Privacy Policy

Your privacy, handled with care.

Last updated: May 11, 2026

This Privacy Policy explains how LimitX collects, uses, stores, and shares information when you use the Service.

Privacy Policy

This Privacy Policy explains how LimitX ("LimitX", "we", "us", or "our") collects, uses, stores, and shares information when you use the LimitX Android app, LimitX Browse, related protection features, subscriptions, support passes, and the LimitX parental/accountability dashboard (together, the "Service").

Developer/operator: LimitX. Android package: com.downlabs.limitx.release.

For privacy questions or data requests, contact us at support@limitx.xyz.

1. What LimitX Does

LimitX is a digital wellbeing, app blocking, website blocking, short-video/reels limiting, accountability, and parental dashboard tool. Depending on the features you enable, LimitX may use Android permissions and accessibility signals to detect protected apps, selected websites, short-video feeds, blocked keywords, selected screen elements, uninstall attempts, and usage activity so that it can apply the limits and warning screens you configure.

2. Information We Collect

We collect only the information needed to provide, secure, improve, and support the Service.

Account and Authentication Information

When you create or use an account, we may collect:

  • Email address.
  • Name or display name if you provide one.
  • Supabase authentication user ID and session information.
  • Google account profile information if you choose Google Sign-In, such as Google account email, name, profile ID, and profile picture.
  • Public username used for streaks, rankings, or accountability features.
  • Passwords are handled by our authentication provider and are not stored by LimitX in plain text.

Device and App Information

We may collect or access:

  • Android device identifiers such as Android ID, or a hashed version of the identifier for pass/cooldown enforcement.
  • Device model, manufacturer, Android version, app version, and device status.
  • Installed app package names and app labels so you can select apps to block, allow, monitor, or include in focus groups.
  • App foreground usage data, app opens, usage duration, focus sessions, and limit status.
  • Permission status, protection status, notification status, and device-admin/anti-uninstall status.
  • Crash logs and diagnostic information, including device model, Android version, timestamps, stack traces, and non-fatal error details.

Accessibility Service and Usage Data

If you enable LimitX Accessibility Services, LimitX may access on-screen information needed for protection features, including:

  • The current foreground app, package name, window changes, view IDs, and selected screen structure.
  • Text or content descriptions visible on screen for keyword protection, reels detection, view blocking, and uninstall-protection checks.
  • Website address text or website domains shown in supported browsers so LimitX can block websites, detect restricted keywords, and measure website usage.
  • Short-video feed indicators and limited text fingerprints used to count reels or detect feed changes.
  • App settings or uninstall-related screens when anti-uninstall protection is enabled.

LimitX uses Accessibility Services only to provide user-enabled protection, blocking, monitoring, warning, focus, dashboard, and accountability features. LimitX does not use Accessibility Services to record audio, take screenshots, collect contacts, collect precise location, read passwords, or collect payment card numbers. Some on-screen text may be processed temporarily to detect blocked keywords or reels. When you are signed in and sync features are active, violation events may be uploaded as described below.

Website and Browser Information

LimitX includes LimitX Browse and website protection features. Depending on your settings, we may store locally:

  • Browser history, saved tabs, bookmarks, page titles, and URLs inside LimitX Browse.
  • Website domains, browser package names, dates, and time spent on domains.
  • Blocked URL or domain events, including a shortened URL snippet when a LimitX Browse page is blocked.
  • Cookies, cache, and site storage created by the Android WebView while browsing.

Private/incognito tabs do not save normal browsing history in LimitX Browse. Clearing browsing data removes history, saved tabs, cache, and cookies from the app; bookmarks may remain unless deleted separately.

Protection, Violation, and Accountability Data

When protection features are enabled, LimitX may store locally and, if you are signed in, sync certain records to the LimitX backend:

  • Blocked keyword or rule that triggered a warning.
  • App name and app package name involved in a block or warning.
  • Detection location, such as app blocker, LimitX Browse, supported browser, or keyword blocker.
  • Action taken, such as warning, redirect, app blocked, or cooldown.
  • Cooldown duration, timestamps, streak status, restore status, reel counts, ranking metrics, and daily summary counts.
  • Pending violation events queued while offline so they can sync later.

Purchases, Subscriptions, and Support Passes

If you buy Premium, start a subscription, restore purchases, use a rewarded ad pass, or activate a Support Pass, we may process:

  • Google Play product ID, purchase token, product type, verification result, subscription status, plan type, expiration date, and audit logs.
  • User ID associated with the purchase or subscription.
  • Support Pass grant period and hashed device identifier for cooldown and abuse prevention.
  • Rewarded ad access timestamps and pass expiration times.

Payments are processed by Google Play. We do not receive your full payment card details.

Advertising and Analytics Information

Free-tier users may see ads served through Google AdMob. Google and its SDKs may collect device, advertising, app interaction, approximate location, diagnostics, and ad performance data according to Google's policies and your device settings.

LimitX also records limited in-app funnel events when you are signed in, such as login success, purchase verification, support-pass actions, and related app-version metadata. These events are used for activation diagnostics, abuse prevention, support, and product improvement.

Parental Dashboard and YouTube Connection Data

If you use the LimitX parental/accountability dashboard, we may collect and display:

  • Dashboard profile details, such as display name, relationship label, preferences, and audit events.
  • Device list, subscription status, streaks, violations, top keywords, top apps, reels counts, and report requests.
  • Report request details, such as report type, timeframe, focus area, notes, generated summaries, and recommendations.

If you connect a Google/YouTube account from the dashboard, we may collect and store:

  • Google email, Google ID, Google name, profile picture, granted scopes, authorization timestamps, and token status.
  • Encrypted Google OAuth access and refresh tokens and token hashes.
  • YouTube liked-video and subscription summaries retrieved through the YouTube Data API, including video titles, channel names, categories, limited tags, thumbnails, subscription channels, counts, and snapshot dates.

You can revoke the Google/YouTube connection from the dashboard or your Google account settings.

3. How We Use Information

We use information to:

  • Provide app blocking, website blocking, keyword blocking, reels blocking, focus mode, grayscale, mindful prompts, warning screens, widgets, and usage analytics.
  • Show your usage summaries, streaks, reels counts, rankings, reports, and accountability dashboard.
  • Sync protection alerts and status across the app and dashboard when you are signed in.
  • Verify purchases, manage subscriptions, restore access, prevent purchase fraud, and enforce pass cooldowns.
  • Serve ads to free-tier users and provide rewarded access where available.
  • Detect abuse, troubleshoot crashes, provide customer support, and improve reliability.
  • Send local notifications, reminders, pass-expiration notices, and protection status alerts.
  • Comply with legal, policy, tax, accounting, fraud-prevention, and security requirements.

We do not sell your personal information.

4. When We Share Information

We may share information with:

  • Supabase, for authentication, database hosting, backend functions, account sync, dashboard data, purchase verification records, and secure storage.
  • Google Play Billing and Google Play Developer APIs, for purchases, subscriptions, purchase tokens, product status, and verification.
  • Google AdMob and Google Play services, for advertising, rewarded ads, app-open ads, ad measurement, fraud prevention, and related diagnostics.
  • Google Sign-In and YouTube Data API, only if you choose to sign in with Google or connect YouTube-related dashboard features.
  • Service providers who host, secure, debug, analyze, or support the Service.
  • Legal, safety, or compliance authorities when required by law, to protect users, or to enforce our rights.
  • A parent, guardian, or accountability partner if the account or dashboard is configured for family/accountability monitoring.

We may also share aggregated or de-identified information that does not reasonably identify you.

5. Sensitive Permissions and Your Controls

LimitX may request the following permissions or access:

  • Accessibility Service: used to detect protected apps, website domains, keywords, selected views, reels feeds, and uninstall-related screens.
  • Usage Access: used to calculate app screen time, app opens, usage limits, and usage-based blocking.
  • Display Over Other Apps: used to show warning screens, counters, overlays, and blocking UI.
  • Notifications: used for reminders, focus timers, pass-expiration alerts, widgets, and status updates.
  • Device Admin: used only for anti-uninstall protection when you enable it.
  • Do Not Disturb access: used only for focus-related interruption reduction when you enable it.
  • Query All Packages: used to list installed apps so you can choose apps for blocking, allowing, focus groups, grayscale, and protection rules.
  • Battery optimization exemption and boot completed: used to keep protection services reliable after reboot and during background operation.
  • Internet and network state: used for sign-in, sync, ads, billing verification, dashboard access, and web browsing.

You can disable these permissions in Android Settings. Disabling a permission may stop related LimitX features from working.

6. Local Storage

Many settings and usage records are stored on your device, including:

  • App groups, focus groups, schedules, warning-screen settings, selected apps, keyword rules, view-blocking rules, grayscale groups, mindful message settings, PIN/protection settings, and ad-blocking settings.
  • Local Room database entries for focus stats, reel stats, website stats, intent logs, and scroll-pattern calibration.
  • LimitX Browse bookmarks, history, tabs, and browsing preferences.
  • Crash logs and pending sync queues.

Local data may remain on your device until you delete it, clear app data, uninstall the app, or use in-app clearing features where available.

7. Data Retention

We retain data for as long as reasonably needed to provide the Service, maintain your account, comply with legal obligations, resolve disputes, prevent abuse, and enforce our agreements.

General retention practices:

  • Local settings and device data remain until deleted by you, cleared from Android app storage, or removed by uninstalling the app.
  • Account, dashboard, subscription, purchase verification, streak, violation, and report data are retained while your account is active.
  • Billing and fraud-prevention records may be kept longer where required for accounting, tax, legal, security, or platform-compliance reasons.
  • Google/YouTube tokens are removed or invalidated when you revoke the connection, although historical dashboard summaries or audit records may remain where legally or operationally required.

To request deletion of account data, contact support@limitx.xyz. We may need to verify your identity before completing a request.

8. Security

We use reasonable technical and organizational safeguards designed to protect information, including HTTPS in transit, authenticated backend access, database access controls, row-level security where configured, encrypted OAuth token storage for Google connections, hashed device identifiers for some cooldown systems, and local Android storage controls.

No system is perfectly secure. You are responsible for keeping your device, Google account, and LimitX account credentials safe.

9. Your Choices and Rights

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information.

You can:

  • Sign out of LimitX to stop account-based sync.
  • Disable Accessibility Service, Usage Access, overlay, notification, device-admin, and other permissions in Android Settings.
  • Clear LimitX Browse data in the app.
  • Revoke Google/YouTube access from the dashboard or your Google account.
  • Cancel subscriptions through Google Play.
  • Contact support@limitx.xyz to request account deletion, data access, or correction.

Some data may be retained where required for security, billing, legal compliance, or dispute resolution.

10. Children and Family Use

LimitX can be used by parents, guardians, or accountability partners to support safer device use. If the Service is used for a child or minor, the parent or guardian is responsible for obtaining any required consent and configuring the Service lawfully.

Children should not create accounts or connect Google/YouTube accounts without parent or guardian permission where required by law. If you believe a child provided personal information without appropriate consent, contact support@limitx.xyz.

11. Third-Party Services

Third-party services have their own privacy terms. Relevant services may include:

Your use of third-party services may also be governed by your Google account settings, Android settings, Google Play settings, and the third party's policies.

12. International Processing

Your information may be processed in countries other than your country of residence. Where required, we rely on appropriate safeguards for international transfers.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date shows when it was last revised. If changes are material, we may provide notice in the app, dashboard, website, or by another reasonable method.

14. Contact

For privacy questions, support, or data requests, contact support@limitx.xyz.