🔒 ScreenBreak — Privacy Policy

Last updated: May 2026 · Version 2.1

1. Data Controller

2. What data does ScreenBreak collect?

ScreenBreak is built around the principle of data minimization. Virtually all data stays on your device.

Stored locally on your device

• Usage time of monitored apps (minutes per day)
• Workout statistics (number and type of exercises)
• Settings (selected apps, time limits, mode)
• PIN (stored in encrypted form, only in Family Protection mode)
• 7-day history of usage statistics
• Optional: e-mail address for PIN recovery (stored locally only)

Transmitted to external servers

Data leaves your device in one single case only:

Processed but NOT stored

For the blocking feature and the dashboard to work, the app must briefly process the following information in memory:

• Foreground app: Detected in real time to enforce time limits. Only the package name (e.g. com.instagram.android) is read — never app content.
• Browser URLs (domain only): When browser-bypass protection is enabled, the domain of the currently visited page (e.g. youtube.com) is read in real time to enforce the block. URLs are not logged, stored, or transmitted.

Data NOT collected

• No location data
• No contacts or call logs
• No content of monitored apps (messages, photos, videos, input)
• No browsing history and no full URLs
• No keystrokes
• No analytics, no crash reporting, no trackers
• No advertising IDs
• No sharing with third parties (except the services described in section 7)

3. Legal basis for processing

Processing of your data is based on the following legal grounds under the Swiss Federal Act on Data Protection (revFADP) and the EU General Data Protection Regulation (GDPR):

• Local data processing (app blocking, dashboard, workouts): Performance of the user agreement — Art. 6(1)(b) GDPR. The app cannot deliver its core functionality without this processing.
• PIN recovery by e-mail: Consent — Art. 6(1)(a) GDPR. You actively trigger this process and can cancel it at any time.
• PRO subscription handling: Performance of a contract between you and Google Play — Art. 6(1)(b) GDPR. Payment data is processed exclusively by Google, not by ScreenBreak.

4. Accessibility Service

ScreenBreak relies on the Android Accessibility Service as its core technology. It is used exclusively for the following purposes:

• Foreground-app detection: Determining which app is currently in the foreground, in order to count usage time and enforce time limits.
• Browser URL detection: Detecting the domain in supported browsers (Chrome, Samsung Internet) to prevent browser bypass when a blocked app is also accessible via the web (e.g. youtube.com).

The Accessibility Service is not used to:

• Read, store, or transmit screen content
• Record keystrokes
• Collect or forward personal data
• Perform actions on behalf of the user
• Enable advertising or tracking

You can disable the Accessibility Service at any time in your Android settings. The app will then no longer function.

5. Other permissions

ScreenBreak uses the following additional Android permissions, strictly for the purposes listed:

• PACKAGE_USAGE_STATS (Usage Access): Provided by the Android system to populate the dashboard with daily usage data. Data does not leave the device.
• SYSTEM_ALERT_WINDOW (Display over other apps): Used to display the block overlay on top of the blocked app.
• FOREGROUND_SERVICE: Keeps the blocking service reliably active even when the system terminates background processes.
• RECEIVE_BOOT_COMPLETED: Restarts the blocking service automatically after a device reboot.
• BIND_DEVICE_ADMIN (Device Admin, optional): Can be enabled only in Family Protection mode. Prevents uninstallation of the app without the PIN. No other Device Admin capabilities are used.
• com.android.vending.BILLING (Google Play Billing): Used exclusively for the optional PRO subscription processed via Google Play. Payment data is processed entirely by Google — ScreenBreak has no access to it.
• INTERNET: Required only when you actively use PIN recovery and for Google Play Billing queries. Not used for analytics or tracking.

6. Data storage and retention

All local data is stored in the Android system's SharedPreferences and is accessible only to the app itself. No cloud backups of usage data are created.

Retention periods:

• Local data: Retained until you actively delete it (via app settings) or uninstall the app. Uninstalling the app permanently removes all data.
• E-mail address for PIN recovery: The Cloud Function does not store your e-mail address in any database. It is used only to send the reset e-mail via Gmail SMTP and is then discarded. In error cases (e.g. an invalid address), the e-mail address may appear in Google Cloud Logging's technical system logs for up to 30 days, after which it is automatically deleted.
• Sent e-mails: A copy of the reset e-mail remains in the sender mailbox (hosted by Google Mail) in accordance with Gmail's standard retention policies.
• Usage history: Maximum of 7 days retroactively; older entries are automatically replaced by new ones.

7. Third-party services and data transfer to the USA

Firebase Cloud Functions (Google LLC)

For PIN recovery, we use a Firebase Cloud Function provided by Google. When you actively trigger this feature:

• Your e-mail address is transmitted to the Cloud Function
• The Cloud Function runs in the us-central1 region (Iowa, USA)
• This means: your e-mail address is temporarily transferred to and processed in the USA
• Google is certified as a recipient under the EU–US Data Privacy Framework
• Legal basis: your consent (Art. 6(1)(a), Art. 49(1)(a) GDPR)

Gmail SMTP (Google LLC)

The actual e-mail delivery is handled via Gmail SMTP. This means:

• Your e-mail address is passed from the Cloud Function to Gmail SMTP so that the reset e-mail can be delivered
• Google acts as the e-mail provider, comparable to any other mail-sending service
• Delivery is handled by Google's mail infrastructure in the USA
• Legal basis: your consent (Art. 6(1)(a) GDPR)

Google's Privacy Policy applies in addition.

Google Play Billing (Google LLC)

The optional PRO subscription is processed via Google Play Billing. Payment and account data is handled exclusively by Google; ScreenBreak has no access to your payment methods. Google's Privacy Policy applies.

8. Children and Family Protection

ScreenBreak is intended for users aged 13 and over. The app is not designed for children under 13.

In Family Protection mode, ScreenBreak allows parents to manage their children's screen time. In this mode:

• No additional personal data about the child is collected
• All data is stored locally on the device
• Only the PIN holder (the parent) has access to the settings

Responsibility for age-appropriate configuration and for safeguarding children's privacy lies with the parents or legal guardians.

9. Your rights

Under Swiss revFADP and EU GDPR, you have the following rights:

• Access to the data processed about you
• Rectification of inaccurate data
• Erasure of your data (can be done at any time by uninstalling the app)
• Restriction of processing
• Data portability
• Withdrawal of consent with effect for the future
• Objection to the processing

In practice, you can at any time:

• Uninstall the app — this removes all local data
• Disable the Accessibility Service in your Android settings
• Disable Device Admin (if active) in your Android settings
• Request information by contacting romanscreenbreak@gmail.com

10. Changes to this Privacy Policy

We reserve the right to adapt this Privacy Policy in response to feature changes or legal requirements. For material changes, we will notify you within the app. The current version is always available at this URL.

11. Contact and right to lodge a complaint

For data protection inquiries or to exercise your rights, please contact:

Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority, in particular:

• Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, www.edoeb.admin.ch
• EU: Your national data protection authority based on your place of residence