Privacy Policy

Effective date: 9 April 2026 Last updated: 9 April 2026

OnPace is a daily execution discipline app. This policy describes what data OnPace collects, how it is used, and your choices.

Short version: OnPace does not have user accounts. All of your task and routine data stays on your device unless you explicitly enable Pro cloud backup, in which case it is end-to-end encrypted with a key that never leaves your phone. We do not sell, rent, or share your data with advertisers.

Data stored on your device

The following is stored locally in an on-device SQLite database and never leaves your device unless you enable cloud backup:

• Tasks, routines, and their completion history
• Close Day scores and carry reasons
• Your streak, daily logs, and statistics
• App settings and preferences
• Category names and icons
• Notification preferences

OnPace does not ask for a login, email address, name, phone number, or any personally identifying information. If you uninstall OnPace, all of this data is deleted along with the app.

Optional cloud backup (Pro only)

If you subscribe to OnPace Pro and enable cloud backup, OnPace uploads an encrypted copy of your database to a Cloudflare R2 object storage bucket so you can restore it later.

The backup is encrypted on your device before upload using AES-256-GCM with a 32-byte random key. The key is generated on your device and stored exclusively in the iOS Keychain. It is never transmitted anywhere.

Consequence: we cannot decrypt your backup. If you lose access to your iPhone and its Keychain, your backup is irrecoverable. If you reinstall the app without restoring from a prior backup, the key is regenerated and earlier backups become inaccessible.

The backup file is keyed by your anonymous RevenueCat user ID so the correct file is returned when you restore.

RevenueCat (subscription management)

OnPace uses RevenueCat to manage Pro subscriptions and validate entitlement. When you open OnPace for the first time, RevenueCat assigns your device an anonymous user ID that does not contain your name, email, or Apple ID. This ID is stored locally and sent to RevenueCat on each subscription check.

RevenueCat privacy policy: https://www.revenuecat.com/privacy

Server-side AI features (Pro only)

Pro users who enable AI features and accept the in-app AI consent prompt can send task text to Anthropic Claude models via an authenticated proxy operated by us. The following data is sent per request:

• The task text you wrote
• Your 14-day behavioural pattern profile as a compressed summary (carry rate, hardest day of week, most-carried category)
• The specific AI action being requested

The proxy authenticates using your anonymous RevenueCat ID and forwards requests to Anthropic with zero data retention configured on the Anthropic side. We do not log your task text. We log aggregate request counts for rate limiting.

You can disable AI features at any time in Settings.

Analytics (PostHog, EU cloud)

OnPace uses PostHog analytics hosted in the EU (eu.i.posthog.com) to understand which features are used. We collect:

• Anonymous product event names (for example "paywall_shown", "task_completed")
• Your iOS version and device model
• App version
• An anonymous install identifier

We do not collect your task text, your name, your email, your IP address, or any personally identifying information. Session replay is disabled.

PostHog privacy policy: https://posthog.com/privacy

Crash reporting (Sentry, EU cloud)

OnPace uses Sentry hosted in the EU to capture crashes. Crash reports contain:

• The crash stack trace
• Your iOS version and device model
• App version
• An anonymous install identifier

Crash reports never contain your task text or any user-entered content. IP addresses are scrubbed before storage.

Sentry privacy policy: https://sentry.io/privacy/

Notifications

OnPace requests permission to send local notifications for daily task reminders, Close Day prompts, and pace alerts. All notifications are generated locally on your device. We do not use remote push notifications.

Children

OnPace is rated 4+ but is designed for adults and older teens managing their own tasks. We do not knowingly collect data from children under 13.

Your rights

Because OnPace does not collect personal identifying information, we cannot identify "your" data on our servers without your anonymous user ID. To delete all server-side records:

1. Open OnPace, go to Settings, and disable Cloud Backup and AI features.
2. Email privacy@onpace.day with the RevenueCat anonymous user ID shown in the Developer Options section of Settings. We will manually delete the corresponding backup file and RevenueCat record within 30 days.

Changes

We will update this policy as OnPace evolves. Material changes will be announced in-app.

Contact

Questions about this policy: privacy@onpace.day

Karo Bonas United Kingdom