Privacy Policy

Last updated: 18 June 2026

The short version. SpellTo keeps your child's data — the apps you guard, your settings, spelling words, and progress statistics — on the device, inside a private, app-only storage area. There are no accounts and no login. We do not sell data, we do not use third-party advertising or analytics SDKs, and we do not track you across apps or websites. The only information that reaches our servers is the anonymous subscription status needed to manage your purchase.

Contents

Who we are
Data stored on your device
No accounts or sign-in
Subscription & purchase data
Screen Time & Family Controls
What we do not collect
App privacy summary
Children's privacy
How information is shared
Retention & deletion
Your rights
Security
Changes
Contact

1. Who we are

SpellTo ("SpellTo", "we", "us") is an iOS app that helps families turn screen time into a moment of learning. A parent or guardian configures which apps to guard; when a guarded app is opened, the child completes a short spelling challenge to unlock it. This policy explains what information the app handles and how. The data controller is [Legal Entity], [Address], Norway. You can reach us anytime at privacy@spellto.com.

2. Data stored on your device

Almost everything SpellTo uses lives only on the device, inside Apple's private app-group storage. It is never uploaded to us and never synced to the cloud. This includes:

Your guarded-app selection. Chosen through Apple's Screen Time picker. iOS returns this to the app only as opaque, non-readable tokens — SpellTo cannot see the names or identities of the apps you select, and neither can we.
App settings. Challenge length, unlock duration, difficulty / grade level, and spelling language.
Spelling words. The built-in word bank plus any custom words you add (including an optional emoji or picture you attach).
Progress statistics. Per-day counts such as words completed, attempts, and first-try accuracy, used to show streaks and the weekly progress report. These are anonymous activity counters with no personal identifiers.

Because this data is on-device only, deleting the app removes it. We have no copy and cannot retrieve it for you.

3. No accounts or sign-in

SpellTo has no user accounts and no login. You never create an account or sign in, and we do not collect your name, email address, phone number, or any social / Apple sign-in identity. Whether your Pro features are unlocked is determined entirely by your Apple subscription on the device (see below) — there is no profile of you on our servers.

4. Subscription & purchase data

SpellTo Pro is an auto-renewable subscription sold through Apple's In-App Purchase. Apple processes the payment; we never see your card or payment details, and the app treats the subscription stored on your device as the source of truth. So we can keep accurate records of active subscriptions (for renewals, refunds, and support), Apple sends our server App Store Server Notifications about renewals, cancellations, refunds, and expiries. From these we store only:

The product identifier (which plan) and the transaction / original-transaction identifiers issued by Apple.
The current subscription status (active, in trial, expired, refunded) and the relevant dates.
An anonymous, app-generated identifier — a random ID created on your device that links a subscription to the install that bought it. It is not tied to your name, email, or Apple ID.

None of this identifies you personally. It is not used to track you and is never shared for advertising.

5. Screen Time & Family Controls

SpellTo uses Apple's Family Controls, Managed Settings, and Device Activity frameworks to apply the on-device shield and to measure usage of guarded apps so it can re-lock them. Important: these frameworks are designed by Apple to be privacy-preserving. They give the app only opaque tokens and usage thresholds — never the names, content, or browsing history of any app. None of this Screen Time information is transmitted off the device or to us.

6. What we do not collect

No advertising identifiers; we display no ads and run no ad SDKs.
No third-party analytics or tracking SDKs. We do not track you across other companies' apps or websites, so SpellTo does not present an App Tracking Transparency prompt.
No precise or coarse location.
No contacts, photos library, microphone, or camera access for tracking purposes (a picture you deliberately attach to a custom word stays on the device).
No browsing history or content of guarded apps.

7. App privacy summary (App Store nutrition label)

To match Apple's App Privacy questionnaire, here is exactly what SpellTo declares. We collect one category of data, it is not linked to your identity (we hold no account, name, or email), and none of it is used to track you:

Data type	Purpose	Linked to you	Used to track you
Purchases — Purchase History (subscription status / Apple transaction ids)	App functionality (manage and support your subscription)	No	No

We declare "Data Not Used to Track You." Your guarded-app selection, Screen Time / Family Controls usage, settings, custom words, and progress statistics are not declared as collected data because they never leave your device — Apple's frameworks provide only opaque tokens, and we have no copy. There is no advertising or analytics data, no contact info, and no location.

8. Children's privacy

SpellTo is a tool that parents and guardians configure and control, set up by an adult. The child uses only the spelling-challenge screen, which collects no personal information — it stores anonymous progress counters on the device. We collect no personal information from anyone, and no child data ever leaves the device, so SpellTo is designed to avoid collecting personal data from children under applicable laws including COPPA and GDPR/UK-GDPR.

We do not sell or rent personal information. The limited, non-identifying subscription data described above is handled only with:

Apple — for In-App Purchase and the App Store Server Notifications that report your subscription status.
Supabase — our backend processor, which stores the anonymous subscription records on our behalf, under a data-processing agreement.

We may also disclose information if required by law, or to protect our rights and the safety of users.

10. Retention & deletion

On-device data is retained until you change it or delete the app — deleting the app removes it, and we have no copy. The anonymous subscription records are retained while a subscription is active and for a short period afterward to meet legal, tax, and anti-fraud obligations, then deleted or anonymised.

No account to delete. SpellTo has no accounts, so there is nothing personal to remove — deleting the app erases your on-device data. To have the anonymous subscription records tied to your purchase deleted, email privacy@spellto.com with your App Store transaction id (from your Apple receipt) and we will action it.

11. Your rights

Depending on where you live (e.g. the EU/EEA, UK, or California), you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing. The legal bases we rely on are: performance of a contract (providing the subscription you signed up for), legitimate interests (validating purchases and preventing fraud), and consent where required. To exercise any right, contact privacy@spellto.com. You may also lodge a complaint with your local data-protection authority.

12. Security

On-device data is protected by iOS app sandboxing and device encryption. Data in transit to Apple and Supabase is encrypted with TLS. We restrict access to the limited subscription data we hold and review our processors' security practices.

13. Changes to this policy

We may update this policy from time to time. We will revise the "Last updated" date above and, for material changes, provide notice in the app or by email.

14. Contact

Questions or requests: privacy@spellto.com
General support: support@spellto.com