{
  "title": "The Never Contract",
  "tagline": "Numbered promises. The enforceable ones fail our deploy.",
  "url": "https://flicked.email/never",
  "generated": "2026-07-09",
  "honesty_limitations": [
    "The checks run in a private repository’s CI. A public mirror of the check scripts is planned, pending a founder decision — until it exists you are trusting our word that the checks below are the checks that actually run.",
    "iOS releases are audited post-release, not deploy-gated: App Store review sits between us and production, so a native build is verified after it ships, not before.",
    "A malicious maintainer could delete these checks in the same commit that breaks a promise. That is exactly what the planned public mirror is meant to fix.",
    "This page is rebuilt at deploy time by the same pipeline it describes — it is not an independent auditor of itself.",
    "The source scan strips comments with a heuristic, and promises like “never sell your data” are things a build cannot fully prove — those carry no badge for that reason."
  ],
  "tiers": {
    "ci": "Backed 1:1 by an executable check that fails the build.",
    "policy": "A promise we make but cannot yet machine-verify. No badge."
  },
  "clauses": [
    {
      "id": 1,
      "slug": "paywall-copy",
      "text": "Our paywall can never promise more than the code actually grants.",
      "tier": "ci",
      "check": "entitlements:smoke",
      "mechanism": "The entitlements smoke test asserts every benefit line in the iOS paywall equals the plan quota hard-coded in server/entitlements.ts, and fails the build if they drift; it runs in CI on every push and pull request.",
      "surfaces": {
        "web": "CI",
        "ios": "post-release audit"
      }
    },
    {
      "id": 2,
      "slug": "billing-sdk",
      "text": "The web app can never quietly carry the App Store billing SDK.",
      "tier": "ci",
      "check": "ci.yml dist grep",
      "mechanism": "CI greps the built web bundle and fails if the App Store billing SDK (react-native-purchases / RNPurchases) is present; it runs in GitHub Actions on every push and pull request.",
      "surfaces": {
        "web": "CI",
        "ios": "n/a — the native app uses StoreKit by design"
      }
    },
    {
      "id": 3,
      "slug": "share-receipt",
      "text": "The caught-up share receipt can never claim numbers beyond hard-coded bounds, and its page and preview image can never disagree.",
      "tier": "ci",
      "check": "og:smoke",
      "mechanism": "The og:smoke test asserts the caught-up receipt's numbers are clamped to hard bounds (≤5000 cleared, ≤500 senders) and that its /r page and /og/receipt preview image are both derived from one shared contract; it runs in CI on every push and pull request.",
      "surfaces": {
        "web": "CI",
        "ios": "post-release audit"
      }
    },
    {
      "id": 4,
      "slug": "no-streak",
      "text": "We will never add a streak.",
      "tier": "ci",
      "check": "never-checks N1",
      "mechanism": "never-checks N1 scans the app's source (comments stripped) for streak, daily-goal and “don't break the chain” language and fails on any match; it runs in CI and before every site deploy.",
      "surfaces": {
        "web": "CI + deploy",
        "ios": "post-release audit"
      }
    },
    {
      "id": 5,
      "slug": "no-infinite-scroll",
      "text": "The deck can never become an infinite scroll.",
      "tier": "ci",
      "check": "never-checks N2",
      "mechanism": "never-checks N2 scans the deck screens for infinite-scroll primitives (FlatList onEndReached, InfiniteScroll) and fails on any match; it runs in CI and before every site deploy.",
      "surfaces": {
        "web": "CI + deploy",
        "ios": "post-release audit"
      }
    },
    {
      "id": 6,
      "slug": "no-reengagement",
      "text": "We will never send you a re-engagement or win-back notification.",
      "tier": "ci",
      "check": "never-checks N3",
      "mechanism": "never-checks N3 scans the app and server for re-engagement, win-back and come-back-notification code and fails on any match; it runs in CI and before every site deploy.",
      "surfaces": {
        "web": "CI + deploy",
        "ios": "post-release audit"
      }
    },
    {
      "id": 7,
      "slug": "no-sell-data",
      "text": "We will never sell your data.",
      "tier": "policy",
      "check": null,
      "mechanism": "A promise, not a proof — nothing in our pipeline can machine-verify a data sale never happened. Our business model (paid subscriptions, no ad network) removes the incentive, and our privacy policy states it plainly.",
      "surfaces": {
        "web": "policy",
        "ios": "policy"
      }
    },
    {
      "id": 8,
      "slug": "no-train-on-mail",
      "text": "We will never train AI on your mail.",
      "tier": "policy",
      "check": null,
      "mechanism": "A promise — your email is sent request-scoped to draft one reply and is never retained as training data, by us or on our instruction. We cannot yet machine-prove a negative, so this carries no badge.",
      "surfaces": {
        "web": "policy",
        "ios": "policy"
      }
    },
    {
      "id": 9,
      "slug": "no-send-from-account",
      "text": "We will never send email from your account.",
      "tier": "policy",
      "check": null,
      "mechanism": "Architectural: Flick's OAuth mail scope is read-and-draft only, so approved replies are saved as drafts in your own mailbox for you to send. We hold this as a promise rather than a badge because not every connection type is send-blocked by a single machine check.",
      "surfaces": {
        "web": "policy",
        "ios": "policy"
      }
    },
    {
      "id": 10,
      "slug": "no-ads",
      "text": "We will never show you ads.",
      "tier": "policy",
      "check": null,
      "mechanism": "A promise — Flick ships no ad network, no ad SDK and no IDFA tracking on iOS. There's no ad code path to gate, so this carries no badge.",
      "surfaces": {
        "web": "policy",
        "ios": "policy"
      }
    },
    {
      "id": 11,
      "slug": "no-leaderboard-or-badge",
      "text": "We will never add a leaderboard or a badge that counts up.",
      "tier": "policy",
      "check": null,
      "mechanism": "A promise for the leaderboard and count-up-badge half of our anti-gamification stance. The other half — “never add a streak” — is the CI-enforced clause above.",
      "surfaces": {
        "web": "policy",
        "ios": "policy"
      }
    },
    {
      "id": 12,
      "slug": "no-session-length-metric",
      "text": "We will never make session length a success metric.",
      "tier": "policy",
      "check": null,
      "mechanism": "A promise — time-in-app is not a goal we optimize; there is no “time well spent” target in the product and no such metric drives the roadmap. Not yet machine-checkable, so no badge.",
      "surfaces": {
        "web": "policy",
        "ios": "policy"
      }
    },
    {
      "id": 13,
      "slug": "terminus-honesty",
      "text": "When Flick reaches the end of the deck, we will never claim we closed your inbox for you.",
      "tier": "ci",
      "check": "never-checks N4",
      "mechanism": "never-checks N4 fails the build if the end-of-deck copy in lib/terminus.ts ever claims Flick “closed” your inbox for you (rather than that you closed Flick); it runs in CI and before every site deploy. If that copy module is ever removed, N5 fails the build so this badge can never outlive its check.",
      "surfaces": {
        "web": "CI + deploy",
        "ios": "post-release audit"
      }
    }
  ]
}