Privacy Policy
Last updated June 19, 2026
In short
Footing keeps your most personal data — your written reflections, your check-in answers, and anything derived from them — on your device. It is never sent to us. We collect the minimum needed to run the app, sync your progress, process your subscription, and know it’s working. We don’t show you ads, and we never sell your personal information. To measure whether our own ads help people discover Footing, we use one advertising-attribution tool (TikTok) — but only if you allow tracking when we ask. If you decline, nothing is shared with it.
This Privacy Policy explains what information the Footing iOS app (“the App”) and the Footing website (“the Site”) collect, how it is used, who it is shared with, how long it is kept, and the choices and rights you have. It applies to everyone who uses Footing.
1. Who we are (the data controller)
Footing is operated by Sknowfield LLC, doing business as “Footing”(“Footing”, “we”, “us”, or “our”). We are the data controller responsible for your personal information.
If you have any question about this policy or your data, or wish to exercise any of the rights described below, contact us at support@footing.day.
2. What Footing is (and why our privacy posture is what it is)
Footing is a 90-day guided program for people navigating job loss and the identity disruption that follows. Because the experience touches on a sensitive time in someone’s life, we designed the App so that the most sensitive information never leaves your device. See section 4 — this is a core, verifiable feature of the App, not a promise we ask you to take on faith.
The App is intended for users aged 16 and over (see section 12).
3. Information we collect
We collect only the categories below.
Account identifier
When you first open the App, we create an anonymous account so your progress can be saved and synced across devices. This account is identified by a random internal user ID. You can later choose to link the account to your Apple ID using Sign in with Apple — the underlying identifier stays the same, so linking is about recovery and continuity, not a new profile.
Email address (optional)
If — and only if — you choose to link your account with Sign in with Apple, we receive your email address. We request the email scope only; we do not receive your name. This may be an Apple “Hide My Email” relay address rather than your real inbox, depending on your choice. We use this email solely as a durable account identity so you can recover your account (for example after reinstalling). We do not send you marketing email. If you never link, we hold no email for you.
Subscription state
We use Apple’s in-app purchase system and a subscription-management provider (RevenueCat) to know whether you have an active trial or subscription. We see your entitlement state and purchase history (product, trial/renewal/expiry, whether the subscription is active). We never see your card number or payment details — Apple processes all payments.
Journey and usage data
As you move through the 90-day program, we store your progress so it survives device changes and so we can understand whether the App is working: your current day, start date, streak, which daily tasks you engaged with or completed or skipped, track selection and any track switches, and the minimal structured responses some tasks ask for (for example a number, a short list, or a checklist). We also record explicit, named product-analytics events (for example “task completed”) — never the contents of what you write, and never automatic screen recording or session replay.
Device identifier
Our analytics and subscription providers automatically generate a device identifierto attribute events and validate subscription receipts. The App’s own code does not collect these identifiers. Separately, ifyou allow tracking (see “Advertising measurement” below), our advertising-attribution tool reads your device’s advertising identifier (IDFA); if you decline, it is never read.
Advertising measurement (only if you allow tracking)
We run ads on TikTok to help people discover Footing, and we want to know whether those ads actually work. To measure this, the App includes the TikTok Business SDK. The first time it matters, iOS shows you a standard App Tracking Transparency prompt asking whether Footing may track you.
- If you allow tracking:the SDK reads your device’s advertising identifier (IDFA) and shares it with TikTok, along with a small, fixed set of conversion events — that you installed the App, finished onboarding, started a trial, subscribed, and reached day 7. These let TikTok match an ad you saw to an action you took. Nothing else is shared — no journaling, no check-in answers, no onboarding details, no task content.
- If you decline (or skip):no advertising identifier is read, and TikTok receives only Apple’s SKAdNetwork measurement — an aggregate, privacy-preserving signal that contains no identifier for you.
This is the only part of Footing that involves tracking, and it is off unless you opt in. You can change your mind at any time in iOS Settings → Privacy & Security → Tracking.
Diagnostic / crash data
If the App crashes, our crash-reporting provider (Sentry) sends us an anonymous crash report (stack trace, operating system, device model) so we can fix the problem. Crash reporting is configured to attach no personal information — no IP address, no user identity — and collects no performance or behavioral tracing. Crash reporting is active only in published production builds.
Onboarding and preference information
During onboarding you provide some life-circumstance and preference information that tailors the program — for example how recently your job loss occurred, which recovery track fits you, your field and experience level, your preferred reminder time and days, and your pacing preference. This is stored to deliver and personalize the App. It is not a medical record, and nothing clinically derived is stored here (see section 4).
Server logs
Our backend (Supabase) keeps standard server request logs, which include an IP address as transient request metadata for security and abuse prevention. This is a server log line; it is not stored against your account, and we do not use it to derive your location. Our analytics provider has IP-based location lookup disabled, so we do not collect your location.
4. What we deliberately don’t collect
The following is created or entered on your device and is never transmitted to us or to anyone else — by design:
- Your written reflections / journaling. Footing’s open-journaling tasks deep-link into your own iOS Notes, Apple Journal, Day One, or another app you choose. What you write there is yours alone. Footing stores it nowhere — we never see it and never receive it.
- Your check-in (PHQ-2) answers and score, and the gentle-pacing setting derived from them. These stay on your device only. Nothing derived from your check-in is ever synced to our servers.
- Your emotional-state selections during onboarding.
- Your structured task answers (numbers, lists, checklists) — these live on your device and are not synced.
We also do not collect or access any of the following:
- No microphone, camera, or photo-library access.
- No contacts, no precise or coarse location, no health-data access.
- Nothing on this list, and nothing else derived from your reflections or check-ins, is ever shared with our advertising-attribution tool. The only data TikTok can receive is the advertising identifier and the five conversion events described in section 3 — and only if you allow tracking.
We do not sell or rentyour personal information, and we do not use it for advertising beyond the opt-in attribution measurement described in section 3. The one case in which we “share” information for advertising — in the specific sense California law uses — is the TikTok attribution flow above, which happens only with your consent and which you can turn off at any time (see sections 8 and 10).
5. How we use your information
We use your information only for the purposes below, and not for automated decision-making that produces legal or similarly significant effects about you.
- Provide the App— show today’s step, calculate your streak, sync across devices (legal basis: performance of a contract).
- Maintain and recover your account (legal basis: performance of a contract).
- Process and restore your subscription (legal basis: performance of a contract).
- Understand whether the App works and improve it via anonymous analytics (legal basis: legitimate interests).
- Diagnose and fix crashes (legal basis: legitimate interests).
- Keep the service secure and prevent abuse (legal basis: legitimate interests).
- Measure whether our ads help people discover Footing (only if you allow tracking) — using your advertising identifier (IDFA) and conversion events (legal basis: consent, via your App Tracking Transparency choice).
6. Who we share information with
We use a small number of trusted service providers to run Footing. The processors below handle data only on our instructions and are bound by a data processing agreement. TikTok is different: when you allow tracking, it receives advertising data as an independent controller for ad measurement, so this is a “share” rather than processing-on-our-behalf.
- Supabase— hosting, database, and authentication (receives your account identifier, email if linked, journey & onboarding data, and server logs).
- RevenueCat— subscription entitlement and restore (receives account & device identifiers and purchase history).
- PostHog— anonymous product analytics (receives account & device identifiers and product-interaction events; no location).
- Sentry — crash diagnostics (receives anonymous crash data and a device identifier; no IP, no identity).
- TikTok (ByteDance) — only if you allow tracking— measuring and optimizing our ads (receives your advertising identifier and five conversion events: install, onboarding complete, trial start, subscribe, and day 7). This is an independent controller, and this is a “share.”
- Apple — Sign in with Apple — account identity and recovery (receives your optional email, which may be a relay address).
- Apple — App Store / in-app purchases — payment processing (we never receive your card details).
- Apple — SKAdNetwork — privacy-preserving ad measurement (receives an aggregate attribution signal with no identifier for you, including when you decline tracking).
We may also disclose information if required by law, to enforce our terms, or to protect the rights, safety, and security of our users or the public.
7. How long we keep data
- Account, journey, onboarding, and email data (Supabase): kept while your account exists. When you delete your account, this data is permanently deleted immediately, and all related records (journey, day logs, track switches) are erased automatically by cascade.
- Crash data (Sentry): automatically ages out (approximately 90 days by default) and carries no user identity.
- Product-analytics events (PostHog): retained according to our analytics retention configuration.
- Subscription / purchase history (RevenueCat and Apple): retained as needed for financial and transaction records.
- Advertising-attribution data (TikTok): if you allowed tracking, the advertising identifier and conversion events are retained by TikTok under its own data-retention practices for ad measurement.
Important limitation on deletion. When you delete your account in the App, the deletion is performed on our primary backend (Supabase) and is complete and immediate there. At this time, our analytics provider (PostHog), subscription provider (RevenueCat), and — if you allowed tracking — our advertising-attribution tool (TikTok) may retain previously collected records keyed to your old account or device identifier, because deletion does not automatically propagate to them. This data is not personally identifying on its own (we do not store your name, and your most sensitive data never reached these providers). If you would like us to also request deletion at these providers, email support@footing.day and we will do so.
8. Your choices in the App
Within the App you can:
- Delete your account at any time (Settings → Delete account). This permanently and immediately erases your journey data on our backend, wipes the on-device data, and starts you fresh. Deleting your account does not cancel a paid subscription.
- Manage or cancel your subscription through your Apple ID (Settings → Manage subscription). Apple — not Footing — handles cancellations and refunds. If you cancel, you keep access until the end of the period you have already paid for.
- Restore purchases and link your account to Sign in with Apple for recovery.
- Allow or refuse ad tracking.When iOS shows the App Tracking Transparency prompt, choosing “Ask App Not to Track” stops the advertising identifier from ever being read or shared with TikTok. You can change this at any time in iOS Settings → Privacy & Security → Tracking (turn it off for Footing, or turn off “Allow Apps to Request to Track” entirely).
Footing does not currently offer an in-app data-export button or an in-app analytics opt-out toggle. To request a copy of your data, or to object to analytics processing, email us at support@footing.day (see sections 9 and 10) and we will handle it manually.
9. Your rights (GDPR / UK GDPR)
If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your data — you can do this yourself in the App via Delete account, or by emailing us.
- Restrict or object to processing carried out on the basis of our legitimate interests, including analytics.
- Data portability — receive your data in a structured, machine-readable format.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with your local data protection supervisory authority.
To exercise any of these rights, email support@footing.day. We will respond within one month, as required by law (extendable by two further months for complex requests, in which case we will tell you). We will not charge you or treat you differently for exercising your rights.
10. Your rights (California — CCPA / CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose.
- Delete the personal information we hold about you.
- Correct inaccurate personal information.
- Opt out of the sale or sharing of your personal information. We do not sell your personal information.We do “share” your advertising identifier and a small set of conversion events with TikTok for cross-context behavioral advertising (measuring our ads) — but only if you allow tracking, and you can stop it at any time. To opt out, decline the App Tracking Transparency prompt or turn tracking off for Footing in iOS Settings → Privacy & Security → Tracking. If you never allow tracking, no such sharing occurs.
- Limit the use of sensitive personal information — we do not collect sensitive personal information on our servers (see section 4).
- Non-discrimination for exercising any of these rights.
To make a request, email support@footing.day. We will respond within 45 days (extendable by an additional 45 days where permitted). We may need to verify your identity before fulfilling a request.
11. International data transfers
Footing’s backend data is stored in the United States (Supabase, US region). If you access the App from outside the United States, your information will be transferred to and processed in the United States. Where we transfer personal data of EEA, UK, or Swiss users to the United States, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, implemented through our processors’ data processing agreements.
12. Children
Footing is intended for users aged 16 and over and is not directed to children. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact support@footing.day and we will delete it.
13. Security
We protect your information using industry-standard measures, including:
- Encryption in transit (TLS) and encryption at rest on our backend.
- Row-level security on every database table, scoping each record to its owner so users cannot access one another’s data.
- No passwords to leak — authentication uses an anonymous session at launch and optional Sign in with Apple, not passwords you create.
- Sensitive on-device data stored in the device’s secure storage.
No method of transmission or storage is completely secure, but we work to protect your information and to honor the on-device-only design described in section 4.
14. Changes to this policy
We’ll update this page when our practices change, and we’ll revise the “Last updated” date at the top. Material changes will also be surfaced in the App.
15. Contact
Questions, requests, or feedback about your privacy? Email support@footing.day. For general help with the App, see our Support page.