🔒

Privacy & Security

Local-first. Cloud-ready. Always encrypted. Your tasks, habits, and personal plans are stored on your device and protected with AES-256 encryption — whether or not you use cloud sync.

Privacy at a Glance

10 to Win is designed with a local-first, privacy-respecting approach. Here is exactly how your data is protected.

🔒

AES-256 Local Encryption

All task data and all habit data are encrypted on your device using AES-256 — the same standard used by banks and governments. Plaintext is never written to local storage.

  • Tasks: AES-256 encrypted
  • Habits: AES-256 encrypted separately
  • Encryption keys held by your device only

Cloud Sync — Your Choice

Cloud sync is entirely optional. Without an account, nothing leaves your device. With an account, your tasks sync over TLS-encrypted connections. Habit data stays local only.

  • No account: 100% offline, no server contact
  • With account: task sync over TLS only
  • Habit data never leaves your device
🕵

No Advertising, No Data Selling

We do not run advertising, build advertising profiles, or sell your data to any third party under any circumstances. Your productivity patterns are yours alone.

  • No ad networks or tracking pixels
  • No behavioral profiles sold
  • No third-party data brokers
🔑

Secure Key Storage

Encryption keys are stored in your device's most secure compartment — iOS Keychain on iPhone and Android Keystore on Android — never in plain app storage.

  • iOS: Keychain (via expo-secure-store)
  • Android: Android Keystore
  • Keys never written to AsyncStorage
🔐

Multi-Layer Data Protection

Three overlapping layers ensure your data is never overwritten by sample content and survives reinstalls, storage clears, and app updates.

  • Session flag (cleared with storage)
  • Durable sentinel (survives reinstalls)
  • Encrypted data presence check
👥

Your Rights — GDPR

You have the right to access, export, and permanently delete all data associated with your account at any time. No waiting period, no hassle.

  • Delete account + all data: from Settings
  • Export your data: JSON format
  • Data portability: Basic tier and above

What We Never See

Whether you use 10 to Win offline or with a cloud account, the following data never leaves your device and is never accessible to us:

  • Your habit completions and streaks
  • Your task notes and descriptions
  • Your notification preferences
  • Your productivity patterns
  • Your priority scores and rankings
  • Your encryption keys
  • Your AES-256 encrypted local files
  • Your workout plans and session history

What Data We Collect

Full transparency on every category of data, how it is used, and where it lives.

Data Type Collected When Where Stored Used For
Nothing No account, no integrations Device Only The app runs entirely offline. No data is collected or transmitted.
Email address Account creation (optional) Our Server Account authentication, welcome email, password reset. Never shared or sold.
Task list When logged in with cloud sync Our Server Sync across devices. Encrypted in transit via TLS. Deleted when you delete your account.
Habit data Always Device Only Habit data is never synced to the cloud. AES-256 encrypted on-device only.
Phone number Pro subscribers who opt in to SMS or voice notifications Twilio Delivering SMS reminders and voice call notifications. Stored by Twilio per their privacy policy. Not used for marketing.
Payment information Paid subscription or one-time purchase Stripe Processing payments. We never see or store your card number. Stripe handles all payment data per their PCI-DSS compliance.
Integration tokens When Todoist, VoiceStamps, or Zapier is connected Device Only Authenticating API calls to third-party services. Stored securely on-device. Never transmitted to our servers.
Crash reports If the app crashes Our Server Diagnosing and fixing bugs. Reports contain stack traces only — no task data, no personal information.

Encryption in Detail

How AES-256 encryption works inside 10 to Win, and what the multi-layer protection system means for your data.

🔒

AES-256 — Tasks

Every task you create is encrypted with AES-256 before being written to local storage. When the app reads a task, it decrypts it in memory — the on-disk representation is always encrypted ciphertext, never plaintext.

How it works

  • Key generation: A unique key is generated on first launch and stored in the device's secure enclave (iOS Keychain or Android Keystore).
  • Encryption: AES-256 in CBC or GCM mode applied to serialized task JSON before write.
  • Decryption: Data is decrypted in memory on read. The plaintext representation exists only in RAM during use.
  • Key rotation: The key can be regenerated. Legacy data is automatically re-encrypted on next write.
🌱

AES-256 — Habits

Habit data — completions, streaks, history — is encrypted with a separate AES-256 key. Habits are never synced to the cloud and exist exclusively on your device in encrypted form.

What this protects

  • Health patterns: Medication habits, health check-ins, and sleep schedules are sensitive — they stay encrypted and local only.
  • Streak history: Your 10-day milestone records and perfect-day calendar are device-resident only.
  • Separate key: Habit data uses an independent encryption key from tasks, so a hypothetical compromise of one cannot expose the other.
  • No cloud exposure: Even if your account were compromised, your habit data would be unreachable — it never left your device.
🔐

Three-Layer Data Protection

A multi-layer sentinel system prevents sample data from ever overwriting real user data — even after a reinstall, storage clear, or app update.

The three layers

  • Layer 1 — Session Flag: Set when tasks are first saved. Clears with storage. Guards against same-session data injection.
  • Layer 2 — Durable Sentinel: Stored in the device's secure store (survives full app reinstalls and storage clears). Once real data exists, the app never loads demo content again unless you explicitly choose Fresh Start.
  • Layer 3 — Encrypted Data Check: Detects whether encrypted data exists on disk even if the decryption key is temporarily unavailable, preventing a silent fallback to placeholder content.
🔒

TLS-Only Cloud Transmission

Every API call from the app to our servers is sent exclusively over HTTPS/TLS. There is no plaintext fallback — if a TLS connection cannot be established, the request fails rather than falling back to unencrypted HTTP.

Enforcement

  • iOS: App Transport Security (ATS) enforces HTTPS-only. Exceptions are disallowed.
  • Android: Network Security Configuration restricts cleartext traffic.
  • API Key: Mobile app requests are authenticated with a server-side API key (MOBILE_APP_API_KEY) — never hardcoded in the app binary.
  • No logging of content: Server access logs record request metadata (timestamps, routes, response codes) only — no task titles, habit names, or personal data.

Third-Party Services

When you connect optional integrations, the following third-party services become involved. Each integration is fully optional — disconnecting it at any time removes their access.

Todoist (Optional) Basic+

Task synchronization across devices

If you connect Todoist, your tasks sync to Todoist's servers, enabling access across all your devices. This feature is entirely optional and can be disconnected at any time from Settings.

  • What syncs: Task titles, due dates, priority levels, and completion status.
  • Todoist's privacy policy governs: Synced data is subject to Todoist's privacy policy.
  • You control it: Disconnect Todoist in Settings to stop all future syncing.
  • Not using it? Your data never reaches Todoist's servers.

Zapier (Optional) Power Boost

Automation and cross-app task import

The optional Zapier Power Boost provides a personal webhook URL that can receive tasks from over 5,000 external services. You configure which apps may send tasks — we do not access those apps on your behalf.

  • What is shared: Task data sent through your webhook URL (title, urgency, due date, category) is received by our server and added to your task list.
  • Your control: Your webhook URL is private. Only share it with Zapier zaps you create. You can regenerate it at any time.
  • Zapier's privacy policy applies: Data processed by Zapier is governed by Zapier's privacy policy.

VoiceStamps Sync Feeds (Optional) Pro

Billing, Record, Reminder, and Verification task feeds

Pro subscribers can connect VoiceStamps sync feeds, which automatically push tasks from business systems into their priority queue. This is intended for business users in roles that involve billing, verifications, appointments, and recordings.

  • What is accessed: The app fetches task records from VoiceStamps API endpoints — customer names, phone numbers, and task context relevant to your role.
  • Your agent email: An optional ?email= filter limits results to tasks assigned specifically to you.
  • Server-side proxy: The app communicates with VoiceStamps through our server-side proxy only. VoiceStamps API credentials are never stored in the mobile app.
  • Auto-resolve: Completing a task in 10 to Win sends a resolved signal back to VoiceStamps to close the record at the source.

Stripe — Payments

Subscription billing and one-time purchases

All payments are processed by Stripe. We never see, receive, or store your credit card number, CVV, or full payment details.

  • What Stripe receives: Payment card details, billing name, and billing address (per Stripe's requirements).
  • What we receive from Stripe: A payment confirmation token and subscription status only.
  • Stripe's privacy policy applies: stripe.com/privacy
  • PCI-DSS compliant: Stripe is certified at the highest PCI Service Provider Level 1.

Resend — Transactional Email

Welcome emails and account notifications

We use Resend to send transactional emails (welcome messages, password resets). These are sent from @voicestamps.com addresses and are triggered only by account actions you initiate.

  • What Resend receives: Your email address and the email content at the time of sending.
  • We do not send marketing emails without your explicit opt-in.
  • Resend's privacy policy: resend.com/privacy-policy

Twilio — SMS & Voice Notifications (Optional)

Pro subscription: SMS reminders and voice call alerts

Pro subscribers who opt in to SMS or voice call notifications provide a phone number. This number is passed to Twilio for delivery of notification messages. This is entirely optional — most notifications are push-only and require no phone number.

  • What Twilio receives: Your phone number and the notification content at the time of delivery.
  • Not used for marketing: Your phone number is used solely for the notification types you specifically enabled.
  • Opt-out anytime: Disable SMS or voice notifications in Settings to stop all Twilio contact immediately.
  • Twilio's privacy policy: twilio.com/legal/privacy

Questions?

We are happy to answer any privacy or security questions. Response time is typically within one business day.

Contact Our Privacy Team

Email us with any questions about how we handle your data, to request a data export, or to initiate account deletion.

privacy@voicestamps.com

Last updated: May 2026  ·  This page reflects the current build of 10 to Win as of May 10, 2026.