Get Dhumb

Privacy policy

05/2026

Effective Date: 17 May 2026 Last Updated: 17 May 2026

Table of Contents

  1. Introduction
  2. About dhumb
  3. Information We Collect
  4. How We Use Your Information
  5. Legal Bases for Processing (EEA, UK, Switzerland)
  6. App Tracking Transparency (ATT)
  7. Push Notifications
  8. Third-Party Service Providers and Recipients
  9. International Data Transfers
  10. Data Retention
  11. Data Security
  12. Your Privacy Rights
  13. How to Delete Your Data
  14. Children's Privacy
  15. Changes to This Privacy Policy
  16. Contact Us

1. Introduction

This Privacy Policy describes how Brainmedia, s.r.o. ("Brainmedia," "we," "us," or "our") collects, uses, discloses, and protects information when you use the dhumb mobile application (the "App") and any related services (collectively, the "Service").

By downloading, installing, or using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Privacy Policy, you must not use the App.

Data Controller:

Brainmedia, s.r.o.

9. mája 336/3, 956 11 Ludanice, Slovakia

Company ID (IČO): 47 027 282

VAT ID: SK2023703033

Email: hey@getdhumb.com

For all privacy-related inquiries, requests, or complaints, please contact us at hey@getdhumb.com.

We have not appointed a Data Protection Officer, as we are not required to do so under Article 37 of the GDPR.

2. About dhumb

dhumb is a digital-wellbeing tool that helps you become aware of how much time you spend on distracting apps such as Instagram, TikTok, X, and similar platforms. The App operates through two core mechanisms:

  1. Time summaries — the App shows how much time you have spent on the apps you have selected to track, using Apple's Screen Time data accessed via Apple's FamilyActivity API.
  2. Local sarcastic notifications — when you exceed a time threshold you have set, the App delivers a local notification designed to interrupt doomscrolling.

dhumb does not:

  • Block or restrict any application on your device
  • Operate any proprietary backend server
  • Use Firebase, Supabase, or any custom database
  • Store user data on any server other than RevenueCat (used solely for subscription management)

3. Information We Collect

3.1 Information You Provide During Onboarding

When you first open the App, you complete an onboarding flow. The following data points are collected and stored as user attributes in your anonymous RevenueCat profile:

FieldDescription
Nickname / first nameA nickname or first name you choose to provide. You may use a pseudonym; we do not require your real name.
Age rangeA general age bracket — not your exact date of birth.
GenderOptional. You may select "Prefer not to say."
Selected social media appsWhich social media services you wish to track.
Self-reported usage levelYour subjective estimate of how much time you spend on distracting apps.
Methods previously triedApproaches you have already attempted to reduce your social media use.
Target hours per dayThe number of daily hours you would like to spend on distracting apps. This is informational only — the App does not enforce any limit.
Readiness to changeYour self-reported willingness to change your habits.
Time of day usageWhen you most frequently use social media (e.g., morning, evening).
Awareness of consequencesYour reflection on what overuse of social media costs you.
Notification permission statusWhether you allowed local notifications.
Subscription statusWhether you currently have an active paid membership or trial.

We do not collect your full legal name, email address, postal address, payment details, telephone number, photographs, contacts, precise geographic location, biometric data, government-issued identifiers, or any sensitive category of personal data as defined under Article 9 of the GDPR.

3.2 Information Collected via Apple's FamilyActivity (Screen Time) API

The App relies on Apple's FamilyActivity API (Screen Time API). This framework is designed by Apple with strong privacy protections built in:

  • When you select apps to track, iOS returns opaque application and category tokens to dhumb. We never receive the actual names of the apps you selected.
  • All time-usage measurement is performed entirely on your device by iOS. The raw screen-time data never leaves your device and is never transmitted to us or to any third party.
  • We receive a callback from iOS only when a time threshold you have configured is exceeded, which triggers a local notification on your device.

In summary: Brainmedia has no technical means to know which apps you are tracking, or how much time you have spent on any specific app. All such data remains on your device under your control and is governed by Apple's privacy policies.

3.3 Information Collected by Third-Party SDKs

The App integrates the following third-party software development kits ("SDKs"):

a) RevenueCat (subscription management — processor acting on our behalf)

  • An anonymous App User ID is automatically generated by the RevenueCat SDK. This identifier is randomized and is not linked to your Apple ID, email address, or any other personally identifying information.
  • Purchase history and subscription status, derived from Apple receipt validation
  • The user attributes listed in Section 3.1, which we send to RevenueCat so that we can recognize subscription state and analyze aggregated product data
  • Device-level information automatically collected by RevenueCat, including: IP address, country, app version, operating system version, device model, RevenueCat SDK version, and timestamps of events

b) Meta SDK (analytics and advertising attribution — independent / joint controller)

The Meta SDK enables us to measure the effectiveness of advertising campaigns we run on Meta's platforms (Facebook, Instagram). It collects:

  • Device and app information (device model, screen dimensions, CPU type, storage size, OS and version, app package name)
  • Network information (mobile operator or ISP, language, time zone, IP address)
  • App events (app installs, app launches, in-app purchases, custom events related to onboarding completion and subscription)
  • Identifier for Advertisers (IDFA)only if you grant permission via the App Tracking Transparency (ATT) prompt described in Section 6.

c) TikTok Business SDK (analytics and advertising attribution — independent / joint controller)

The TikTok SDK enables us to measure the effectiveness of advertising campaigns we run on TikTok. It collects substantially similar data to the Meta SDK:

  • Device and app information (device model, operating system, app version, screen resolution, language, time zone, mobile carrier)
  • IP address
  • App events (installs, launches, conversion events)
  • IDFAonly if you grant permission via ATT (see Section 6).

3.4 Information from Apple

When you purchase a subscription, Apple processes the payment. We do not receive your credit-card number, bank details, full name, billing address, or Apple ID. We receive only a transaction receipt, which RevenueCat validates with Apple's servers to confirm your subscription status.

If you have enabled "Share with App Developers" in your iOS settings, Apple may share aggregated, anonymized crash and performance data with us via App Store Connect. This data is not personally identifiable.

4. How We Use Your Information

We use the information described above for the following purposes:

  • To operate the App — to process your onboarding answers, save your tracking preferences, and deliver local notifications when thresholds you have set are exceeded.
  • To manage your subscription — to verify your purchase with Apple through RevenueCat, recognize you as a paying or trial user, and enable restore-purchase functionality.
  • To improve the App — to analyze aggregated user attributes (for example, which onboarding patterns correlate with subscription) to inform product decisions.
  • For marketing and attribution — to measure the effectiveness of advertising campaigns on Meta and TikTok and, where you have granted ATT consent, to enable advertising personalization on those platforms.
  • To prevent fraud — RevenueCat validates Apple receipts to detect and prevent fraudulent subscription claims.
  • To comply with legal obligations — to respond to lawful requests from competent authorities and to fulfill our tax and accounting obligations.

We do not sell your personal information in the traditional sense. However, certain sharing of identifiers and event data with Meta and TikTok for advertising-attribution purposes may qualify as a "sale" or "sharing" under the California Consumer Privacy Act — see Section 12.B for details and opt-out instructions.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing your personal data under the GDPR and UK GDPR are:

  • Performance of a contract (Art. 6(1)(b) GDPR) — to provide the App's core functionality, process your subscription, save your onboarding preferences, and deliver the Service you have requested.
  • Consent (Art. 6(1)(a) GDPR) — for advertising personalization and attribution via the Meta and TikTok SDKs, only when you grant permission through Apple's App Tracking Transparency prompt. You may withdraw this consent at any time in your iOS device's settings (Settings → Privacy & Security → Tracking).
  • Legitimate interests (Art. 6(1)(f) GDPR) — for internal product analytics, fraud prevention, and aggregated business intelligence, where our interests are not overridden by your fundamental rights and freedoms.

We do not rely on automated decision-making or profiling that produces legal or similarly significant effects on you.

6. App Tracking Transparency (ATT)

In compliance with Apple's App Tracking Transparency framework, the App will display a system prompt asking whether you permit dhumb to track your activity across other companies' apps and websites.

  • If you select "Ask App Not to Track": Your IDFA will not be made available to dhumb, the Meta SDK, or the TikTok SDK. Advertising attribution may still occur in an aggregated, non-personalized manner permitted by Apple's SKAdNetwork framework.
  • If you select "Allow": Your IDFA is shared with the Meta and TikTok SDKs for advertising measurement, attribution, and audience-building purposes.

You may change this setting at any time in Settings → Privacy & Security → Tracking on your iOS device.

7. Push Notifications

dhumb uses only local notifications, scheduled and delivered entirely by the iOS operating system via Apple's UNUserNotificationCenter framework. We do not use Apple Push Notification service (APNs), Firebase Cloud Messaging, or any remote push-notification provider. No data about when, why, or which notification is shown is transmitted to us or to any third party.

You may disable notifications at any time in Settings → Notifications → dhumb.

8. Third-Party Service Providers and Recipients

We share information with the following categories of recipients:

RecipientRolePurposePrimary LocationPrivacy Policy
RevenueCat, Inc.ProcessorSubscription management, receipt validation, user-attribute storageUnited Statesrevenuecat.com/privacy
Meta Platforms, Inc.Independent / joint controllerAdvertising attribution and measurementUnited States, Irelandfacebook.com/privacy
TikTok / ByteDanceIndependent / joint controllerAdvertising attribution and measurementUnited States, Ireland, Singaporetiktok.com/legal/privacy-policy
Apple Inc.Independent controllerApp Store distribution, in-app purchase processing, FamilyActivity API, local notifications, anonymized diagnosticsUnited States, Irelandapple.com/legal/privacy

We require all processors to provide a level of data protection consistent with this Privacy Policy and applicable law, including by entering into Data Processing Agreements where required under Article 28 of the GDPR. We do not control how independent third-party controllers (Meta, TikTok, Apple) process your data once it has been transmitted to them; their use of your data is governed by their respective privacy policies linked above.

We do not disclose your personal information to advertising networks, data brokers, or any other third parties beyond those listed above, except where required by law or to protect our legal rights.

9. International Data Transfers

Because RevenueCat, Meta, TikTok, and Apple are based in or operate from the United States and other countries outside the European Economic Area, the United Kingdom, and Switzerland, your personal information may be transferred to, stored in, and processed in countries that have different data-protection laws than your country of residence.

Where personal data is transferred outside the EEA, UK, or Switzerland, we rely on appropriate safeguards, which may include:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission and the UK Information Commissioner's Office
  • The EU–U.S. Data Privacy Framework and its UK and Swiss extensions, where the recipient is certified
  • Other lawful transfer mechanisms recognized under applicable law

You may request a copy of the safeguards in place by contacting us at hey@getdhumb.com.

10. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy:

  • Onboarding attributes stored in RevenueCat: retained for the lifetime of your anonymous RevenueCat profile, or until you request deletion (see Section 13).
  • Purchase and subscription history: retained for as long as required by Apple's receipt-validation requirements and by applicable tax and accounting law (typically up to ten years under Slovak Act No. 431/2002 Coll. on Accounting).
  • Meta and TikTok event data: retained in accordance with those providers' respective retention policies.
  • Local data stored on your device: persists until you uninstall the App, at which point all such data is permanently removed by iOS.

After the applicable retention period expires, we will delete or anonymize the data so that it can no longer be associated with you.

11. Data Security

We implement reasonable technical and organizational measures designed to protect your data, including:

  • HTTPS/TLS encryption for all data transmitted between the App and third-party services
  • Reliance on Apple's iOS sandboxing and Keychain for any sensitive on-device data
  • Selection of reputable processors (RevenueCat, Meta, TikTok, Apple), all of whom maintain recognized industry security certifications such as SOC 2 or ISO/IEC 27001

No method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security. In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required, affected individuals in accordance with Articles 33 and 34 of the GDPR.

12. Your Privacy Rights

12.A. Residents of the EEA, UK, and Switzerland (GDPR / UK GDPR)

You have the following rights, subject to limitations and exceptions under applicable law:

  • Right of access (Art. 15 GDPR) — to obtain confirmation as to whether we process your data and to receive a copy.
  • Right to rectification (Art. 16 GDPR) — to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten," Art. 17 GDPR) — to request deletion of your data.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR) — to receive your data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR) — to processing based on legitimate interests, and to processing for direct marketing purposes at any time.
  • Right to withdraw consent (Art. 7(3) GDPR) at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Right not to be subject to automated decision-making (Art. 22 GDPR). We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, contact hey@getdhumb.com. We will respond without undue delay and in any event within one month of receipt of your request (extendable by two further months for complex requests, of which we will inform you).

You have the right to lodge a complaint with the Slovak Data Protection Authority (Úrad na ochranu osobných údajov Slovenskej republiky, dataprotection.gov.sk) or with the supervisory authority in your country of habitual residence, place of work, or place of the alleged infringement.

12.B. California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to know what personal information we collect, use, disclose, and "sell" or "share"
  • Right to delete personal information we have collected
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information for cross-context behavioral advertising
  • Right to limit use and disclosure of sensitive personal information (note: we do not collect sensitive personal information as defined under the CPRA)
  • Right to non-discrimination for exercising your rights

Categories of personal information we have collected in the past 12 months:

  • Identifiers (anonymous user ID; IDFA if you have permitted it via ATT)
  • Commercial information (subscription status, purchase history)
  • Internet or other electronic network activity information (in-app events)
  • Inferences drawn from the above (e.g., your self-declared usage patterns)
  • Demographic information (age range, gender — if you have disclosed it)

Categories "sold" or "shared": We do not "sell" personal information in exchange for monetary consideration. However, our sharing of identifiers and event data with Meta and TikTok for cross-context behavioral advertising may qualify as "sharing" under the CPRA.

To opt out of such sharing, select "Ask App Not to Track" when prompted, or set your iOS device to Settings → Privacy & Security → Tracking → Allow Apps to Request to Track: OFF. You may also email hey@getdhumb.com with the subject line "Do Not Sell or Share My Personal Information."

We do not knowingly sell or share the personal information of minors under 16.

12.C. Brazilian Residents (LGPD)

If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD) substantially equivalent to those described under the GDPR above, including the rights to confirmation, access, correction, anonymization, portability, deletion, and information about sharing with third parties. Contact hey@getdhumb.com to exercise these rights.

12.D. Other Jurisdictions

If you are located in another jurisdiction that grants you privacy rights — including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Hampshire, New Jersey, Quebec, or Australia — you may exercise applicable rights by contacting hey@getdhumb.com. We will respond in accordance with your local law.

13. How to Delete Your Data

You may request deletion of your data at any time by emailing hey@getdhumb.com with the subject line "Delete my data."

Because dhumb intentionally collects minimal information — we do not store your email address, full legal name, payment details, or any government-issued identifier — please include in your email the anonymous RevenueCat App User ID visible in the App's settings, so that we can locate and delete the correct user profile.

Upon a valid deletion request:

  • We will delete your user attributes from our RevenueCat instance.
  • If you also wish to cancel an active subscription, you will need to do so via your Apple ID subscription settings (we do not have control over your Apple subscription billing).
  • We will retain only such data as is required by law (e.g., tax-related transaction records, as legally mandated).

You may also delete all local data immediately by uninstalling the App from your device.

We will complete your request without undue delay, and in any event within 30 days, in accordance with applicable law.

14. Children's Privacy

The App is intended for users aged 13 and over. We do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected personal information from a child under 13, we will delete such information promptly.

For users under 16 in the European Economic Area, the United Kingdom, or other jurisdictions where the digital-consent age is above 13 (for example, Germany 16, Netherlands 16, France 15, Czech Republic 15): By using the App, you confirm that your parent or legal guardian has reviewed and consented to this Privacy Policy on your behalf, in accordance with Article 8 of the GDPR or the equivalent provision in your jurisdiction.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at hey@getdhumb.com so that we may delete that information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for operational, legal, or regulatory reasons. When we make material changes, we will update the "Last Updated" date at the top of this policy and, where appropriate, provide additional notice (such as a prominent notice within the App on first launch after the change). We encourage you to review this Privacy Policy periodically.

Your continued use of the App after the effective date of any updated Privacy Policy constitutes your acceptance of the changes.

16. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

Brainmedia, s.r.o.

9. mája 336/3, 956 11 Ludanice, Slovakia

Company ID (IČO): 47 027 282

VAT ID: SK2023703033

Email: hey@getdhumb.com

This Privacy Policy is published at https://getdhumb.com/privacy-policy/.