdraw consent for waitlist emails at any time easily.

To exercise any of these rights, contact us at privacy@clepsy.com. We respond to all requests within 30 days.

7. Data Retention

  • Waitlist Data: Maintained until launch, or until you withdraw consent.
  • App Usage Data: Maintained only as long as you use the app. Aggregate data is anonymized.
  • Account Deletion: Data is purged within 30 days of account deletion, barring legal obligations.

8. Security and Privacy by Design

We deploy industry-standard encryption at rest and in transit. Our architecture explicitly applies Privacy by Design (PbD) principles. We calculate screen time on-device where possible, transmitting only the minimum necessary data to sync your Clepsy balance across devices.

9. International Transfers

If data is transferred internationally (e.g., to US-based servers), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.

10. Changes to This Policy

We may update this policy as Clepsy evolves. Material changes will be communicated via email prior to taking effect.