Home The Science Is Tyme Boxed for me?
Privacy · Last updated: May 2026

Your data isn't the product.

What we collect, what we never collect, and your rights under India's Digital Personal Data Protection Act, 2023.

Our core privacy promise

We do not collect, transmit, or store any information about which apps or websites you choose to block. All blocking data stays on your device, protected by Apple's Screen Time framework on iOS or Android's on-device app-blocking framework. We only collect what is strictly necessary to verify your NFC device and provide the Service.

01

About us

Apps For Development is an unregistered business entity operating the Tyme Boxed brand, based in Kukatpally, Hyderabad, Telangana, India. We develop and sell the Tyme Boxed NFC device and accompanying mobile applications for iOS and Android to help users manage their smartphone usage through physical NFC-based app blocking.

This Privacy Policy describes how we collect, use, store, share, and protect personal data we receive when you purchase a Tyme Boxed device, use either of our Apps, or interact with us. It also sets out your rights as a Data Principal under the Digital Personal Data Protection Act, 2023 (DPDPA) and DPDP Rules, 2025.

iOS application

The iOS application incorporates components from the open-source Foqos project (MIT License, github.com/awaseem/foqos), with modifications by Apps For Development including the NFC device serial number verification system and account-management features. The privacy-first, on-device data model of the original project is maintained.

Android application

Developed independently by Apps For Development from the ground up. It does not incorporate or derive from any open-source project, third-party SDK, or external code library for its core app-blocking, NFC verification, or account-management functionality. All app-blocking activity is processed exclusively on your device.

02

Scope of this policy

This Policy applies to:

  • All purchasers of a Tyme Boxed NFC device
  • All users of the Tyme Boxed iOS application
  • All users of the Tyme Boxed Android application
  • Visitors to our website or e-commerce store (if any)
  • Any person who contacts us for support

This Policy does not apply to third-party websites, applications, or services that may be linked from our platforms. We encourage you to review their privacy policies before sharing any data.

03

Data we collect

3A. Data you provide to us

Purchase information. When you buy a Tyme Boxed device, our payment partner collects your name, delivery address, email, phone number, and payment details. We receive order confirmation details (order number, product purchased, amount paid) but do not directly receive or store full payment card data — that is handled by our PCI-compliant payment processor.

Support communications. When you contact us at support@tymeboxed.app, we collect the content of your message and any information you provide (order number, device type, OS version) to resolve your query.

Account registration. The Apps support account creation via:

  • iOS: Email OTP, Google OAuth, or Apple ID ("Sign in with Apple")
  • Android: Email OTP or Google OAuth (Sign in with Apple is not available on Android)

We don't collect or store your Google or Apple account passwords — authentication is handled directly by those services. You may delete your account at any time from within the App, which will permanently and irreversibly remove your account data from our systems.

3B. Data collected automatically

NFC device serial number. When you first tap your Tyme Boxed against your phone, the App reads the device's unique NFC serial number (UID) and transmits it to our backend over an encrypted HTTPS request. Our server verifies it's an authentic Tyme Boxed and returns a verification token. The result is cached locally so subsequent uses don't require a server call.

Technical / diagnostic data (minimal). Our servers may log basic technical data: request timestamp, OS, OS version, App version, device model (generic, e.g. "Pixel 8" or "iPhone 15"), and an anonymised IP address. This is used solely to diagnose errors and protect against fraudulent verification.

3C. Data we do NOT collect

We explicitly do not collect: the names, package IDs, or categories of apps you block; which websites you block; the duration or timing of your blocking sessions; your Screen Time / Digital Wellbeing data; your location data; contacts, calendar, photos, SMS, call logs, or any other personal device data; any biometric data (Face ID / Touch ID / Fingerprint / Face Unlock).

All App-blocking activity is processed exclusively on-device — by Apple's Screen Time API on iOS, and by Android's on-device app-blocking mechanism on Android. In neither case is this data accessible to Apps For Development.

04

How we use your data

We process your data only for the following purposes, and only to the extent necessary for each:

  • Verifying your NFC device and enabling the App
  • Creating and managing your account
  • Processing and fulfilling your orders
  • Communicating order confirmations, shipping updates, and support
  • Responding to inquiries and resolving support requests
  • Processing account deletion requests when initiated by you
  • Complying with legal obligations

We do not sell, rent, or otherwise disclose your personal data to third parties for their own marketing or advertising purposes.

05

Data sharing and disclosure

We may share your personal data with the following categories of recipients:

5.1 Payment processors. We share your name, contact, and order details with payment gateway providers to process your purchase. Providers operate under their own privacy policies and are PCI-DSS compliant.

5.2 Logistics / shipping partners. We share your delivery name and address with courier services solely for delivering your order.

5.3 Cloud hosting / backend providers. Our NFC verification backend is hosted on cloud infrastructure (e.g., AWS, Google Cloud, or similar) with appropriate data protection standards.

5.4 App distribution platforms. The iOS App is distributed via Apple App Store; the Android App via Google Play Store. Apple and Google may collect their own data (install metrics, crash reports, aggregated analytics) under their respective privacy policies.

5.5 Legal obligations. We may disclose your data when required by law, court order, or lawful request. Where permitted, we will notify you before doing so.

5.6 Business transfers. In a merger, acquisition, or sale, your data may be transferred to the acquiring entity. We will provide notice.

06

International data transfers

Apps For Development is based in India. Our cloud backend servers may be located outside India. Any transfer of personal data outside India will be conducted in accordance with Section 16 of the DPDPA and applicable DPDP Rules. Where personal data is transferred to countries that do not provide an equivalent level of data protection, we implement appropriate contractual safeguards.

07

Data retention

We retain your personal data only for as long as necessary to fulfil the purposes in this Policy, or as required by law:

  • Account data (name, email): active for as long as your account is active. Permanently deleted within 30 days of account deletion.
  • NFC device serial numbers: retained indefinitely for device authentication, unless you request erasure.
  • Purchase / order records: retained for 7 years from purchase date (Indian accounting and tax laws).
  • Customer support emails: 2 years after resolution, or as required for ongoing disputes.
  • Server logs (anonymised): up to 90 days for security and debugging.

After the applicable retention period, we securely delete or anonymise your personal data.

08

Children's privacy

The Apps are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent.

The iOS App uses Apple's Family Controls framework, and the Android App uses Android's parental-supervision capabilities, each of which may be configured for use on a child's device under parental supervision. In such cases, the parent or guardian who purchases the device and authorises the App is the Data Principal.

As required by the DPDPA, if we become aware that we have inadvertently collected personal data of a child under 18 without verifiable parental consent, we will promptly delete such data. Contact support@tymeboxed.app to request deletion.

09

Data security

We implement appropriate technical and organisational security measures, including:

  • All communication between the Apps and our backend is encrypted using TLS / HTTPS
  • NFC serial numbers stored on our servers have access controls and are restricted to authorised personnel
  • We conduct periodic security reviews of our backend and both Apps
  • We don't store full payment card details on our servers

No security system is completely impenetrable. In the event of a personal data breach, we will notify affected Data Principals and the Data Protection Board of India as required under the DPDPA and DPDP Rules.

10

Your rights under the DPDPA

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

10.1 Right to access. Request a summary of the personal data we hold and how we process it.

10.2 Right to correction. Request correction of any inaccurate or outdated personal data.

10.3 Right to erasure. Request deletion of your personal data. We will comply unless retention is required by law. Note: deleting your NFC serial number will deactivate your device's ability to verify and use the App.

10.4 Right to withdraw consent. Withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal.

10.5 Right to grievance redressal. Have your privacy grievances addressed by our Grievance Officer (see Section 12). If unresolved, lodge a complaint with the Data Protection Board of India.

10.6 Right to nominate. Nominate an individual to exercise your rights in the event of your death or incapacity.

To exercise any right, email support@tymeboxed.app. We will verify your identity and respond within 30 days.

11

Cookies and tracking

Neither the iOS application nor the Android application uses cookies. If we operate a website or e-commerce store, that platform may use cookies for functionality and analytics — any such use will be disclosed in a separate cookie notice.

Neither App includes third-party advertising SDKs, tracking frameworks (e.g., Facebook SDK, Google Firebase Analytics, AppsFlyer, Adjust), or behavioural analytics tools. The Android App, in particular, has been built from scratch without integrating any third-party analytics or tracking libraries.

12

Grievance Officer

In accordance with the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and pending DPDP Rules obligations, we have designated:

Grievance Officer: Owner, Apps For Development
Email: support@tymeboxed.app
Address: Kukatpally, Hyderabad, Telangana, India
Response time: we acknowledge within 48 hours, aim to resolve within 30 days.
13

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will (a) post the updated Policy with a new effective date, and (b) notify you via email (if we hold your email address) or via in-app notification at least 30 days before changes take effect. Continued use after the effective date constitutes acceptance of the revised Policy.

14

Contact us

For questions about this Privacy Policy or our data practices:

Apps For Development (Tyme Boxed)
Email: support@tymeboxed.app
Location: Kukatpally, Hyderabad, Telangana, India

If you are not satisfied with our response, you may contact the Data Protection Board of India at dpb.gov.in once operational.