Don't trust us: why RiseProof's privacy is checkable
Every app has a privacy policy that says it respects your privacy. Reading one tells you what a company promises; it tells you nothing about what the code does, and the gap between those two things is where most privacy stories go wrong. So instead of asking you to trust our adjectives, here's the checkable version.
The build fails if the wake path touches the network
RiseProof's continuous integration — the automated system that builds every release — includes a test that fails the build if any code in the wake-up path makes a network call. Not "we reviewed it," not "it's against our guidelines": the release cannot be produced if scheduling an alarm, ringing it, verifying a mission, or updating a streak tries to reach a server. A privacy policy is a promise; a failing build is a mechanism. Promises drift when priorities change. Mechanisms have to be deliberately dismantled, in a commit, with a diff.
No passive listening, no account, nothing to leak
The strongest privacy guarantee isn't encryption — it's absence:
- The microphone never listens passively. No overnight sound analysis, no background listening, no sleep recording. The mic is used in exactly one place: if you choose to record a custom wake-up message in your own voice — and that clip is stored on your phone, nowhere else.
- There is no account. Not "optional account" — none exists. No email, no password, no profile. A database of users we don't have can't be breached, subpoenaed, or sold.
- Verification runs on the phone. The camera missions — push-up counting by pose detection, photo match against the spot you registered — are checked by your device, live, and discarded. Nothing is recorded, stored, or uploaded. Airplane mode is a supported configuration, not an edge case.
The two network touchpoints, disclosed
Zero-network absolutism would be a lie, so here's the complete list of things that do touch the network:
- Purchases. The $19.99 Lifetime Unlock (our planned launch price) is processed by Apple or Google, exactly like every other app purchase. We never see your payment details; the store tells the app "unlocked: yes."
- Crash reporting. If the app crashes, a PII-scrubbed crash report can be sent so we can fix it. It's opt-out — you can turn it off in settings — and it is not in the wake-up path, so the CI rule above still holds.
That's the whole list. If we ever add a third item, this post gets updated, because the list being short and complete is the product.
Why "checkable" beats "trustworthy"
We're a new app from a small team — you have no reason to extend us trust, and we're not asking for it. We're asking you to notice which claims here you could verify without believing a word we say: the permission list is public, the account's absence is self-evident on first launch, and airplane mode is a one-switch experiment any reviewer can run on night one. Design the product so the privacy claims are testable by strangers, and trust stops being part of the transaction. That's the goal, anyway. Don't take our word for it — that's the point.
Tomorrow morning is day one.
Coming soon to Android and iOS. One payment. Every mission. Yours for good. One email at launch — early access comes from this list.
Or get an email when new missions and features land:
No spam, ever. Unsubscribe anytime.