Privacy at Clarendon. No ads, no third-party tracking, never sell your data. Per-app details below.

Clarendon. / Privacy

House Rules

An honest word on privacy.

We won't pretend every app is empty of every byte. Some need accounts; that's a feature, not a betrayal. Here's what's true everywhere we work — and what changes per app.

Always true

Six commitments. Across every app.

No advertising

Nothing in our apps is paid for by an advertiser. We don't carry ads in any form.

No third-party trackers

We don't embed analytics SDKs, social pixels, or attribution services. No cross-app tracking, ever.

Never sold

Your data is never sold, brokered, or rented. There is no other business model behind the one you see.

Minimum collection

We collect only what an app needs to do its job. If a feature can work without your data, it does.

Plain-English policy

This page is written in sentences, not legalese. Read once, understand once.

Founder support

Privacy questions are answered by the engineer who wrote the code. Not a queue, not a chatbot.

Per app

How our apps differ.

Some apps live entirely on your device. Others need a server because the app itself is about coordination. Here's how each one handles your data.

Data behaviour by app Updated 22 May 2026
Gag Order.
On-device. Gag Order plays without an account. Votes and prompts stay on the phones in the room; nothing is uploaded to us.
On-device
Rolligan.
On-device. No account, no online required. Scores stay on the phone. The dice are kept honest by physics.
On-device
YulePick: Secret Santa
Account-based — by necessity. Anonymous gift exchanges require coordination across devices, so YulePick syncs your group, draws, and wishlists via Supabase. Encrypted in transit, deleted on request, never shared.
Syncs to cloud
Privacy Policy Last updated 22 May 2026 · Version 1.0

Overview.

Clarendon Labs LLC (“Clarendon,” “we,” “us”) builds iOS apps. This page describes what data each of our apps collects, why, where it goes, and what we never do with it.

The short version: we collect only what an app needs to do its job, we never sell your data, we don't carry ads, and we don't allow cross-app tracking. Some apps are entirely on-device with no account; others — like YulePick: Secret Santa — need an account to coordinate between people, and we're honest about what that means.

Information we collect.

What we collect depends on which app you're using. We've broken it out below so you can see exactly what's involved with each.

Gag Order

Gag Order is on-device. Gameplay, votes, and prompt selections never leave the phones in the room — there is no account and nothing is sent to us. Purchases are handled by Apple via the App Store; we receive aggregated, anonymized sales reports only.

Rolligan

Rolligan runs entirely on your device. We don't require an account, and the app doesn't send any gameplay data, scores, or personal information to us. Purchase information is handled by Apple via the App Store under Apple's privacy practices — we receive aggregated, anonymized sales reports only.

YulePick: Secret Santa

YulePick is account-based because the whole point — running an anonymous gift exchange between separate people on separate devices — requires coordination. To make that work, we collect:

  • Email address — used to sign you in and send transactional emails (your draw, exchange invitations, reveal-day notices).
  • Display name — the name other participants see in your exchange.
  • Exchanges you're part of — group names, dates, and rule settings (budget, exclusions).
  • Your wishlist — items you add and any links you provide.
  • Your draw assignment — who you're buying for, stored privately so only you can see it.
  • Basic diagnostic data — crash logs sent via Apple, which never include personal content.

We do not collect contacts, location, photos, or anything beyond what's listed above. We don't profile users, build advertising audiences, or share data with other services.

How we store and protect data.

For apps that store data with us (currently only YulePick), we use Supabase, a managed Postgres provider. Data is encrypted in transit (TLS 1.2+) and at rest. Authentication is handled by Supabase Auth using passwordless sign-in via email.

We store this data in commercial-grade data centers in the United States. Access to production data is limited to the founder; we don't share it with contractors, vendors, or advertisers.

What we don't do.

  • We don't sell, rent, or broker your data. Ever.
  • We don't carry ads in any of our apps.
  • We don't embed third-party analytics SDKs, attribution kits, or social-network pixels.
  • We don't track you across apps or websites.
  • We don't profile you for advertising, build audiences, or share data with ad networks.
  • We don't enable Apple's App Tracking Transparency prompt because we have nothing to track.
  • We don't use your data to train AI models.

Third-party processors.

For apps that require an account (currently YulePick), we use a small number of carefully chosen processors. Each is contractually limited to processing data on our behalf and prohibited from independent use.

Supabase

Active
Database & Authentication

Hosts the YulePick database and handles passwordless sign-in. US-based, SOC 2 Type II.

Resend

Active
Transactional Email

Delivers YulePick sign-in links and exchange notifications. Emails contain no marketing material.

Apple App Store

Required
Distribution & Payment

Handles app downloads, in-app purchases, and crash reporting. Governed by Apple's privacy policy.

Data retention & deletion.

For on-device apps (Rolligan), we never receive your data, so there is nothing for us to retain or delete on your behalf — deleting the app removes everything.

For YulePick:

  • Account and exchange data are kept while your account is active.
  • Inactive accounts (no sign-in for 24 months) are deleted automatically along with their associated data.
  • You can request immediate deletion of your account and all associated data at any time by emailing hello@clarendon.dev. We'll confirm the deletion within seven business days.
  • Backups containing deleted data roll off within 30 days.

Children's privacy.

Our apps are not directed at children under 13. We do not knowingly collect personal information from children under 13. YulePick requires an Apple ID and an email account, both of which require users to be at least 13 in the United States and 16 in many other jurisdictions.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete it.

Changes to this policy.

We'll update this page when our practices change. Substantive changes will be announced in-app and in the newsroom, and the “Last updated” date at the top of this page will change. We won't reduce your existing privacy protections without explicit notice.

Contact.

Questions about privacy go to the engineer who wrote the code, not a queue.

Email: hello@clarendon.dev
Mail: Clarendon Labs LLC · 4801 N. Clarendon Ave. · Chicago, IL 60640 · United States

California residents have specific rights under the CCPA, and EU/UK residents have rights under the GDPR, including the right to access, correct, port, and delete personal data. To exercise any of those rights, email us at the address above. We'll respond within the timeframe required by the applicable law.