Privacy Policy

Effective date: May 30, 2026 · Last updated: May 30, 2026

This Privacy Policy describes how Steady Scale Inc. ("Steady Scale," "we," "us," or "our") collects, uses, discloses, and protects information in connection with the Steady Scale mobile application for iOS (the "App"), our website at steadyscale.app (the "Site"), and any related services (collectively, the "Services").

By downloading, installing, or using the Services, you ("you" or "User") acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Policy, do not install or use the Services.

1. At a Glance

We have built the Services to minimize the personal information that leaves your device. In summary:

No user accounts. You do not create an account, username, or password to use the App.
Local-first storage. Your weight measurements, plan history, and settings are stored on your device using an on-device database.
Optional iCloud backup. If enabled (the default), an encrypted copy of your data is written to your personal iCloud account under your Apple ID. We have no access to it.
No servers operated by us. We do not operate servers that receive, store, or process your weight measurements, daily averages, trends, or other health information.
No advertising and no sale of data. We do not display advertising in the App, we do not use advertising identifiers, and we do not sell, rent, or share your personal information for cross-context behavioural advertising.
Limited third parties. Apple Inc. processes your subscription purchase, the App's distribution, your optional iCloud backup, and (if you have enabled it at the operating-system level) anonymous crash diagnostics that we receive through App Store Connect. RevenueCat Inc. processes your subscription entitlement state. We do not operate, and have not integrated, any third-party crash-reporting or behavioural-analytics SDK in v1 of the App.

This summary is provided for convenience and is qualified in its entirety by the remainder of this Policy.

2. Definitions

In this Policy, the following capitalized terms have the meanings set out below:

"App" means the Steady Scale mobile application for iOS published by Steady Scale Inc.
"Personal Information" means information about an identifiable individual, or information that can be used, alone or in combination with other information, to identify an individual. The meaning of Personal Information includes "personal data" as that term is used under the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the United Kingdom General Data Protection Regulation ("UK GDPR"), and equivalent legislation, and "personal information" as defined under the Personal Information Protection and Electronic Documents Act (Canada) ("PIPEDA"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), Quebec's Act Respecting the Protection of Personal Information in the Private Sector ("Quebec Law 25"), and other applicable privacy laws.
"Services" has the meaning given in the preamble above.
"Site" means the website at https://steadyscale.app and any subdomains operated by Steady Scale Inc.
"You" or "User" means the individual using the Services.

3. Who We Are and How to Contact Us

The data controller responsible for the processing of your Personal Information is:

Steady Scale Inc.
207 Bell Street North
Ottawa, Ontario K1R 0B9
Canada
Email: support@steadyscale.app

Steady Scale Inc. is a corporation incorporated under the Canada Business Corporations Act.

Person responsible for the protection of personal information. As required by Quebec's Act Respecting the Protection of Personal Information in the Private Sector and consistent with the accountability principle under PIPEDA, Steady Scale Inc. has designated Ryan Groome, Founder as the person in charge of the protection of personal information (the "Privacy Officer"). The Privacy Officer is responsible for ensuring our compliance with applicable privacy laws and for receiving and responding to privacy-related inquiries.

For privacy-related inquiries, including requests to exercise the rights described in Section 11, please contact the Privacy Officer at support@steadyscale.app with the subject line "Privacy Request."

Data Protection Officer. Steady Scale Inc. has determined that designation of a Data Protection Officer under Article 37 of the GDPR is not required, because the company does not process health information within the meaning of the GDPR. Weight measurements, plan history, free-text notes, and other health-related information you enter remain on your device or, where you have enabled iCloud backup, in your own iCloud account under your Apple ID, and are not received or accessed by Steady Scale Inc. (see Sections 4.4 and 7). The Privacy Officer designated above is the contact point for privacy inquiries.

4. Information We Collect

4.1 Information You Provide and Store Locally on Your Device

The following categories of information are entered by you and stored on your device. We do not transmit, receive, or otherwise have access to this information, except as expressly described in Sections 4.3, 5, and 6.

Weight measurements. Each measurement consists of a numeric weight value, the unit you selected (pounds or kilograms), a date and time, and an optional free-text note.
Plan and tracking history. Records of the plans you create (loss, gain, or monitor), including goal weight, target rate, check-in day, journey start date, reference weight (monitor mode), and lifecycle status (active, paused, achieved, archived, or hidden).
Quality flag records. System-generated annotations that mark measurements the App's quality-detection logic has identified as potential outliers, together with your subsequent action ("Looks right," edited, or deleted).
Preferences and settings. Your selected display unit, height, theme preference, and chart preferences.

4.2 Information You Provide Through Communications

If you contact us directly (for example, by email at support@steadyscale.app), we receive the contents of your message, your email address, and any other information you choose to provide. We use this information solely to respond to your inquiry, troubleshoot issues, and maintain a record of the correspondence.

4.3 Information Collected Automatically by Third-Party Services

The Services rely on the following third-party services, which collect or process limited information in connection with their respective functions. Each is described further in Section 6.

Apple App Store and StoreKit. Apple Inc. processes the purchase of the App and any in-App subscription. Apple provides us with anonymous, aggregated reporting (downloads, retention metrics, subscription events) through App Store Connect. We do not receive your name, Apple ID, payment information, or precise location from Apple.
iCloud (Apple). If iCloud backup is enabled on your device, the App writes a backup of your local database to the iCloud Documents container associated with your Apple ID. This backup is stored under your Apple ID and is governed by Apple's iCloud terms and privacy policies. We do not have access to it.
RevenueCat (RevenueCat, Inc.). RevenueCat is our subscription infrastructure provider. RevenueCat receives a randomly generated anonymous identifier (an "App User ID") and the validated subscription receipt issued by Apple, which it uses to determine whether you have an active entitlement. RevenueCat does not receive your weight measurements, health information, name, email, or Apple ID.
Apple App Store Connect crash diagnostics. Apple's iOS operating system includes a system-level setting at Settings → Privacy & Security → Analytics & Improvements → Share With App Developers. If you have enabled this setting on your device, Apple shares anonymous, aggregated crash reports and performance metrics with us through App Store Connect, including information such as a stack trace, the App version, the iOS version, and the device model. No weight measurements, plan information, notes, or other health information are included in these crash reports. This setting is controlled at the iOS level and is independent of the App; it is off by default unless you have previously opted in. Steady Scale does not operate a separate crash-reporting SDK in v1 of the App, and we do not transmit crash data to any third party other than Apple.

4.4 Information We Do Not Collect

We have designed the Services to avoid collecting the following categories of information. Specifically, we do not:

Require you to create an account, register, or provide an email address, name, date of birth, or password to use the App;
Operate servers that store your weight measurements, daily averages, trend lines, forecasts, or other computed health metrics;
Use third-party behavioural analytics software development kits (SDKs) or third-party crash-reporting SDKs in v1 of the App;
Collect or use advertising identifiers (IDFA or IDFV) for advertising purposes;
Display third-party advertising in the App;
Sell, rent, lease, or trade your Personal Information for monetary or other valuable consideration;
Share your Personal Information with third parties for those third parties' direct marketing purposes;
Collect precise geolocation information from your device;
Access your iOS Health (HealthKit) data, Photos, Contacts, Microphone, or Camera.

If we change any of the foregoing in a future version of the App, we will update this Policy in accordance with Section 13 and, where required by law, obtain your consent.

4.5 The Site (steadyscale.app)

The Site is a static informational website hosted on GitHub Pages. It contains the landing page, this Privacy Policy, the Terms of Service, and supporting marketing content. The Site does not use cookies, does not run client-side analytics, does not include third-party tracking pixels or ad tags, and does not request your email address or any other identifier. Your browser or your hosting provider may log basic technical information (such as your IP address and the user agent) as part of normal web operations; we do not receive or use those logs for marketing or profiling. If we add a form, newsletter, or any other interactive element to the Site in the future, we will update this Policy before doing so.

5. Purposes for Which We Use Information

We process the limited Personal Information we have access to for the following purposes:

Purpose	Categories of information
To make the App function on your device, including computation of daily averages, trend lines, forecasts, and projections	Information described in Section 4.1, processed locally
To validate your subscription entitlement and provide trial and paid features	Subscription receipt and App User ID (Section 4.3)
To restore your data on a new device or after reinstalling the App, at your initiation	iCloud backup file (Section 4.3, Section 7)
To respond to your inquiries and provide customer support	Information described in Section 4.2
To diagnose crashes and fix bugs, if you have enabled crash reporting	Anonymous crash diagnostics (Section 4.3)
To comply with our legal obligations, enforce our Terms of Service, and protect our legal rights	Any of the foregoing, as necessary

We do not engage in automated decision-making that produces legal or similarly significant effects. The forecasts, projections, and trend computations displayed in the App are statistical estimates derived from data you have entered on your device.

6. How We Share Information

We disclose information only as described in this Section, or with your express consent.

6.1 Service Providers

We engage third-party service providers to perform functions on our behalf. Our service providers are contractually obligated to use information only to provide services to us and consistent with this Policy.

Service provider	Function	Information processed
Apple Inc.	Distribution of the App through the App Store, processing of subscription purchases, iCloud storage of your backup file under your Apple ID, and (where you have enabled iOS-level developer analytics sharing) provision of anonymous, aggregated crash reports through App Store Connect	Subscription transaction information; backup file stored under your Apple ID; aggregated, anonymous crash diagnostics
RevenueCat, Inc.	Subscription entitlement management	Anonymous App User ID and Apple-issued subscription receipt

6.2 Legal Compliance and Protection of Rights

We may disclose information when we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service and other agreements; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Steady Scale Inc., our Users, or the public.

6.3 Corporate Transactions

If Steady Scale Inc. is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you (for example, by updating this Policy and posting a notice on the Site) before your information becomes subject to a different privacy policy.

6.4 No Sale or Sharing of Personal Information

We do not "sell" Personal Information, and we do not "share" Personal Information for cross-context behavioural advertising, in each case as those terms are defined under the CCPA/CPRA, Quebec Law 25, or other applicable laws. We have not done so in the 12 months preceding the effective date of this Policy.

7. iCloud Backup

When iCloud backup is enabled (the default), the App writes a copy of your local database — including your measurements, plans, quality flag records, and global configuration — to the iCloud Documents ubiquity container associated with your Apple ID. The backup is stored in your personal iCloud account.

The backup is not transmitted to or accessible by Steady Scale Inc. It is stored, encrypted in transit and at rest, by Apple under the terms of your iCloud agreement with Apple.
The backup is intended for single-device recovery (for example, restoring your data after reinstalling the App or moving to a new device). The App does not currently provide real-time multi-device synchronization.
You can disable iCloud backup at any time in Settings → Backup & Export. After you disable backup, the App will stop writing new backup data. Any existing backup file remains in iCloud until you delete it through iOS Settings → [your name] → iCloud → Manage Account Storage, or by deleting the App from devices signed in to your Apple ID.

Your use of iCloud is governed by Apple's terms of service and privacy policy, which are independent of this Policy and over which we have no control.

8. Data Retention

Because your measurements, plans, and configuration are stored on your device (and, if you have enabled it, in your iCloud account), you control the retention period.

Local data persists on your device until you delete individual records within the App, reset the App from within Settings, or uninstall the App. Uninstalling the App removes all locally stored information immediately.
iCloud backup files persist in your iCloud account until you remove them through iOS Settings or until your Apple ID is deactivated, in accordance with Apple's terms.
Support correspondence (Section 4.2) is retained for twenty-four (24) months following the resolution of your inquiry, after which it is deleted or de-identified. We may retain correspondence for a longer period only where required to comply with legal obligations, to defend or pursue a legal claim, or to maintain accounting and tax records as required by applicable law.
Subscription transaction records (Section 4.3) — including the association between the anonymous App User ID and your subscription entitlement state — are retained for so long as your Subscription remains active and for twenty-four (24) months following the termination or expiry of your last Subscription, after which the association is deleted from our records held with RevenueCat. We may retain anonymized, aggregated subscription statistics for longer periods for accounting and business reporting purposes.
Aggregated, anonymous crash diagnostics that you have elected to share with developers through your iOS device settings (Section 4.3) are retained by Apple in accordance with Apple's retention practices for App Store Connect data, over which we have no control. We retain only aggregated diagnostic summaries derived from this information for as long as is reasonably necessary for product debugging and quality improvement, and not longer than twenty-four (24) months.

9. Data Security

We have implemented technical and organizational measures designed to protect the limited information we process against unauthorized access, alteration, disclosure, or destruction. These include:

Local storage with no off-device transmission of health data. Your measurements and plans are stored only in the App's local database and (if enabled) your iCloud backup.
Apple-managed transport and at-rest encryption for any information that traverses Apple's infrastructure (App Store purchases, iCloud backup).
No collection of authentication credentials, because the App requires no account.
Restricted access to support correspondence and aggregated reporting, limited to personnel who have a legitimate need.

No method of electronic storage or transmission is one hundred percent secure. While we strive to use commercially reasonable measures to protect your information, we cannot guarantee its absolute security. You are responsible for safeguarding your device, your device passcode, your Apple ID credentials, and any backups you create.

10. International Data Transfers

Steady Scale Inc. is located in Canada. Apple's iCloud, App Store, and App Store Connect infrastructure and RevenueCat's infrastructure may be located in the United States, the European Union, or other jurisdictions. If you access the Services from outside Canada, your information may be processed in Canada and in other jurisdictions whose data protection laws may differ from those of your country.

Where required by applicable law (including the GDPR, the UK GDPR, Quebec Law 25, and PIPEDA), we and our service providers rely on legally recognized transfer mechanisms, including the European Commission's Standard Contractual Clauses and equivalent UK and Canadian frameworks.

By using the Services, you acknowledge that your information may be processed in jurisdictions other than the one in which you reside, in accordance with applicable law.

11. Your Privacy Rights

Subject to applicable law and verification of your identity, you have the rights set out in this Section. To exercise any of these rights, contact us at support@steadyscale.app with the subject line "Privacy Request" and identify the right you wish to exercise. We will respond within the timeframes required by applicable law.

11.1 Rights Available to All Users

Access and portability. You can export your full data set as a CSV file at any time, directly from Settings → Backup & Export within the App. The export contains the complete record of your measurements and configuration as stored on your device. No request to us is required.
Correction. You can edit any measurement within the App and update your settings at any time.
Deletion. You can delete individual measurements within the App or remove all locally stored data by uninstalling the App. iCloud backups can be deleted through iOS Settings as described in Section 7.
Withdrawal of consent. Where Apple's iOS-level developer analytics sharing setting is the basis on which crash diagnostics are made available to us (Section 4.3), you may withdraw consent at any time by turning off Settings → Privacy & Security → Analytics & Improvements → Share With App Developers on your device. More generally, you may withdraw any consent you have given us at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

11.2 Additional Rights for Residents of the European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, the UK, or Switzerland, you have the following additional rights under the GDPR or UK GDPR, as applicable, in respect of Personal Information for which we are the data controller:

The right to be informed about how your Personal Information is processed (provided through this Policy);
The right of access to your Personal Information;
The right to rectification of inaccurate Personal Information;
The right to erasure ("right to be forgotten");
The right to restrict processing;
The right to data portability;
The right to object to processing on grounds relating to your particular situation; and
The right to lodge a complaint with a supervisory authority in your country of residence, place of work, or place of the alleged infringement.

Legal bases for processing. Where the GDPR or UK GDPR applies, we process Personal Information on the following legal bases:

Processing activity	Legal basis
Operating the App on your device and computing your statistics locally	Performance of a contract with you (Article 6(1)(b) GDPR)
Validating your subscription entitlement	Performance of a contract with you (Article 6(1)(b) GDPR)
Responding to your support inquiries	Performance of a contract or our legitimate interests (Article 6(1)(b) or (f) GDPR)
Receiving aggregated, anonymous crash diagnostics from Apple (where you have enabled the corresponding iOS setting) to debug and improve the App	Our legitimate interests in maintaining and improving the Services (Article 6(1)(f) GDPR), with your consent at the iOS level being the gating mechanism that controls whether any such data is made available to us
Complying with legal obligations and protecting our rights	Our legitimate interests and compliance with legal obligations (Article 6(1)(c) and (f) GDPR)

11.3 Additional Rights for California Residents

If you are a California resident, the CCPA/CPRA provides you with the following rights:

The right to know what categories and specific pieces of Personal Information we have collected, the sources, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it;
The right to request deletion of Personal Information we have collected from you, subject to certain exceptions;
The right to correct inaccurate Personal Information;
The right to opt out of the sale or sharing of Personal Information. We do not sell or share your Personal Information as those terms are defined under the CCPA/CPRA;
The right to limit the use of sensitive Personal Information. As described in Section 4, we do not use Personal Information for purposes that trigger this right; and
The right not to receive discriminatory treatment for exercising any of these rights.

You may designate an authorized agent to make a request on your behalf. We will require the agent to provide proof of your authorization and may require you to verify your identity directly with us.

11.4 Additional Rights for Residents of Canada (including Quebec)

If you are a resident of Canada, you have the rights set out under PIPEDA and, where applicable, Quebec Law 25, including the right to access and correct your Personal Information, the right to withdraw consent, and (under Quebec Law 25) the right to data portability and the right to be informed of an automated decision-making process if one is used to make a decision concerning you. As noted in Section 5, we do not engage in such automated decision-making.

You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada or, for Quebec residents, the Commission d'accès à l'information du Québec.

11.5 Verification and Response Times

To protect your information, we may need to verify your identity before responding to a rights request. We may ask you to confirm details we already hold, or to make the request from the email address associated with your prior support correspondence. We will respond to verifiable requests within the timeframe required by applicable law (generally 30 days under PIPEDA, 45 days under the CCPA/CPRA, and one month under the GDPR/UK GDPR, in each case extendable in accordance with the applicable law).

12. Children's Privacy

The Services are not directed to, and we do not knowingly collect Personal Information from, children under the applicable minimum age. The applicable minimum age depends on your jurisdiction of residence and is at least:

13 in the United States (under the Children's Online Privacy Protection Act, "COPPA") and in Canada outside Quebec;
14 in Quebec (under Quebec's Act Respecting the Protection of Personal Information in the Private Sector, for the purpose of consent to the processing of personal information);
16 in the European Economic Area, the United Kingdom, and Switzerland (under the GDPR or UK GDPR), unless the EEA member state in which you reside has set a lower threshold (which may be 13, 14, or 15 depending on the member state).

If you are a parent or guardian and you believe that a child under the applicable minimum age has used the Services, please contact us at support@steadyscale.app, and we will take reasonable steps to delete any information we hold about the child and to prevent further use of the Services by that child.

13. Changes to This Policy

We may update this Policy from time to time to reflect changes in the Services, applicable law, or our practices. The "Last updated" date at the top of this Policy indicates when it was last revised. If we make material changes, we will provide additional notice (for example, by posting a prominent notice on the Site or, where appropriate, an in-App notice) prior to the changes taking effect. Your continued use of the Services after a revised Policy becomes effective constitutes your acceptance of the revised Policy.

14. Contact

If you have questions, concerns, or complaints about this Policy or our privacy practices, please contact us at:

Steady Scale Inc.
Attn: Privacy
207 Bell Street North
Ottawa, Ontario K1R 0B9
Canada
Email: support@steadyscale.app

We will work with you in good faith to resolve any concern.