← Back

Privacy Policy

Make Me ("Make Me," "we," "us") is an iPhone app published by Make Me ("the company"). This Privacy Policy describes what data the app handles, where that data lives, and what choices you have. It applies to the Make Me iOS app and the marketing pages at trymakeme.app.

Make Me is built around a single design principle: the data the app needs lives on your device. We do not run an analytics pipeline, we do not track you across apps or websites, and we do not sell your data. The app shows non-personalized ads in one optional place (described in §4) — we do not share your activity, identity, or device identifier with advertising networks for behavioral targeting.

1. Quick summary

• Your minute balance, exercise history, blocked-app selection, and settings live on your device.
• Camera frames used to count pushups and squats are processed entirely on-device with Apple's Vision framework. They are not recorded, stored, or transmitted.
• We use RevenueCat for subscription management. They receive a stable opaque identifier (your CloudKit user record name — not your Apple ID, name, or email) and your subscription state.
• One optional surface in the app shows a rewarded ad from Google AdMob. We do not request App Tracking Transparency, so your IDFA stays zero and the ads are non-personalized — AdMob does not receive a stable identifier it can use to track you.
• We do not embed any analytics, attribution, or behavioral-tracking SDK. No Firebase, no Mixpanel, no Amplitude, no Sentry, no AppsFlyer, no Branch, no Adjust.
• Crash reports come to us anonymously through Apple, only if you opted in to share crash data with developers in iOS Settings.
• Two optional features (bed-workout image analysis and a speech-input form) call OpenAI's API on your behalf — only when you use those features.
• You can delete everything by deleting the app.

2. Data that stays on your device

The following data is stored locally in the app's sandbox and, if you choose to enable it, in your personal iCloud private database. We never see it:

• Your minute balance and any surplus or deficit.
• Your exercise history (rep counts, dates, the type of exercise selected).
• Your daily target and conversion-rate settings.
• Your selection of apps to restrict (stored as opaque tokens issued by Apple's Family Controls framework — see §8).
• Your streak and any other behavioral metadata the app derives locally to render charts and history.

3. Data we receive

We receive a small, narrowly-scoped set of data from third parties who help us run the app. We never sell this data and we do not use it for advertising.

Subscription state

When you start a subscription, the transaction goes through Apple. We use RevenueCat, Inc. as a subscription management platform to receive the resulting entitlement. We pass RevenueCat a stable opaque identifier — your CloudKit user record name, an Apple-issued string scoped to this app's iCloud container — so your subscription persists across reinstalls and across your devices signed in to the same Apple ID. RevenueCat then records purchase events, the product purchased, the active entitlement, and the current renewal status against that identifier. The identifier is not your Apple ID, name, email, or device identifier, and Apple does not give us those. RevenueCat's privacy policy is at revenuecat.com/privacy.

Optional OpenAI features

Two optional, user-initiated features call OpenAI's API on your behalf:

• Bed-workout image analysis — if you choose the bed workout, you can submit a photo of your bed for OpenAI to score. The image is sent to OpenAI's API for analysis and not stored by us.
• Speech-input form filler — if you use the voice form-fill feature, your spoken text is sent to OpenAI for processing.

You only invoke these endpoints by actively using those features. OpenAI's API privacy and retention terms apply to those calls — see openai.com/policies/api-data-usage-policies. OpenAI states that data submitted via the API is not used to train their models by default.

Crash reports

If you opted in to share crash reports with developers (iOS Settings → Privacy & Security → Analytics & Improvements → Share with App Developers), Apple may forward us an anonymous, aggregated crash log when the app crashes. These contain stack traces, OS and device model, and the app version. They do not contain your data, your balance, or your activity.

Email correspondence

If you contact us at support@trymakeme.app, we receive whatever you send us — your email address, the contents of your message, and any attachments. We retain this only as long as needed to respond.

4. Third-party services

Make Me integrates with the following third parties. Each is scoped to a specific function:

• Apple (App Store, Family Controls, HealthKit, iCloud / CloudKit, StoreKit, push notifications) — the platform vendor. Apple's privacy policy applies to platform-level behavior.
• RevenueCat, Inc. (subscription state) — see §3.
• Google AdMob (Google LLC) — serves the optional rewarded ad surface. See §5 for how this is configured.
• OpenAI, L.L.C. — invoked only when you use the optional bed-workout image analysis or the speech form-fill feature. See §3.

We do not embed any analytics, attribution, or behavioral-tracking SDK. There is no Firebase, no Mixpanel, no Amplitude, no Segment, no PostHog, no Sentry, no AppsFlyer, no Branch, no Adjust, and no third-party crash-reporting SDK beyond Apple's own.

5. Advertising

Make Me shows ads in one optional surface: a rewarded ad you can choose to watch in exchange for a small in-app benefit. You are never forced to watch an ad to use the app's core features.

The ads are served by Google AdMob and are configured to be non-personalized. Specifically:

• We do not request App Tracking Transparency. Because we do not request the permission, iOS reports your IDFA (advertising identifier) to AdMob as all-zeros, and AdMob serves only contextual, non-personalized ads.
• We do not pass any user identifier, email, or behavioral signal to AdMob.
• We do not use AdMob audiences, conversion tracking, or remarketing.
• The app does include the SKAdNetwork identifiers for AdMob's network — this is Apple's privacy-preserving install-attribution mechanism (no IDFA, no user-level data) and is required by AdMob's SDK.

AdMob may still process limited information to serve the ad and prevent fraud — for example, your coarse IP address, the ad-unit ID, the app and OS version, and a non-unique session signal. This processing is governed by Google's policies for non-personalized ads: support.google.com/admob/answer/7676680.

If we ever change this — for example, by enabling personalized ads or adding additional ad placements — we will update the policy before the change ships and will request the appropriate permission in the app.

6. Permissions the app requests

Each iOS permission is requested only when the corresponding feature is used:

• Screen Time / Family Controls — required, so the app can shield your selected apps when your balance hits zero.
• Camera — optional, only if you choose pushups or squats and want automatic rep counting, or if you want to submit a photo for the bed-workout assessment.
• HealthKit (read-only) — optional, only if you choose a fitness-based earning mode. Make Me reads steps, walking/running distance, active energy burned, and heart rate. See §7.
• Microphone & speech recognition — optional, only if you use the voice form-fill feature. See §3.
• Notifications — optional, for low-balance reminders, streak nudges, and routine check-ins.
• iCloud — implicit, governed by your device's iCloud settings. If iCloud is signed in, Make Me writes to your private iCloud database (see §10).

App Tracking Transparency (the "Allow [App] to track your activity?" prompt) is not requested. Your IDFA stays at all-zeros from this app's perspective.

You can revoke any permission at any time in iOS Settings. Revoking Screen Time access will disable the app's core function.

7. HealthKit data

If you grant HealthKit access, Make Me reads — depending on which earning mode you've selected — your step count, walking/running distance, active energy burned, and heart rate, scoped to the relevant time window for computing minutes earned. We do not write any data back to HealthKit, and we do not transmit HealthKit data off your device, in conformance with Apple's HealthKit terms.

8. Screen Time data

When you choose apps to restrict, Apple's Family Controls framework returns opaque tokens that represent your selection. We can store and pass these tokens back to the system, but we cannot inspect them — we do not see app names, bundle identifiers, icons, or your usage history. The tokens are stored in the app's sandbox and your private iCloud container so your selection persists across devices.

9. Camera data

Pushup and squat counting uses the device's front camera together with Apple's on-device Vision framework for human-body-pose detection. Only joint coordinates (a small set of x/y points and confidences) are extracted from each frame; the model emits a single rep count when a complete movement is detected. No frames are recorded, stored, or transmitted. The camera turns off when you leave the rep-counting screen. You can also enter reps manually if you'd rather not use the camera.

The optional bed-workout feature is the only place where a captured image leaves the device, and only because you submit one for assessment. That image is sent to OpenAI for analysis (see §3) and is not retained by us.

10. iCloud sync

Make Me uses CloudKit to sync your local data to your private iCloud database, scoped to the container iCloud.hang3r.nudge. This is your iCloud, not ours — Apple holds and encrypts the data, and we cannot read it. The sync is what lets your balance and history move with you between devices signed in to the same Apple ID. CloudKit also gives the app a stable opaque "user record name" that we use as your internal identifier (passed to RevenueCat as described in §3).

11. Retention & deletion

On-device data persists until you delete it or delete the app. Deleting the app removes the local sandbox; if you also want to remove the iCloud copy, sign out of iCloud or remove Make Me under Settings → Apple ID → iCloud → Manage Storage.

Subscription records held by RevenueCat persist according to RevenueCat's retention rules. To request deletion, email us with your install's identifier (visible in the app under Settings → About → Diagnostics) and we will arrange deletion with RevenueCat.

OpenAI processes API requests under their API data-usage policy; see openai.com/policies/api-data-usage-policies. Google AdMob processes ad-serving signals under Google's policies; see policies.google.com/technologies/partner-sites.

Email correspondence is retained only as long as needed to resolve your inquiry, generally no more than 24 months.

12. Children's privacy

Make Me is rated 4+ on the App Store but is not directed at children under 13, and we do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions that apply that threshold). The app does not show personalized advertising and does not share behavioral data with advertising networks; the rewarded-ad surface described in §5 is non-personalized and does not use a stable advertising identifier. If you believe a child has created a record with us in error, please contact support@trymakeme.app.

13. California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended, gives you certain rights:

• Right to know what personal information we have about you. As described above, what we hold off-device is limited to your CloudKit-derived opaque identifier and your subscription state held by RevenueCat. Data sent to OpenAI or AdMob, where applicable, is described in §3 and §5.
• Right to delete personal information. See §11.
• Right to correct inaccurate personal information.
• Right to non-discrimination for exercising your rights.
• Right to opt out of sale or sharing of personal information. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. The rewarded ads we serve are non-personalized (see §5).

To exercise any of these rights, email privacy@trymakeme.app. We may need to verify your request by asking you to confirm details only the account holder would know.

14. EEA, UK, and Switzerland (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the GDPR (or UK GDPR / Swiss FADP equivalent) gives you rights of access, rectification, erasure, restriction of processing, data portability, and objection. To exercise these rights, contact privacy@trymakeme.app.

Legal basis. We rely on (a) contract for processing necessary to deliver the subscription you purchased; (b) legitimate interest for diagnosing crashes, securing the app, and serving non-personalized ads; and (c) consent for any optional features that you turn on (notifications, HealthKit, camera, microphone, OpenAI-assisted features).

International transfers. Our subscription processor (RevenueCat), the ad provider (Google), and OpenAI are based in the United States. Where personal data is transferred outside the EEA, UK, or Switzerland, we rely on appropriate safeguards including Standard Contractual Clauses.

Complaints. You have the right to lodge a complaint with your local data protection authority.

15. Security

Local data is stored within the app's sandbox using iOS file protection. iCloud sync is encrypted in transit and at rest by Apple. We use TLS for any network requests Make Me makes. No system is perfectly secure; if you become aware of a vulnerability, please email security@trymakeme.app.

16. Changes to this policy

If we make material changes to this policy, we will update the "Effective" date above and surface a notice in the app on the next launch. Continued use of Make Me after a change indicates acceptance of the revised policy.

17. Contact

Questions about this policy or your data:

• General: support@trymakeme.app
• Privacy requests: privacy@trymakeme.app
• Security disclosures: security@trymakeme.app