LongPlank ("the App", "we", "us") is published by Omar Shabab. This policy explains what the App does with your information so you can decide whether to use it. If you do not agree with this policy, do not use the App.
Summary
- LongPlank has no backend server. Your plank sessions and settings are stored on your device and, if you are signed into iCloud, synced only to your own iCloud account (Apple's CloudKit private database), which we cannot access.
- The App does not track you, does not serve advertising, and includes no third-party SDKs.
- The only identifier the App uses is your Sign in with Apple user ID, kept in the device Keychain and not synced to your other devices through iCloud Keychain.
- Apple Health integration is opt-in and write-only: the App never reads your Health data.
- Notifications are local (scheduled on your device by iOS), not sent from any server.
1. Information the App uses
1.1 Sign in with Apple user identifier
When you sign in with Apple, the App receives only your stable, app-scoped Apple user ID. It does not request your name or email address (no scopes are requested). This identifier is used to:
- Gate access to the App, and remember that you are signed in so you do not have to sign in again.
Sign in with Apple is separate from iCloud sync. The App does not use your Apple user ID to identify your synced data: your iCloud (CloudKit) private database is keyed to your device's iCloud account (see 1.2), which is independent of Sign in with Apple. A device can be signed in with Apple while having no iCloud account, in which case your data simply stays on that device.
The user ID is stored in your device's Keychain with kSecAttrAccessibleAfterFirstUnlock and is not synced to your other devices through iCloud Keychain. It is never transmitted to us or to any server we operate (there is no server).
Because Sign in with Apple is used for authentication, this identifier is declared as a collected "User ID" in our privacy manifest and in App Store Connect, classified as:
- Linked to you: Yes
- Used to track you: No
- Purpose: App Functionality (authentication)
1.2 Plank sessions and settings
The planks you hold and the settings you choose (your daily goal, reminder time, variant, and the Apple Health save preference) are stored using SwiftData in your device's App Group container. If you are signed into iCloud, these records sync to your own CloudKit private database in the container iCloud.com.omarshabab.longplank.
A CloudKit private database is readable only by you (the iCloud account owner). We, the developer, cannot read, browse, or access its contents. Apple hosts and encrypts it as part of your iCloud account.
1.3 Apple Health (opt-in, write-only)
If you turn on "Save planks to Apple Health" in Settings, the App asks for your permission to write two records to your Apple Health store for each completed plank:
- a Core Training workout spanning the hold, and
- a Mindful Minutes session spanning the same interval.
The App never reads any data from Apple Health (the authorization request specifies no read types). Health saving is entirely optional and is off by default. If you turn it off, the App stops writing to Health.
1.4 Notifications (local only)
If you enable reminders in Settings, the App schedules local notifications on your device through iOS:
- a daily reminder at the time you choose, and
- a streak-risk reminder, a one-shot late-day nudge when you have an active streak and have not yet met today's goal.
These notifications are created and delivered by iOS on your device. They are not sent from any server. The remote-notification background mode and the production APNs entitlement are used solely by CloudKit to sync your data across your devices; they are not used to send you marketing or server-driven notifications.
1.5 Diagnostic logging
The App writes local diagnostic logs using Apple's os.Logger (subsystem com.omarshabab.longplank). These logs stay on your device, are viewable only by you through Apple's tools (Console.app on a Mac you own and trust), and are not transmitted to us.
2. What the App does NOT do
- No tracking. The App does not track you across other companies' apps or websites, and does not combine data about you from other sources.
- No advertising. The App shows no ads and uses no advertising networks.
- No third-party SDKs or analytics. The App is built only with Apple's native frameworks. It contains no third-party analytics, crash reporting, or advertising SDKs.
- No backend server. We do not operate any server that receives your data. Your synced data lives in your own iCloud account.
- No sale of data. We do not sell, rent, or share your data with anyone.
- No required-reason API usage. The App does not call Apple privacy-relevant APIs that require a declared reason (for example, it does not use UserDefaults, file timestamps, system boot time, disk space, or active keyboard listings).
3. Data storage and retention
- On device: Your plank sessions, settings, and the Apple user ID in your Keychain remain on your device for as long as the App is installed.
- In your iCloud: Synced sessions and settings remain in your CloudKit private database for as long as you keep them. They are subject to your iCloud account's own storage and retention, which Apple controls, not us.
- Health data: Anything the App wrote to Apple Health is governed by your Health app settings and is not retained separately by the App.
4. Your choices and how to delete your data
- Sign in with Apple: Stop using Sign in with Apple with LongPlank from your Apple ID account page (Settings > your name > Password & Security > Apps Using Your Apple ID, or appleid.apple.com). The App clears the stored user ID from its Keychain when it detects that you have revoked access (on next launch). iOS may keep Keychain items after an app is deleted, so deleting the App does not by itself guarantee the identifier is removed.
- Apple Health: Turn off "Save planks to Apple Health" in the App's Settings to stop future writes. To remove entries the App already wrote, open the Health app, find the Core Training workout or Mindful Minutes session, and delete it. You can also revoke the App's Health access in Settings > Privacy & Security > Health.
- Notifications: Disable reminders in the App's Settings, or turn off notifications for the App in iOS Settings > LongPlank > Notifications.
- iCloud sync: Sign out of iCloud, or disable iCloud Drive for the App, to stop syncing. Your data remains locally on each device.
- Delete everything: Deleting the App from a device removes the on-device SwiftData store and the local notification schedules from that device. iOS may keep the Keychain user ID after deletion; it is cleared when you revoke Sign in with Apple as described above. To remove synced records from iCloud, sign in to iCloud.com or use the iCloud storage management view on your device to delete the App's iCloud data.
5. Children's privacy
LongPlank is a general-purpose fitness timer. It is not directed at children under 13, and we do not knowingly collect information from children. Sign in with Apple is not offered to accounts that Apple treats as child accounts without Family Sharing consent. If you believe a child has provided us with information, contact us so it can be removed.
6. International users
Your synced data is stored in your iCloud account under Apple's iCloud terms, which govern where and how Apple stores it. The App itself does not transfer your data to any country because it does not operate a server.
7. Security
Because the App has no backend, there is no central store of user data for us to protect. Your on-device data is protected by iOS device encryption and your passcode. Your synced data is protected by Apple's iCloud security controls for CloudKit private databases. The Apple user ID is stored in the device Keychain, which is encrypted by iOS.
8. Changes to this policy
If we change this policy, we will update the "Last updated" date above and, for material changes, note the change in the App or on this page.
9. The LongPlank website (longplank.app)
Everything above describes the iOS app. This website, longplank.app (the landing page and these legal pages), is a separate, static website and uses analytics, which the App does not:
- Google Analytics 4. The website uses Google Analytics to understand aggregate traffic (for example, how many people visit and which pages they read). This is provided by Google and is independent of the App.
- Consent first. Analytics runs under Google Consent Mode with analytics storage denied by default. Until you choose Accept on the cookie banner, no analytics cookies and no persistent identifier are set on your device: Google Analytics runs in a cookieless mode that may still send anonymous, aggregated measurement pings to Google. Choosing Decline (or ignoring the banner) keeps it cookieless; choosing Accept enables standard cookie-based analytics.
- Aggregate only. We use Google Analytics only to read aggregate website statistics, not to identify you, and the website sets no advertising cookies. As our analytics provider, Google receives and processes the website data it collects under Google's own privacy terms.
- Your control. Your choice is remembered in your browser. To change it, clear this site's storage in your browser settings and the banner will appear again.
10. Contact
For privacy questions or requests about this App, contact:
Omar Shabab
Email: help@longplank.app
Website: longplank.app