Privacy Policy

Effective date: May 25, 2026 Last updated: June 4, 2026

This is the privacy policy for Triggers, an iPhone alarm app published by Triggers Alarm (referred to in this document as "we," "us," or "our"). The app's bundle identifier is com.triggersalarm.app.

This policy describes what information we collect, how we use it, who we share it with, how long we keep it, and the choices you have. It applies to the iOS app and to the supporting services that run at triggersalarm.com and its subdomains.

If you have questions, write to support@triggersalarm.com.

TL;DR

Time alarms work without an account. We collect nothing about you until you create your first email alarm.
For email alarms, we collect: the email address from your sign-in provider, an internal account ID, a permanent forwarding alias we generate for you, your device's push notification token, and the filters you set on each alarm (e.g. who to listen for, what subject keywords to match, when to watch).
We never store the contents of your everyday email. Inbound mail is checked transiently in memory for a sender / subject match against your active alarms and then discarded. The body is never written to disk on our side. The single exception is a one-time provider confirmation email during forwarding setup, which we keep for up to 24 hours so we can display it back to you in your browser — see § 3.
Free users see a banner ad on the alarm list and a few settings screens. Ads are served by Google AdMob; we ask once via Apple's standard tracking prompt whether AdMob may show you personalised ads. If you decline, ads are non-personalised. Subscribers to Triggers Pro see no ads.
In-app purchases (Triggers Pro) are processed by Apple. We receive transaction IDs and product IDs from Apple — never your payment method. Subscriptions auto-renew unless cancelled; see § 7 below.
We do not sell or rent your data and do not use third-party analytics SDKs.
You can delete your account at any time from Settings → Account → Delete account. Doing so cascades a permanent delete across every record we hold for you.

1. What Triggers does, in one paragraph

Triggers is an alarm clock that can be triggered either by a clock time (like the iPhone's Clock app) or by an inbound email matching a filter you choose. To make email triggers work, we receive your email — either via a forwarding rule you create at your email provider, or via a read-only Microsoft Graph subscription you authorise on your Outlook mailbox — check whether its sender and subject match an alarm you have armed, and if so, push your iPhone to ring an alarm. Time alarms don't involve our servers at all.

2. What we collect

2.1 Information you provide to us

What	When	Why
The identifier returned by your sign-in provider (Apple, Google, or Microsoft) — typically a `sub` claim, an opaque identifier	When you sign in to create your first email alarm	To recognise you as the same user across sessions and devices
Your email address, as reported by the sign-in provider	At sign-in	To show your account in Settings, and to contact you about service issues if necessary
Your name, as reported by the sign-in provider	Apple sign-in only, and only if you choose to share it. Google and Microsoft do not send us your name today	To display your name in Settings → Account
The filters you set on each email alarm: sender addresses or domains, a subject keyword, a watch window, repeat schedule, and an alarm label	When you arm an email alarm	To match incoming email against the alarm and decide whether to ring

2.2 Information your device sends us

What	When	Why
An Apple Push Notification (APNs) token	When the app launches and registers for remote notifications	To deliver the silent push that schedules the AlarmKit alarm when a matching email arrives
One or more Live Activity push tokens, scoped per armed alarm	When you arm an email alarm, and again when iOS issues a "push-to-start" token for the same Activity type	To update or end the Lock Screen / Dynamic Island card while the alarm is armed

2.3 Information we generate about you

What	Why
An internal user ID (UUID)	Primary key for your account record
A permanent forwarding alias of the form `wake-{slug}@triggersalarm.com`	The address you use to forward mail to Triggers; it never changes for the life of your account

2.4 Information we receive about your Outlook mailbox (only if you connect Outlook)

If — and only if — you complete the optional Connect Outlook flow, we additionally process:

What	How
An OAuth access token and refresh token for your Outlook mailbox, scoped to `Mail.ReadBasic` and `offline_access`	Stored in our database sealed using a libsodium public-key cryptographic seal; only our server can unseal them, and only when actively calling Microsoft Graph
A Microsoft Graph subscription ID, expiry, and our internal `clientState` secret	Required to receive real-time webhooks when new mail arrives
The connected Outlook email address	Shown in Settings → Outlook connection so you can confirm which mailbox is connected

For each new message that arrives in your Outlook inbox while an Outlook-backed alarm of yours is armed, we call Microsoft Graph with a $select=from,subject,receivedDateTime projection — fetching only those three fields, never the body — match them against your alarm filters, and discard the response.

You can disconnect Outlook at any time from Settings → Outlook connection. Disconnecting deletes the sealed tokens from our database and deletes the Graph subscription with Microsoft.

2.5 Information we deliberately do not collect

The contents of your regular email. Inbound messages are parsed in memory just long enough to extract the sender address, subject, and timestamp, compared against your active alarms, and discarded. No body, attachment, recipient list, or full header set is written to our database. (One narrow exception: see § 3 about provider confirmation emails captured during forwarding setup.)
Your email account password, IMAP password, or app-specific password. Triggers does not use IMAP. We never ask for and never store passwords.
Your contacts, photos, microphone input, health data, or financial information.
Analytics or behavioural data inside Triggers itself. We do not bundle Google Analytics, Mixpanel, Amplitude, Sentry, Crashlytics, Firebase, or any equivalent SDK in the app. We do not record session replays. (Ad measurement performed by Google AdMob — see § 13 — is separate and limited to the banner-ad context.)
Your payment details. In-app purchases are processed by Apple. We never see your card, your Apple ID password, or your billing address.

2.6 Information read on your device but never transmitted to us

Two trigger types read iOS data sources on your device only. None of this data reaches our servers.

Your location, used by Solar alarms to compute sunrise, sunset, twilight, and golden-hour times at your coordinates. We request When In Use access via Apple's standard system prompt. Your coordinates are used to compute the next event time and to reschedule when you travel; they are never sent to our servers.
Your calendar (Apple, Google, Microsoft, iCloud — any account you've added to iOS Settings → Calendar), used by Calendar alarms to find the first event of the next eligible day. We request full calendar access via Apple's standard system prompt. Event titles and start times are read locally to render the alarm row and to compute the AlarmKit fire time; we never send your calendar to our servers. To support fast list rendering on cold start (before EventKit finishes loading), Triggers caches the title of the most recent matched event per alarm in iOS UserDefaults. This cache stays local to your device.

3. The one narrow exception: forwarding confirmation emails

When you set up forwarding from a provider like Gmail, that provider sends a one-time confirmation email to your Triggers alias. Modern Gmail confirmation emails carry a verification link rather than a numeric code, so we display the entire confirmation email back to you in your browser so you can verify the sender's address and click the link yourself.

To make that work, the body and headers of confirmation emails are stored on our server for up to 24 hours, then automatically deleted. We detect a confirmation email by sender pattern (e.g. forwarding-noreply@google.com); ordinary mail bypasses this path entirely.

If you complete forwarding setup and the confirmation row is no longer needed, it is deleted immediately. If you abandon setup, the row is deleted by the cleanup job within 24 hours.

4. How we use your information

We use the information described in § 2 only for the following purposes:

To run the app and its alarms. Without your alias, account ID, and active alarm filters, we cannot decide whether to ring your phone.
To deliver push notifications. Without your APNs token, Apple cannot route our silent push to your device.
To show your account in Settings. Your email and alias appear in the app so you can confirm you're signed in correctly and copy the alias.
To communicate with you about the service. If we need to reach you about a security or service issue affecting your account, we will use the email address from your sign-in provider. We do not run a marketing newsletter.

We do not use the account, alarm, or mailbox information described in § 2 to build advertising profiles, score creditworthiness, or train machine-learning models. (Banner ads shown to free users are served by Google AdMob; what AdMob sees is described in § 12 and is separate from the data we collect about you.)

5. Sub-processors and third parties

We use the following third-party services to deliver Triggers. Each is bound by its own privacy policy and, where applicable, data-processing terms.

Vendor	Role	Data they see
Apple Inc.	Distribution (App Store, TestFlight), Sign in with Apple, Apple Push Notification service (APNs), AlarmKit, ActivityKit	If you sign in with Apple: your Apple ID `sub` and your relay (or real) email. APNs payloads we send to your device.
Google LLC	Sign in with Google	If you sign in with Google: a Google `sub` and your Google account email. (We do NOT use Gmail's API; Gmail-based alarms reach us only via the forwarding rules you create.)
Microsoft Corporation	Sign in with Microsoft, Microsoft Graph (Outlook)	If you sign in with Microsoft: a Microsoft `sub` and your Microsoft account email. If you connect Outlook: header-level mail metadata (`from`, `subject`, `receivedDateTime`) fetched per inbound message while an Outlook alarm of yours is armed.
Cloudflare, Inc.	DNS, Email Routing (inbound mail), Workers (request relay)	When mail is sent to your `wake-{slug}@triggersalarm.com` alias, Cloudflare receives the raw message and forwards it to our backend. Mail not addressed to a valid Triggers alias is rejected at the Cloudflare layer.
Fly.io, Inc.	Application hosting	Our backend processes (HTTP requests, jobs) run on Fly.io machines. Standard request and process logs are kept by Fly per their retention policy.
Neon, Inc.	Managed PostgreSQL database	The database storing the records described in § 2. Stored at rest in Neon's infrastructure.
Google LLC (AdMob)	Banner-ad serving for free users	Free users only. See § 13 for the detail on what AdMob sees and how you can opt out of personalisation. Pro subscribers do not load the AdMob SDK.
Apple Inc. (In-App Purchase / App Store Server Notifications)	In-app purchase processing for Triggers Pro	Pro purchasers only. See § 14. We receive only Apple's signed transaction IDs and product IDs. We never see your payment method.

We do not share your data with any of these providers beyond what each one needs to perform the function above. We do not sell your data to anyone.

6. Encryption and security

In transit: All connections between the app, our backend, and our sub-processors use HTTPS / TLS 1.2 or later.
At rest: OAuth tokens for Outlook are sealed with a libsodium crypto_box_seal before being written to the database. Even with read access to the database, the tokens cannot be opened without the private key held by our server process.
Sign-in: We do not store passwords. Identity is established through OpenID Connect ID tokens issued by Apple, Google, or Microsoft, which we verify against the provider's published JWKS on every sign-in.
Webhook integrity: Inbound webhooks from the Cloudflare Email Worker are HMAC-SHA256 signed and verified before processing; Microsoft Graph webhooks are validated against a per-subscription clientState secret.

No system is invulnerable, but we follow current industry practice for the data we hold.

7. Retention

We retain data only for as long as the service needs it.

Record	Retention
Your user account	Until you delete it. Deletion is immediate and cascading.
Your alarm trigger configs	Until you delete the alarm. One-shot alarms that have already fired or expired are deleted automatically 24 hours after they last ran. Recurring alarms are kept until you delete them.
Your APNs and Live Activity tokens	Until your device unregisters, you sign out, or the token is rejected as invalid by Apple.
Your Outlook OAuth tokens and subscription	Until you disconnect Outlook (via Settings → Outlook connection) or delete your account.
Forwarding confirmation emails	Up to 24 hours (see § 3).
Setup tokens (one-time links to the desktop forwarding setup page)	Deleted within 7 days of consumption or expiry.
Email message contents (everyday mail)	Not retained — discarded in memory after the sender/subject match.
Server logs (Fly.io, Cloudflare)	Standard infrastructure retention from those providers. We do not aggregate or analyse them.

8. Your rights and choices

You have the following rights regardless of where you live. Some jurisdictions (e.g. the EU/UK under GDPR, California under CCPA/CPRA) attach additional formalities; we honour them globally as a matter of policy.

Access. Settings → Account shows your account email, alias, and connection state. You can request a structured export by emailing support@triggersalarm.com; we will return it within 30 days.
Correction. Sign out, then sign back in with a corrected sign-in account.
Deletion. Settings → Account → Delete account erases your account, alarms, devices, Outlook connection (and revokes the Graph subscription), and any pending records. The action is immediate and irreversible.
Portability. You can request a machine-readable export of your account data at any time via support@triggersalarm.com.
Withdrawal of consent. Where we rely on your consent (notably to connect Outlook), you can withdraw it at any time by disconnecting Outlook in the app, or by deleting your account. Withdrawal does not affect data processed prior to withdrawal.
Complaints. EU/UK users have the right to lodge a complaint with their local data-protection authority.

We are the data controller for the records described in this policy.

9. International data transfers

Our backend currently runs in Singapore (Fly.io, sin region) and our database is hosted in AWS ap-southeast-1 (Singapore) via Neon. Production hosting region is subject to change as the service expands; we will keep this section current.

If you are in the European Economic Area, the United Kingdom, or Switzerland, your data may be transferred to, stored in, or processed in a country outside your home region. Where required, we rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms agreed with each of our sub-processors.

10. Children

Triggers is not directed at children under the age of 13 (or under 16 in the EU/EEA where applicable). We do not knowingly collect personal information from children. If you believe a child has signed up, write to support@triggersalarm.com and we will delete the account.

11. Changes to this policy

We may update this policy from time to time. If we make a material change, we will update the "Last updated" date at the top and, where the change is significant (e.g. a new sub-processor, an expanded data type), notify active users in-app. Continued use of Triggers after a change takes effect constitutes acceptance of the updated policy.

12. Advertising (free users only)

Free-tier users see a small banner ad anchored to the bottom of the alarm list, the settings screen, and a few related screens. Ads are served by Google AdMob (Google LLC). Ads do not appear on onboarding, the sign-in screen, the paywall, or while an alarm is ringing. Subscribers to Triggers Pro see no ads.

Personalisation choice. When you first open the app after onboarding, iOS will show Apple's standard "Allow [App] to track your activity across other companies' apps and websites?" prompt. The choice is yours.

If you allow tracking: AdMob may use your Apple Advertising Identifier (IDFA) to deliver personalised ads and measure their performance across other apps.
If you don't allow tracking, decline, or never see the prompt: AdMob serves non-personalised ads only. IDFA is not used.

You can change your mind at any time in iOS Settings → Privacy & Security → Tracking → Triggers. Triggers re-reads the system setting on the next ad request; no app update needed.

What AdMob sees, in any case (whether or not you allow tracking): coarse device info (model, OS version), approximate location derived from IP address, ad request context (which ad unit, screen, app version), the app's bundle ID, and an ad-load lifecycle (impression, click, dismiss). Google's full AdMob privacy disclosure is at https://policies.google.com/technologies/partner-sites. We pass through Google's required EU/UK consent signals where applicable.

We do not customise or restrict the ads you see beyond AdMob's default policies (no adult content, no political content in jurisdictions where it's disallowed by Google).

The fastest way to never see ads in Triggers again is to subscribe to Triggers Pro.

13. In-app purchases (Triggers Pro)

Triggers Pro is sold by Apple via the App Store and processed by Apple's StoreKit system. We never receive your payment card, your billing address, or your Apple ID password.

What Apple sends us about a purchase:

A signed transaction identifier (originalTransactionId and transactionId)
The product identifier (com.triggersalarm.app.pro.monthly or com.triggersalarm.app.pro.annual)
The expiry timestamp and the renewal state ("active", "in grace period", "expired", "revoked")
The App Store environment ("Sandbox" or "Production")

We store these so we can grant your Pro entitlement (turn off ads, unlock Outlook OAuth, lift the email-alarm cap) and so renewals and refunds flow through automatically via Apple's App Store Server Notifications. Apple sends those notifications to our backend whenever your subscription state changes; we verify each notification's signature against Apple's published certificate chain before acting on it.

Auto-renewal. Subscriptions auto-renew at Apple's then-current price unless cancelled at least 24 hours before the end of the current period. The annual plan starts with a 7-day free trial; if you don't cancel during the trial, the annual price is charged at the end of the trial and the subscription begins. Manage or cancel any time in iOS Settings → [your name] → Subscriptions, or via the Manage subscription link on the Triggers Pro paywall.

Restore purchases. Use the Restore purchases button on the paywall or in Settings to re-bind a subscription you bought on another device or under a previous installation.

When you delete your Triggers account, we delete our copy of your subscription record. Your subscription with Apple is unaffected and must be cancelled separately in iOS Settings; cancelling there is the only way to stop renewals.

14. Contact

For any privacy question, request, or complaint:

support@triggersalarm.com

If you are exercising a right under GDPR, CCPA/CPRA, or another data-protection regime, please mention that in the subject line so we can route it correctly. We aim to respond within 7 days and to complete formal requests within 30 days.