Privacy Policy

Last updated: 26 April 2026

This Privacy Policy explains what personal data the LOCKY mobile application ("LOCKY", "the app", "we") processes when you use it on your iPhone or Apple Watch, why we process it, and what rights you have. LOCKY is built and published by Viktar Pikulik, an individual developer based in Poland (the "Data Controller"). You can reach the Data Controller at order@anysite.website.

The short version: LOCKY does not have a server. We do not collect, transmit or store your personal data outside of your device. The full text below explains the few exceptions and the data Apple may handle on our behalf.

Scope
What data the app processes
Purposes and legal bases
Sharing with third parties
Retention
Your rights under GDPR
Children
Changes to this policy
Contact

1. Scope

This policy applies to the LOCKY iOS app, the LOCKY watchOS companion app, the LOCKY home-screen widget and this website (locky.anysite.website). It does not apply to Apple's services (App Store, iCloud, Sign in with Apple, StoreKit), which are governed by Apple's own privacy policy.

2. What data the app processes

LOCKY processes the following data, all of which stays on your device unless explicitly noted:

2.1 Location data

When you arm Distance Guard, LOCKY records the current GPS position of your device and uses it as the centre of a geofence.
While armed, LOCKY compares your current GPS position to that fixed point so that it can fire the alarm if the device is moved beyond the radius you set.
When you add a Safe Place, LOCKY stores the coordinates and radius you defined.
Location data is processed locally. It is never uploaded to a LOCKY server, because there is no LOCKY server. We do not maintain a profile of where you have been.

2.2 Motion data

In Active Guard mode, LOCKY uses iPhone motion sensors (gravity vector and accelerometer) to detect that the device has been picked up.
Motion data is read in real time and is not retained.

2.3 PIN code

Your PIN is stored in iOS Keychain (kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly). It does not leave your device, is not synchronised through iCloud and is not accessible to us.

2.4 In-app settings and event log

Your preferences (siren sound, vibration, alert thresholds, sensitivity, snooze state) are stored in the standard iOS user defaults on your device.
The event log (when guard was armed, when alarms fired) is written to local storage on your device. It does not leave your device. You can clear it from inside the app.

2.5 Subscription data

If you subscribe to LOCKY Pro, the purchase is processed by Apple via StoreKit. We never see your payment details.
The app receives the result of the transaction (whether you have an active subscription) and stores that flag locally to unlock paid features.

2.6 Apple Watch communication

The iPhone app and the Watch companion exchange messages over Apple's WatchConnectivity framework (status, snooze commands, anti-loss heartbeats). These messages are exchanged directly between paired devices and do not transit any LOCKY server.

2.7 Notifications

LOCKY uses Apple's local notifications to inform you about alarms and anti-loss events. Notifications are generated on your device.

2.8 Crash data

If you have enabled "Share with App Developers" in iOS Settings, Apple may share anonymised crash reports with us via App Store Connect. These reports do not contain personal data.

2.9 Analytics

LOCKY does not currently embed any third-party analytics, advertising or tracking SDKs.
If we ever introduce privacy-preserving analytics in the future, this policy will be updated and the change will be announced through an app update.

2.10 Website

This website is a static set of HTML pages hosted on a third-party hosting provider. The hosting provider may keep standard server logs (IP address, user agent, timestamp) for security and traffic-management purposes. We do not place any cookies, tracking pixels or analytics scripts on this website.

3. Purposes and legal bases

Where the GDPR applies (Regulation (EU) 2016/679), we rely on the following legal bases:

Performance of a contract (Art. 6(1)(b) GDPR) — to deliver the LOCKY app's functionality you have asked for: arming the alarm, monitoring location, monitoring motion, exchanging data with your Apple Watch, enforcing PIN protection, and managing your LOCKY Pro subscription.
Legitimate interest (Art. 6(1)(f) GDPR) — to keep the app stable and free of fraud, including processing anonymised crash reports provided by Apple.
Consent (Art. 6(1)(a) GDPR) — for any optional sensor permission you grant in iOS (Location, Motion, Notifications). You can revoke consent at any time in iOS Settings > LOCKY.

We do not sell, rent or trade your data. The only third parties involved in LOCKY are:

Apple Inc. — for App Store distribution, in-app purchases (StoreKit), push and local notifications, Watch connectivity and crash reports. Apple's processing is governed by Apple's own privacy policy.
Hostinger International Ltd. — the hosting provider for this website. They process basic server logs to keep the site online.

We do not transfer your data outside the European Economic Area on our own initiative. Apple may process limited data globally under its own safeguards.

5. Retention

Data stored on your device (settings, event log, PIN, Safe Places, snooze state) is kept until you delete it from inside the app or until you uninstall LOCKY.
When you uninstall the app, iOS removes its sandbox, including all of LOCKY's local data.
We do not keep server-side copies of your data, because we do not run a server.

6. Your rights under GDPR

If you are in the European Economic Area, the United Kingdom or another jurisdiction with similar law, you have the right to:

access the personal data we process about you;
request rectification or deletion;
restrict or object to processing;
data portability;
withdraw any consent at any time;
lodge a complaint with a supervisory authority. In Poland, this is the Personal Data Protection Office (Urząd Ochrony Danych Osobowych) — uodo.gov.pl.

Because LOCKY does not maintain a server-side profile, most of these requests are satisfied directly on your device: uninstalling the app or clearing it from iOS Settings > LOCKY removes all data we have about you. For anything else, contact us at order@anysite.website.

7. Children

LOCKY is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us and we will remove it.

8. Changes to this policy

We may update this Privacy Policy when the app changes or when the law requires. The "Last updated" date at the top of this page reflects the latest revision. Material changes will be communicated through an in-app notice or App Store release notes before they take effect.

9. Contact

If you have questions about this Privacy Policy or want to exercise any of the rights above, contact:

Viktar Pikulik — individual developer
Country of residence: Poland
Email: order@anysite.website