Privacy policy
Privacy Policy
Last updated: 15 May 2026
Detach Co ("Detach", "we", "us", "our") operates the Detach website and online store (the "Store") and the Detach iOS app (the "App", and together with the Store, the "Services"). This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase through the Services, or otherwise communicate with us.
This policy covers both the Store and the App. Where a section applies only to one or the other, we say so clearly.
If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.
By using the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described here.
1. Who We Are
Detach Co is the data controller for personal information collected through the Services. We are based in Malaysia.
Contact for privacy matters: hello@usedetach.com
2. Summary
A short, plain-English summary of what we do with your data:
Through the Store, we collect the information you would expect for an e-commerce purchase — name, shipping and billing address, payment details, email, and basic device/usage information. Most of this is processed by Shopify, our e-commerce platform, on our behalf.
Through the App, we collect your email (via Apple or Google sign-in), your detach session start/end times, and the names/icons/schedules of your presets and routines. We store these on Supabase.
We do not see your Screen Time data. Which apps or websites you choose to block is stored only on your device and is never sent to our servers, to Apple, or to anyone else.
We do not run ads or sell your data. We use no advertising SDKs, no analytics SDKTs, and no tracking SDKs in the App.
The rest of this policy explains all of this in more detail.
3. Information We Collect Through the Store
When you visit the Store or place an order, we collect the following categories of personal information:
Contact details — name, billing address, shipping address, phone number, email address.
Financial information — payment card details, financial account information, transaction details, payment confirmations. Payments are processed by Shopify and its payment partners; we do not directly store full card numbers.
Account information — username, password, security questions, preferences, and settings (if you create a Store account).
Transaction information — items you view, add to cart, wishlist, or purchase, and any returns, exchanges, or cancellations.
Communications with us — the information you include when you contact us, for example through customer support.
Device information — device, browser and network information, IP address, and similar identifiers.
Usage information — how and when you interact with and navigate the Store.
Sources
We collect this information:
Directly from you, when you create an account, place an order, or contact us.
Automatically through the Store, including via cookies and similar technologies.
From our service providers (for example, Shopify and payment processors).
From our partners or other third parties (for example, marketing partners).
4. Information We Collect Through the App
When you use the Detach iOS app, we collect and process the following:
Account information. When you create an account, we collect your email address via Apple Sign-In or Google Sign-In. We generate a unique user ID for your account. We do not collect your name, phone number, or any other personal details during sign-up.
NFC card identifier. When you pair a physical Detach card with your account, we store the card's hardware identifier (a short hexadecimal UID) so that we can verify the correct card is being scanned. No other data from the card is stored on our servers.
Detach session data. When you start a detach session — either manually by scanning your card, or automatically through a routine — we record the session start time and end time. This powers the in-app analytics that show you how much time you've spent detached.
Preset and routine configuration. We store the names, icons, modes ("allow" or "block"), scheduling days, and start/end times of your presets and routines, so that your settings persist across devices and reinstalls. We do not store which specific apps or websites you have selected — see Section 5.
Profile picture selection. You can choose from a set of pre-made profile pictures. We store only your selection (a number), not any personal photos.
Purchase records. If you purchase an Emergency Attach pack, we record the number of uses remaining on your account. Payment itself is handled entirely by Apple through the App Store — we do not see your card details.
5. Screen Time and Family Controls Data
The App uses Apple's Screen Time APIs (Family Controls, Managed Settings, and Device Activity) to block and unblock apps and websites on your device.
Your app and website selections never leave your device. When you choose which apps or websites to include in a preset, that selection is stored only in your device's local storage, inside a secure app group. It is never transmitted to our servers, to Apple, to any third party, or to any other device. We cannot see which specific apps or websites you have chosen to block.
We do not collect or transmit any Screen Time usage data. We do not access, store, or send information about how long you use specific apps, how often you open them, or any other Screen Time metrics. The only data we record from a detach session is the start time and end time — not which apps were blocked or how you used your device during that time.
The Device Activity monitor extension runs on your device to automatically start and stop routines at their scheduled times. When a routine starts or ends, the extension records only the session start/end timestamp to our server. No Screen Time data, app identifiers, or usage information is included.
6. NFC Card Data
What is stored on the card. Your Detach NFC card contains a cryptographic verification token (derived from the card's hardware identifier using HMAC-SHA256) and a password that protects the card from unauthorised access. No personal information — such as your name, email, user ID, or app selections — is stored on the card itself.
What the App reads from the card. When you scan your card, the App reads the card's hardware identifier and the stored verification token, and verifies the token locally on your device to confirm the card is genuine. The card identifier is checked against the one linked to your account to ensure you are using your own card.
What is transmitted to our servers. Only the card's hardware identifier is sent to our servers, and only during initial card pairing and verification checks (to confirm the card is not already registered to another account).
7. Data Stored Locally on Your Device
The following App data is stored only on your device and is not transmitted to any server:
App and website selections for each preset (stored as Family Activity Selection tokens in UserDefaults).
Active detach session state (start time, source, session ID).
Lockdown mode preference (which prevents app deletion during a detach session).
Cached copies of your presets and routines (for offline functionality).
Authentication session (stored in the device Keychain).
This local data is shared between the main Detach app and its two extensions (RoutineMonitor and Shield) through a secure app group and Keychain access group. It does not leave your device.
8. Data Transmitted Off-Device by the App
The following App data is transmitted from your device to our servers over HTTPS (TLS-encrypted):
Email address (during authentication). User ID. NFC card identifier (during pairing and availability checks). Detach session start and end times. Preset metadata (name, icon, mode — not app/website selections). Routine metadata (name, days, times — not app/website selections). Emergency Attach purchase count. Profile picture selection (a number, not a photo).
We do not transmit: installed app lists, app usage data, Screen Time information, website browsing history, advertising identifiers (IDFA), device model or OS version (beyond what is automatically included in standard network requests), location data, contacts, photos, or any sensor data.
9. iOS Permissions Requested by the App
The Detach app requests the following permissions:
Screen Time (Family Controls) — required for the App's core functionality of blocking and unblocking apps and websites. Requested once during setup.
NFC (Near Field Communication) — required to read and write your Detach card. The system NFC prompt appears each time you scan your card.
The App does not request: camera, photo library, location, contacts, microphone, Bluetooth, calendar, reminders, health, motion, App Tracking Transparency, or push notification permissions.
10. Push Notifications
The Detach app does not use push notifications. We do not request notification permissions, and we do not send remote or local notifications.
11. How We Use Your Personal Information
Depending on which Service you use, we use your personal information to:
Provide, tailor, and improve the Services. To fulfil orders, process payments, manage your account, ship your card, handle returns and exchanges, run the App's core blocking functionality, sync your settings, and power in-app analytics that you see (such as your detach history).
Communicate with you. To respond to customer support enquiries, send transactional emails (order confirmations, shipping updates, password resets), and maintain our business relationship with you.
Marketing and advertising. With your consent where required, to send marketing communications about Detach products and updates, and to show you advertising for Detach on third-party platforms. You can opt out at any time using the unsubscribe link in our emails. We do not run any in-app advertising.
Security and fraud prevention. To authenticate your account, secure payments, detect and prevent fraud or abuse, and protect the safety of our users and Services.
Legal reasons. To comply with applicable law, respond to valid legal process (including from law enforcement), and enforce or investigate violations of our Terms.
12. How We Disclose Your Personal Information
We may disclose your personal information to:
Service providers and vendors who perform services on our behalf — including Shopify (e-commerce platform), payment processors, shipping and fulfilment providers, customer support tools, and Supabase (App backend and database).
Business and marketing partners to provide marketing and advertising services. For example, Shopify supports personalised advertising with third-party services based on your activity with our Store and other merchants. Where required by law, we will ask for your consent or offer you a way to opt out.
Third parties at your direction, such as for shipping or social media integrations.
Affiliates or other entities within our corporate group, where applicable.
In connection with a business transaction such as a merger, acquisition, or insolvency, and to comply with applicable legal obligations, enforce our Terms, or protect our rights or the rights of others.
We do not sell your personal information for money. Some sharing for personalised advertising via Shopify may, depending on your jurisdiction, fall under the legal definition of "sharing" or "selling" — see Section 16 below for your rights to opt out.
13. Third-Party Services Used by the App
The Detach app integrates the following third-party services:
Supabase (Supabase Inc.) — backend, authentication, and database storage. Receives: your email, user ID, card identifier, session times, preset/routine metadata, and emergency attach purchase count. Does not receive: Screen Time data or app selections.
Apple Sign-In (Apple Inc.) — if you sign in with Apple, your authentication is handled by Apple. We receive an authentication token and your email (or a private relay address if you choose to hide it).
Google Sign-In (Google LLC) — if you sign in with Google, your authentication is handled by Google. We receive an authentication token and your email.
Apple App Store / StoreKit (Apple Inc.) — all in-app purchases are processed by Apple. We do not see your payment details.
Rive (Rive Inc.) — animation library that runs entirely on your device and does not collect or transmit user data.
We do not use any advertising, analytics, or tracking SDKs in the App. There is no Firebase Analytics, Mixpanel, Amplitude, Adjust, Meta SDK, or any similar service.
14. Relationship with Shopify
The Store is hosted by Shopify, which collects and processes personal information about your access to and use of the Store in order to provide and improve it. Information you submit to the Store will be transmitted to and shared with Shopify and third parties that may be located in countries other than where you reside.
To help protect, grow, and improve our business, we use certain Shopify features that incorporate data from your interactions with the Store, along with other merchants and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information for those purposes. You can read Shopify's Consumer Privacy Policy and, depending on where you live, exercise rights through the Shopify Privacy Portal at https://privacy.shopify.com/en.
15. Third-Party Websites and Links
The Services may contain links to websites or platforms operated by third parties. We are not responsible for the privacy practices or content of those sites. If you follow such links, please review the privacy and security policies of those sites separately.
16. Your Rights and Choices
Depending on where you live, you may have some or all of the following rights in relation to your personal information. These rights are not absolute and may apply only in certain circumstances.
Right to access / know — request a copy of the personal information we hold about you.
Right to delete — request that we delete personal information we hold about you. In the App, you can delete your entire account from the Settings screen; deletion is immediate and irreversible and removes your profile, all session records, all presets, all routines, and your card association.
Right to correct — request that we correct inaccurate personal information.
Right of portability — request a copy of your personal information in a portable format, where applicable.
Right to withdraw consent — including by revoking Screen Time or NFC permissions in your device Settings, or by revoking sign-in access via your Apple ID or Google account.
Right to opt out of marketing — use the unsubscribe link in any marketing email. We may still send you transactional emails (order confirmations, account notices).
Right to opt out of "sharing" / personalised advertising — depending on your jurisdiction, you may have the right to direct us not to share information about you for personalised advertising based on your activity across different merchants. To exercise this, contact us at hello@usedetach.com or use the Shopify Privacy Portal.
To exercise any of these rights, contact us at hello@usedetach.com. We may need to verify your identity before responding. We will respond within the timeframes required by applicable law.
We will not discriminate against you for exercising any of these rights.
Malaysia (PDPA 2010)
If you are in Malaysia, the Personal Data Protection Act 2010 ("PDPA") gives you the right to access and correct your personal data held by us, to limit our processing, and to withdraw consent to processing. To exercise these rights, contact us at hello@usedetach.com. You may also lodge a complaint with the Personal Data Protection Department (Jabatan Perlindungan Data Peribadi) if you are not satisfied with our response.
Complaints
If you have a complaint about our privacy practices, please contact us first at hello@usedetach.com so we can try to resolve it. Depending on where you live, you may also have the right to lodge a complaint with your local data protection authority.
17. Children's Privacy
The Services are not directed at children. We do not knowingly collect personal information from anyone under the age of 13. Users must be at least 13 years old to create an account in the App or place an order through the Store. Users between 13 and 18 (or the age of majority in their jurisdiction) should review this policy with a parent or guardian, and we may require parental consent in some cases.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@usedetach.com and we will take steps to delete it.
As of the date of this policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined under applicable law) personal information of individuals under 16 years of age.
18. Security and Retention
No security measures are perfect or impenetrable, and we cannot guarantee absolute security. Information sent to us over the internet may not be secure while in transit. We recommend that you do not use unsecured channels to communicate sensitive information.
We use HTTPS (TLS encryption) for all data transmitted between the App and our servers and between the Store and our service providers. Authentication tokens are stored in the device Keychain.
How long we keep your data:
Store account data and order records — for as long as your account is active and as required by tax, accounting, and other legal obligations.
App account, session history, and preset/routine metadata — for as long as your account is active. You can delete your account at any time from the App Settings, which immediately and permanently removes this data from our servers.
Data on your physical NFC card — remains on the card until the card is reset or destroyed. You may dispose of the card at your discretion.
Marketing communications data — until you unsubscribe.
Support communications — typically for up to 3 years after the last interaction.
19. International Transfers
We are based in Malaysia, but our service providers (including Shopify, Supabase, Apple, and Google) operate globally. Your personal information may be transferred to, stored, or processed in countries other than the one in which you live, including the United States and the European Union.
Where we transfer personal information out of the European Economic Area or the United Kingdom, we rely on recognised transfer mechanisms such as the European Commission's Standard Contractual Clauses (or the UK equivalent) unless the destination country has been determined to provide an adequate level of protection.
20. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy here, update the "Last updated" date, and provide additional notice where required by applicable law.
21. Contact
If you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please contact us at:
Detach Co Email: hello@usedetach.com Malaysia