Privacy Policy
Effective date: May 25, 2026 Last updated: May 25, 2026
This is the privacy policy for Triggers, an iPhone alarm app published by Triggers Alarm (referred to in this document as "we," "us," or "our"). The app's bundle identifier is com.triggersalarm.app.
This policy describes what information we collect, how we use it, who we share it with, how long we keep it, and the choices you have. It applies to the iOS app and to the supporting services that run at triggersalarm.com and its subdomains.
If you have questions, write to support@triggersalarm.com.
TL;DR
- Time alarms work without an account. We collect nothing about you until you create your first email alarm.
- For email alarms, we collect: the email address from your sign-in provider, an internal account ID, a permanent forwarding alias we generate for you, your device's push notification token, and the filters you set on each alarm (e.g. who to listen for, what subject keywords to match, when to watch).
- We never store the contents of your everyday email. Inbound mail is checked transiently in memory for a sender / subject match against your active alarms and then discarded. The body is never written to disk on our side. The single exception is a one-time provider confirmation email during forwarding setup, which we keep for up to 24 hours so we can display it back to you in your browser — see § 3.
- We do not show ads, do not sell or rent your data, and do not use third-party analytics or tracking SDKs.
- You can delete your account at any time from Settings → Account → Delete account. Doing so cascades a permanent delete across every record we hold for you.
1. What Triggers does, in one paragraph
Triggers is an alarm clock that can be triggered either by a clock time (like the iPhone's Clock app) or by an inbound email matching a filter you choose. To make email triggers work, we receive your email — either via a forwarding rule you create at your email provider, or via a read-only Microsoft Graph subscription you authorise on your Outlook mailbox — check whether its sender and subject match an alarm you have armed, and if so, push your iPhone to ring an alarm. Time alarms don't involve our servers at all.
2. What we collect
2.1 Information you provide to us
| What | When | Why |
|---|---|---|
The identifier returned by your sign-in provider (Apple, Google, or Microsoft) — typically a sub claim, an opaque identifier |
When you sign in to create your first email alarm | To recognise you as the same user across sessions and devices |
| Your email address, as reported by the sign-in provider | At sign-in | To show your account in Settings, and to contact you about service issues if necessary |
| Your name, as reported by the sign-in provider | Apple sign-in only, and only if you choose to share it. Google and Microsoft do not send us your name today | To display your name in Settings → Account |
| The filters you set on each email alarm: sender addresses or domains, a subject keyword, a watch window, repeat schedule, and an alarm label | When you arm an email alarm | To match incoming email against the alarm and decide whether to ring |
2.2 Information your device sends us
| What | When | Why |
|---|---|---|
| An Apple Push Notification (APNs) token | When the app launches and registers for remote notifications | To deliver the silent push that schedules the AlarmKit alarm when a matching email arrives |
| One or more Live Activity push tokens, scoped per armed alarm | When you arm an email alarm, and again when iOS issues a "push-to-start" token for the same Activity type | To update or end the Lock Screen / Dynamic Island card while the alarm is armed |
2.3 Information we generate about you
| What | Why |
|---|---|
| An internal user ID (UUID) | Primary key for your account record |
A permanent forwarding alias of the form wake-{slug}@triggersalarm.com |
The address you use to forward mail to Triggers; it never changes for the life of your account |
2.4 Information we receive about your Outlook mailbox (only if you connect Outlook)
If — and only if — you complete the optional Connect Outlook flow, we additionally process:
| What | How |
|---|---|
An OAuth access token and refresh token for your Outlook mailbox, scoped to Mail.ReadBasic and offline_access |
Stored in our database sealed using a libsodium public-key cryptographic seal; only our server can unseal them, and only when actively calling Microsoft Graph |
A Microsoft Graph subscription ID, expiry, and our internal clientState secret |
Required to receive real-time webhooks when new mail arrives |
| The connected Outlook email address | Shown in Settings → Outlook connection so you can confirm which mailbox is connected |
For each new message that arrives in your Outlook inbox while an Outlook-backed alarm of yours is armed, we call Microsoft Graph with a $select=from,subject,receivedDateTime projection — fetching only those three fields, never the body — match them against your alarm filters, and discard the response.
You can disconnect Outlook at any time from Settings → Outlook connection. Disconnecting deletes the sealed tokens from our database and deletes the Graph subscription with Microsoft.
2.5 Information we deliberately do not collect
- The contents of your regular email. Inbound messages are parsed in memory just long enough to extract the sender address, subject, and timestamp, compared against your active alarms, and discarded. No body, attachment, recipient list, or full header set is written to our database. (One narrow exception: see § 3 about provider confirmation emails captured during forwarding setup.)
- Your email account password, IMAP password, or app-specific password. Triggers does not use IMAP. We never ask for and never store passwords.
- Your contacts, photos, microphone input, health data, or financial information.
- Analytics or behavioural data. We do not bundle Google Analytics, Mixpanel, Amplitude, Sentry, Crashlytics, Firebase, or any equivalent SDK. We do not record session replays. We do not measure ad attribution. We do not maintain a profile of your in-app behaviour.
- Identifiers used for cross-app tracking. We do not request the iOS Advertising Identifier (IDFA) and do not invoke
AppTrackingTransparency.
2.6 Information read on your device but never transmitted to us
Two trigger types read iOS data sources on your device only. None of this data reaches our servers.
- Your location, used by Solar alarms to compute sunrise, sunset, twilight, and golden-hour times at your coordinates. We request
When In Useaccess via Apple's standard system prompt. Your coordinates are used to compute the next event time and to reschedule when you travel; they are never sent to our servers. - Your calendar (Apple, Google, Microsoft, iCloud — any account you've added to iOS Settings → Calendar), used by Calendar alarms to find the first event of the next eligible day. We request full calendar access via Apple's standard system prompt. Event titles and start times are read locally to render the alarm row and to compute the AlarmKit fire time; we never send your calendar to our servers. To support fast list rendering on cold start (before EventKit finishes loading), Triggers caches the title of the most recent matched event per alarm in iOS UserDefaults. This cache stays local to your device.
3. The one narrow exception: forwarding confirmation emails
When you set up forwarding from a provider like Gmail, that provider sends a one-time confirmation email to your Triggers alias. Modern Gmail confirmation emails carry a verification link rather than a numeric code, so we display the entire confirmation email back to you in your browser so you can verify the sender's address and click the link yourself.
To make that work, the body and headers of confirmation emails are stored on our server for up to 24 hours, then automatically deleted. We detect a confirmation email by sender pattern (e.g. forwarding-noreply@google.com); ordinary mail bypasses this path entirely.
If you complete forwarding setup and the confirmation row is no longer needed, it is deleted immediately. If you abandon setup, the row is deleted by the cleanup job within 24 hours.
4. How we use your information
We use the information described in § 2 only for the following purposes:
- To run the app and its alarms. Without your alias, account ID, and active alarm filters, we cannot decide whether to ring your phone.
- To deliver push notifications. Without your APNs token, Apple cannot route our silent push to your device.
- To show your account in Settings. Your email and alias appear in the app so you can confirm you're signed in correctly and copy the alias.
- To communicate with you about the service. If we need to reach you about a security or service issue affecting your account, we will use the email address from your sign-in provider. We do not run a marketing newsletter.
We do not use your information to build advertising profiles, score creditworthiness, train machine-learning models, or for any purpose other than running the service.
5. Sub-processors and third parties
We use the following third-party services to deliver Triggers. Each is bound by its own privacy policy and, where applicable, data-processing terms.
| Vendor | Role | Data they see |
|---|---|---|
| Apple Inc. | Distribution (App Store, TestFlight), Sign in with Apple, Apple Push Notification service (APNs), AlarmKit, ActivityKit | If you sign in with Apple: your Apple ID sub and your relay (or real) email. APNs payloads we send to your device. |
| Google LLC | Sign in with Google | If you sign in with Google: a Google sub and your Google account email. (We do NOT use Gmail's API; Gmail-based alarms reach us only via the forwarding rules you create.) |
| Microsoft Corporation | Sign in with Microsoft, Microsoft Graph (Outlook) | If you sign in with Microsoft: a Microsoft sub and your Microsoft account email. If you connect Outlook: header-level mail metadata (from, subject, receivedDateTime) fetched per inbound message while an Outlook alarm of yours is armed. |
| Cloudflare, Inc. | DNS, Email Routing (inbound mail), Workers (request relay) | When mail is sent to your wake-{slug}@triggersalarm.com alias, Cloudflare receives the raw message and forwards it to our backend. Mail not addressed to a valid Triggers alias is rejected at the Cloudflare layer. |
| Fly.io, Inc. | Application hosting | Our backend processes (HTTP requests, jobs) run on Fly.io machines. Standard request and process logs are kept by Fly per their retention policy. |
| Neon, Inc. | Managed PostgreSQL database | The database storing the records described in § 2. Stored at rest in Neon's infrastructure. |
We do not share your data with any of these providers beyond what each one needs to perform the function above. We do not sell your data to anyone.
6. Encryption and security
- In transit: All connections between the app, our backend, and our sub-processors use HTTPS / TLS 1.2 or later.
- At rest: OAuth tokens for Outlook are sealed with a libsodium
crypto_box_sealbefore being written to the database. Even with read access to the database, the tokens cannot be opened without the private key held by our server process. - Sign-in: We do not store passwords. Identity is established through OpenID Connect ID tokens issued by Apple, Google, or Microsoft, which we verify against the provider's published JWKS on every sign-in.
- Webhook integrity: Inbound webhooks from the Cloudflare Email Worker are HMAC-SHA256 signed and verified before processing; Microsoft Graph webhooks are validated against a per-subscription
clientStatesecret.
No system is invulnerable, but we follow current industry practice for the data we hold.
7. Retention
We retain data only for as long as the service needs it.
| Record | Retention |
|---|---|
| Your user account | Until you delete it. Deletion is immediate and cascading. |
| Your alarm trigger configs | Until you delete the alarm. One-shot alarms that have already fired or expired are deleted automatically 24 hours after they last ran. Recurring alarms are kept until you delete them. |
| Your APNs and Live Activity tokens | Until your device unregisters, you sign out, or the token is rejected as invalid by Apple. |
| Your Outlook OAuth tokens and subscription | Until you disconnect Outlook (via Settings → Outlook connection) or delete your account. |
| Forwarding confirmation emails | Up to 24 hours (see § 3). |
| Setup tokens (one-time links to the desktop forwarding setup page) | Deleted within 7 days of consumption or expiry. |
| Email message contents (everyday mail) | Not retained — discarded in memory after the sender/subject match. |
| Server logs (Fly.io, Cloudflare) | Standard infrastructure retention from those providers. We do not aggregate or analyse them. |
8. Your rights and choices
You have the following rights regardless of where you live. Some jurisdictions (e.g. the EU/UK under GDPR, California under CCPA/CPRA) attach additional formalities; we honour them globally as a matter of policy.
- Access. Settings → Account shows your account email, alias, and connection state. You can request a structured export by emailing support@triggersalarm.com; we will return it within 30 days.
- Correction. Sign out, then sign back in with a corrected sign-in account.
- Deletion. Settings → Account → Delete account erases your account, alarms, devices, Outlook connection (and revokes the Graph subscription), and any pending records. The action is immediate and irreversible.
- Portability. You can request a machine-readable export of your account data at any time via support@triggersalarm.com.
- Withdrawal of consent. Where we rely on your consent (notably to connect Outlook), you can withdraw it at any time by disconnecting Outlook in the app, or by deleting your account. Withdrawal does not affect data processed prior to withdrawal.
- Complaints. EU/UK users have the right to lodge a complaint with their local data-protection authority.
We are the data controller for the records described in this policy.
9. International data transfers
Our backend currently runs in Singapore (Fly.io, sin region) and our database is hosted in AWS ap-southeast-1 (Singapore) via Neon. Production hosting region is subject to change as the service expands; we will keep this section current.
If you are in the European Economic Area, the United Kingdom, or Switzerland, your data may be transferred to, stored in, or processed in a country outside your home region. Where required, we rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms agreed with each of our sub-processors.
10. Children
Triggers is not directed at children under the age of 13 (or under 16 in the EU/EEA where applicable). We do not knowingly collect personal information from children. If you believe a child has signed up, write to support@triggersalarm.com and we will delete the account.
11. Changes to this policy
We may update this policy from time to time. If we make a material change, we will update the "Last updated" date at the top and, where the change is significant (e.g. a new sub-processor, an expanded data type), notify active users in-app. Continued use of Triggers after a change takes effect constitutes acceptance of the updated policy.
12. Contact
For any privacy question, request, or complaint:
If you are exercising a right under GDPR, CCPA/CPRA, or another data-protection regime, please mention that in the subject line so we can route it correctly. We aim to respond within 7 days and to complete formal requests within 30 days.