Back to PullBack Privacy Policy

Version 1.1 · Effective 2026-05-08 · Applies to PullBack for Android (V1.1.x)

What PullBack does and doesn't do with your data.

PullBack is a single-purpose Android app that auto-closes social media apps after a user-set timer. This policy describes what PullBack does and does not do with your data. If a future version changes the data practices described here, the policy will be updated and the change will be noted in the app's release notes.

1. Plain-English summary

  • PullBack does not have a backend. There is no server. No account. No login. No cloud storage. Everything PullBack tracks lives only on your device.
  • PullBack does not read what is on your screen. It does not capture screenshots, messages, posts, captions, search history, or any in-app content.
  • PullBack uses anonymous product analytics — events like which features get used — to make the app better. We do not run advertising SDKs and we do not sell or share data with third parties.
  • No ads, ever. Pro funds the roadmap, not your attention. We're not in the attention business — we return it.
  • The only thing PullBack reads is the package name of the app currently in the foreground (for example, com.instagram.android). It uses this to know when to start, pause, and end its timer. The package name is matched against a hardcoded list of 8 social apps and is otherwise ignored.

If that summary is enough for you, you can stop reading here. The sections below explain the same ideas in more detail.

2. What data PullBack accesses on your device

PullBack reads the following while it is running:

Data Why Stored?
The package name of the app currently in the foreground To know which app you are in, so the per-app timer can run. Uses Android's UsageStatsManager.queryEvents(). In memory only while the service is running. Not written to disk.
The list of apps installed on your device To filter the curated list of 8 monitored apps down to those you actually have installed. Read on demand from PackageManager. Not written to disk.
Your settings (timer minutes, enabled apps, master toggle) To remember your preferences across launches. Android DataStore on your device. Stays on device.
Your daily save count and streak count To show "Today's saves" and "Day streak" on the Home screen. Android DataStore on your device. Stays on device.

PullBack does not access:

  • The content of any app you open (no screenshots, no screen recording, no text scraping).
  • Your messages, calls, contacts, photos, microphone, camera, or location.
  • Your accounts on TikTok, Instagram, YouTube, Facebook, Snapchat, Reddit, X, Threads, or any other service. PullBack never logs into anything on your behalf.
  • Browsing history.
  • Device identifiers, advertising IDs, or any persistent identifier sent off-device.

3. Data we collect and share off-device

Anonymous product analytics. PullBack uses anonymous, aggregated product analytics to understand which features are used and where users get stuck. We collect events like "timer set to 10 minutes", "Instagram toggled on", "lockout triggered". We do not collect personally identifiable information, screen content, or app contents.

We may use PostHog or a similar analytics provider with a privacy-respecting posture. Analytics data is aggregated and not tied to individual users.

We may add crash reporting (e.g. Sentry, Bugsnag) so we can fix problems faster. Crash reports do not contain screen content or identifiable data.

  • We do not run a backend. The app does not make outbound network requests as part of its normal operation, other than analytics and crash reporting.
  • We do not include advertising SDKs.
  • We do not share data with any third party for advertising or marketing purposes.

The Google Play Data Safety form for the app reflects these practices.

4. Permissions and why each one exists

PullBack asks for the following Android permissions during onboarding. Each one is used solely for the purpose described.

  • Usage Access (PACKAGE_USAGE_STATS). Read which app is currently in the foreground. Used to drive the per-app timer.
  • Display over other apps (SYSTEM_ALERT_WINDOW). Show the brief "Pulled back" lockout screen.
  • Foreground service (FOREGROUND_SERVICE, FOREGROUND_SERVICE_SPECIAL_USE). Keep the timer running even when PullBack is not the active app.
  • Notifications (POST_NOTIFICATIONS). Show the "PullBack is watching" persistent notification Android requires for foreground services.
  • Boot completed (RECEIVE_BOOT_COMPLETED). Restart the timer service automatically after you reboot your phone.
  • Battery optimization exemption (REQUEST_IGNORE_BATTERY_OPTIMIZATIONS). Keep the timer service running while the screen is off on aggressive OEM skins.
  • Query all packages (QUERY_ALL_PACKAGES). Read installed apps locally so PullBack only shows curated apps you actually have.

You can revoke any of these permissions in Android Settings at any time. Doing so will reduce or disable PullBack's functionality, but will not affect your privacy.

5. Where data is stored

All PullBack data is stored locally on your device using Android's DataStore (Preferences) library. There is no cloud component. There is no backup target other than the system-default backup behavior provided by Android (which is encrypted and tied to your Google account, not to PullBack). You can disable Android backups for PullBack in your device's backup settings.

When you uninstall PullBack, all of its locally stored data is deleted by Android.

6. Children

PullBack is not directed at children under 13 and does not knowingly collect data from anyone. Because PullBack does not have a backend or any data collection, the practical privacy impact is the same regardless of user age. The app is rated "Everyone" in the Play Store but the recommended audience is 18+ — PullBack is a self-management tool for adults, not a parental control product.

7. Your rights

Because PullBack does not collect or transmit personally identifiable data, there is limited PullBack-side user data to access, correct, port, or delete. Your control is direct: most of PullBack's data lives only on your device. To delete it, uninstall the app or clear the app's storage in Android Settings.

If you are in a jurisdiction that grants additional rights (such as the EU under GDPR, the UK under UK-GDPR, or California under CCPA/CPRA), those rights still apply. Contact us at support@pullback.works for data-requests and we will respond within 30 days.

8. The marketing site (pullback.works)

This website does not run third-party analytics. It does not set tracking cookies. The only data the site receives is what you voluntarily submit via the email waitlist form, which is stored to send you the install link and occasional product updates — two emails a year, max. You can unsubscribe in one tap. Email addresses are stored at our email-service provider and not shared with any third party.

9. Changes to this policy

If a future version of PullBack changes its data practices — for example, introducing a new SDK or a backend service — this policy will be updated, and the relevant section of the policy will name the SDK, what it accesses, and how it is governed. The "Last updated" date at the top of this policy will reflect the change. Material changes will also be surfaced inside the app on next launch.

The current version of this policy will always be available at https://pullback.works/privacy and inside the PullBack app under Settings → Privacy policy.

10. Contact

For privacy questions, data access requests, or anything else related to this policy:

We aim to respond within 7 business days. Because PullBack is a small project, we ask for your patience if a response takes a little longer.

This policy is provided as a clear, plain-language summary of how PullBack handles data. It is not legal advice. If you require a formal legal review or have specific regulatory questions about your use of PullBack in your jurisdiction, please consult a qualified attorney.