Privacy Policy

Last updated: June 22, 2026

Austin Harman Designs (“Austin Harman Designs,” “we,” “us”), a product studio of The Penn Group, builds a family of mobile and web applications (the “Apps,” including WAIT, BlessMe, Quit Me, L0CKED, THEIR, and others). This policy explains what we collect, why, who we share it with, and the choices you have. It applies to all of our Apps and to this website. Individual features differ by App, so not every practice below applies to every App.

We do not sell your personal information, and we do not show third‑party advertising in our Apps.

Information we collect

We collect only what we need to run the service:

  • Account information. Your email address, which we use for passwordless (“magic link”) sign‑in. Depending on the App we may also collect a display name and a phone number that we verify with a one‑time SMS code to deter abuse and fraud.
  • Profile information. Optional details you choose to add, such as a profile photo.
  • Content you create. The information you put into an App — for example journal entries, gift requests and contributions, messages, and shared journals. In some Apps (such as WAIT) this content is encrypted on your device before it is stored or synced, so we cannot read it.
  • Payment information. When you buy a subscription or contribute to a gift, payment is processed by Stripe (on the web) and by the Apple App Store or Google Play (in‑app). We do not receive or store your full card number. For Apps that send money to other people (such as BlessMe), Stripe handles the payout accounts and we store only identifiers and amounts needed to track the transaction.
  • Device and technical data. Information needed to operate and secure the service, such as IP address, device and operating‑system type, app version, and push‑notification tokens (delivered through Apple Push Notification service and Firebase Cloud Messaging).
  • Safety and moderation data. In Apps that allow user‑submitted requests or messages, we screen content to block prohibited or illegal items and keep records of moderation actions, reports, and any law‑enforcement requests (see “Content moderation and safety”).

How we use information

  • To provide, maintain, and improve the Apps and their features.
  • To authenticate you and keep your account secure.
  • To process payments, subscriptions, contributions, and payouts.
  • To send transactional messages and, where you allow it, push notifications.
  • To prevent fraud, abuse, and prohibited or illegal activity.
  • To comply with our legal obligations and enforce our terms.

How we share information

We share personal information only with:

  • Service providers who process it on our behalf, including Stripe (payments and payouts), our cloud hosting and database provider, our SMS provider (phone verification), and push‑notification providers (Apple, Firebase). These providers are permitted to use the data only to perform services for us.
  • App stores, where you complete in‑app purchases (Apple, Google).
  • Legal and safety recipients, when we believe in good faith that disclosure is required by law, or is necessary to detect, prevent, or address fraud, security, or illegal activity, or to protect the safety of any person.

We do not sell personal information, and we do not share it for cross‑context behavioral advertising.

Data retention and deletion

We keep personal information for as long as your account is active or as needed to provide the service, and afterward only as required to meet legal, accounting, or safety obligations.

You can delete your account from within the App or by contacting us. Deletion runs on a short grace period (about 30 days) during which you can cancel it; after that, your personal data is permanently removed except for records we are legally required to retain. You can also request a copy of your data (a Data Subject Access Request) from within the App.

Security

We protect data in transit with TLS encryption. Several Apps additionally encrypt your content on your device using standard, industry‑accepted encryption (AES‑GCM via Apple’s CryptoKit), with the keys held in the device keychain — meaning that content is readable only on your device and not by us. No method of storage or transmission is perfectly secure, but we work to protect your information using reasonable safeguards.

Your privacy rights

Depending on where you live, you may have the right to:

  • access the personal information we hold about you;
  • correct or update it;
  • delete it;
  • receive a portable copy of it;
  • object to or restrict certain processing; and
  • for California residents under the CCPA/CPRA: know what we collect, request deletion, and opt out of “sale” or “sharing” (we do neither).

You can exercise the access and deletion rights directly in the App, or contact us using the details below. We will not discriminate against you for exercising your rights.

Children’s privacy

Our Apps are not directed to children under 13 (or the minimum age required in your country), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it. Some Apps require users to be older still, as stated in the App Store age rating.

Content moderation and safety

In Apps that let people submit requests, gifts, or messages, we screen submissions to block prohibited and illegal categories — including weapons, tobacco and vaping products, sexual or pornographic content, drugs and controlled substances, anything that facilitates human trafficking or prostitution, and other unlawful items. We may suspend or ban accounts that violate these rules. Where the law requires it — for example, in matters involving the safety of a minor — we may report content and associated account information to the appropriate authorities, and we respond to valid law‑enforcement requests.

International users

We operate from the United States, and your information is processed and stored there. If you use the Apps from outside the United States, you understand that your information will be transferred to and processed in the United States, where data‑protection laws may differ from those in your country.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date above and, for material changes, provide a more prominent notice. Your continued use of the Apps after an update means you accept the revised policy.

Contact us

Questions about this policy or your data:

sales@thepenn.group