Privacy Policy

Last updated: 2026-05-17

This Privacy Policy explains how We Are So Back Ltd (“we”, “us”), a company registered in the Republic of Cyprus, handles information when you use Daily Design Challenge (the “App”).

TL;DR

• No accounts, no sign-up.
• We do not run third-party analytics, advertising, or tracking SDKs.
• Your onboarding answers and progress stay on your device.
• Subscription billing is handled by Apple. RevenueCat helps us verify it. Neither receives your name or email from us.
• We do not sell or share personal information.

Who we are

We Are So Back Ltd, Cyprus. Contact: wearesobackltd@gmail.com.

We are the data controller for any personal data processed via the App. We have not appointed a Data Protection Officer because we do not meet the thresholds in GDPR Article 37.

Information we collect today

Stored only on your device (we never see it):

• Your onboarding answers (in iOS UserDefaults).
• Your challenge progress, streaks, and preferences (via SwiftData).

Sent off-device when you use the App:

• Subscription data. When you subscribe, restore, or open the App with an active subscription, Apple receives your Apple ID and payment information (we do not), and RevenueCat receives a randomly generated anonymous App User ID, your subscription status, and basic device identifiers provided by Apple’s servers.
• Server request data. When the App fetches content (challenges, videos, profiles, thumbnails, app icons), our backend and the third-party CDNs listed below receive standard request data including your IP address.

That is the full list. The App contains no sign-in, no profiles, no analytics SDKs, no crash-reporting SDKs, no ad networks, and no tracking technologies.

Information we may collect in the future

We may, in the future, introduce privacy-respecting diagnostic or aggregate analytics (for example, Apple’s MetricKit, anonymous crash reporting, or a first-party privacy-preserving analytics provider) to help us improve stability and usability. If we do:

1. We will update this Policy with the provider name, the data they receive, and the legal basis.
2. We will post the update at least 30 days before it takes effect.
3. Where consent is required by law (GDPR / UK GDPR / similar), we will request your consent in-app before enabling any non-essential collection.

This forward-looking statement is here so you know what to expect. Today’s Policy still describes today’s behaviour.

How we use information

• To provide the App: verify your subscription, deliver content, restore purchases.
• To protect the App: prevent fraud and abuse (e.g. rate-limit our backend).
• To comply with our legal obligations (tax records for subscription transactions).

Legal bases under the GDPR

Where the GDPR applies, we rely on:

• Contractual necessity (Art. 6(1)(b)) for subscription management, content delivery, and restore purchases.
• Legitimate interests (Art. 6(1)(f)) for fraud prevention, security, and operating our backend. You may object to this processing at any time.
• Consent (Art. 6(1)(a)) for any non-essential analytics or tracking we add in the future.

Third-party services and subprocessors

International transfers

Some service providers are located outside the EEA, including in the United States (Apple, RevenueCat). Transfers of personal data outside the EEA are made under the European Commission’s Standard Contractual Clauses and/or the EU-US Data Privacy Framework where the provider is certified.

Data retention

We do not maintain user accounts or store personal information about you on our own servers. Where third parties retain data on our behalf:

• Apple and RevenueCat keep subscription and transaction records for the lifetime of your subscription plus the period required by accounting and tax law (typically seven years under Cypriot / EU law).

You can delete all device-side data by uninstalling the App.

Your rights — GDPR (EU / EEA / UK / Switzerland)

You have the right to:

• access the personal data we hold about you;
• have it rectified or erased;
• restrict or object to processing;
• portability;
• withdraw consent at any time, where consent was the legal basis;
• lodge a complaint with your supervisory authority. In Cyprus this is the Office of the Commissioner for Personal Data Protection.

To exercise any right, email wearesobackltd@gmail.com. We respond within 30 days.

Your rights — California (CCPA / CPRA)

If you are a California resident:

• Categories of personal information collected in the last 12 months: identifiers (the anonymous App User ID used to verify your subscription) and commercial information (your subscription status).
• Categories sold or shared: None. We do not sell or share personal information as defined under the CCPA, and we have not done so in the preceding 12 months. We do not engage in cross-context behavioural advertising.
• Your rights: to know, delete, correct, and non-discrimination. To exercise, email wearesobackltd@gmail.com.

Children’s privacy

The App is rated 4+ and is not directed at children under 13 (or under 16 in the EEA / UK). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

Security

All network requests use HTTPS. Because we hold no personal data on our own servers, there is no centralised user dataset on our side. Our service providers maintain their own security programmes and certifications.

Changes to this Policy

We may update this Policy. For material changes, we will give you at least 30 days’ notice in the App and update the “Last updated” date at the top. Material changes include new categories of data, new service providers, or new purposes of use. Non-material changes (clarifications, typo fixes) take effect when posted.

The full revision history of this Policy is public in the Git history of the page source.

Contact

We Are So Back Ltd Cyprus wearesobackltd@gmail.com