Back

Privacy Policy

Effective: May 17, 2026 · Last updated: May 28, 2026

LawLert is operated by Gino Cattuzzo. You can reach us at support@lawlertapp.com. This Privacy Policy explains what information LawLert collects, what we do with it, and which third-party SDKs ship in the iOS binary — including SDKs that are present but currently dormant.

1. The short version

  • We collect the minimum needed to run the app: your email, an account ID, your device's location while you're using the app, and whether you've subscribed to Pro.
  • We do NOT sell your data.
  • We do NOT show ads in the app, even though our underlying mobile framework includes ad SDKs (Google Mobile Ads, Facebook Audience Network) that remain dormant unless we explicitly enable advertising. We have not enabled advertising in any version of LawLert.
  • We use PostHog for anonymous product analytics (screens viewed, law categories opened, paywall views, Unlock taps) so we can improve the app. Typed text is masked, sessions are not recorded, and the data is not used for advertising or cross-app tracking. The other third-party analytics/attribution SDKs that ship with our mobile framework (AppsFlyer, Firebase) are present in the binary but not initialized.
  • Your precise location is used only to compute which U.S. state you are currently in. We do not store a history of your movements.
  • You can delete your account and your data at any time by emailing support@lawlertapp.com.

2. What we actually collect and why

2.1 Account

Your email address (sign-in and launch notifications) and an account ID.

2.2 Location

When granted, we use it to: detect which U.S. state you are in, and detect when you cross a state border so the app can update which laws it shows. We send the state code (e.g., NV, CA) to our servers — NOT lat/lng or movement history. The app computes the state code on your device.

You can deny location anytime in Settings. If denied, the app defaults to Nevada and lets you switch states manually.

2.3 Background location

LawLert may request 'Always Allow' location permission so future versions can alert you when you cross a state line without opening the app. In v1.0, state detection runs primarily while LawLert is open or recently active. We do NOT store raw GPS coordinates — only your current state code, and only to avoid duplicate alerts. We do not retain a history of which states you have visited.

2.4 Subscription status

Whether you have Pro, when it started, and when it renews. Received from Apple StoreKit via RevenueCat. We do not see your credit card.

2.5 Push notifications

If enabled, OneSignal records a device-level subscription identifier tied to your account. Used to send notifications when you cross a state line into a state with materially different laws. Turn off anytime in app Settings or iOS Settings → Notifications → LawLert.

2.6 Diagnostic information

The Firebase SDK is present in our mobile binary and can collect anonymous crash reports if we ever enable Firebase Crashlytics. As of v1.0, we have NOT configured Firebase to send us crash or analytics data. Disclosed here so our App Store privacy nutrition label and our practice match.

2.7 Bundled third-party SDKs (transparency disclosure)

Our iOS app is built on the Despia web-native framework, which bundles a fixed set of third-party SDKs as part of its runtime. The following SDKs are present in the iOS binary but NOT actively configured by LawLert in v1.0:

  • Google Mobile Ads (AdMob) — would serve ads if we configured an ad unit. We have not.
  • Facebook Audience Network — secondary ad provider. Not configured.
  • AppsFlyer — would do cross-app install attribution if we provided a developer key. Not configured.
  • PostHog (active): we use PostHog for anonymous product analytics — recording in-app events like screens viewed, law categories opened, paywall views, and Unlock taps — so we can improve the app. We mask typed text, do not record sessions, and do not use this data for advertising or cross-app tracking.
  • Stripe — payment SDK. Not used; we use Apple In-App Purchase via RevenueCat for the LawLert Pro subscription.
  • Pushwoosh — secondary push notification provider. Not configured; we use OneSignal.

We disclose these because they appear in the iOS binary, and we want the Privacy Policy and the App Store privacy nutrition label to reflect reality. If we ever activate any of these SDKs in a future version, we will update this policy and the App Store privacy nutrition label before we do.

2.8 Things we explicitly do NOT collect

  • We do not collect your contacts.
  • We do not collect health, fitness, or financial data.
  • We do not access your photos, audio, or browsing history.
  • In v1.0, we do not invoke camera, microphone, contacts, calendar, or speech-recognition APIs, even though the underlying Despia runtime declares purpose strings for them. iOS will only prompt for any of these if a future version of LawLert adds a feature that uses them — at which point we will update this policy.

3. How we use what we collect

Only to: show you the laws that apply where you are; alert you when you cross into a state where laws are materially different; operate your Pro subscription if you have one; and respond to your support requests. We do not use your data for advertising, profiling, or third-party marketing.

4. Who we share with

  • Apple — receipt validation for subscriptions, via StoreKit.
  • OneSignal — to deliver push notifications you've opted into.
  • RevenueCat — to manage subscription state across devices.
  • Clerk — to handle your sign-in (email + password and any social SSO methods we may add).
  • PostHog — anonymous product analytics, as described in section 2.7.
  • Our hosting provider (Lovable Cloud / Supabase) — to store the small amount of account and subscription data described above.

We do not sell or rent your information to data brokers, advertisers, or anyone else.

5. Data retention and deletion

Account data is retained until you request deletion. Email support@lawlertapp.com from your account address to delete; we will delete within 14 days.

6. Your rights

You can: access the data we hold about you (email support); correct it; delete your account and all your data; opt out of push notifications; and deny location access anytime. Residents of California, the EU, the UK, or other jurisdictions with data-protection laws may have additional rights — email us to exercise them.

7. Changes to this policy

If we change this materially, we will notify you in the app and update "Last updated". If we ever begin actively collecting data through one of the bundled-but-currently-dormant SDKs in section 2.7, we will update this policy and the App Store privacy nutrition label before we make that change live.

8. Contact

support@lawlertapp.com — Gino Cattuzzo, operator of LawLert.