DOSSIER // YOUR EYES ONLY CASE PRIVACY UPDATED 2026.05.23

Privacy Policy

Last updated 2026-05-23. Plain English. Read it once.

PUBLIC

Section 00 // The short version

  • Everything stays on your device by default. Your task progress, notes, and onboarding answers live in a local database on this iPhone or iPad. We do not have a server that stores your data.
  • iCloud sync is opt-in. If you turn on iCloud Replication in Settings, your progress syncs to your own iCloud private database — not to us. We cannot read it.
  • Analytics, if any, are anonymous. If analytics are enabled in this build, we record an anonymous random identifier and product-usage events (e.g. "task.completed"). We never attach your name, email, phone number, IP address (PostHog's IP scrubbing is on), or the specific company you opted out of.
  • No advertising. No ad SDKs. No third-party tracking. No "share data with partners" toggle hidden three menus deep.
  • No accounts. You never create an account with us. There is no email, password, or username to remember.

Section 01 // What we collect and why

Task progress
The status of each task (pending / in progress / reviewed / skipped / N/A). Lives on your device, optionally your iCloud. Used so you can see what you've done.
Notes
Free-text notes you add to a task. Device-local, optionally synced to your iCloud.
Onboarding
Your chosen level, country, and goals. Used to rank task suggestions.
Settings
Theme, reminder time, sync toggle. Device-local.
Anonymous events
If analytics are enabled: event name, severity, anonymous device-scoped UUID. Sent to PostHog (EU region).
Crash logs
Standard Apple crash reports — only if you opted in via iOS Settings → Privacy & Security → Analytics & Improvements.

Section 02 // What we do NOT collect

  • Your name
  • Your email address
  • Your phone number
  • Your IP address (PostHog IP scrubbing is on)
  • The contents of any URL you visit
  • The contents of any opt-out form you submit
  • The companies / data brokers you specifically opt out of (we know how many tasks you complete, never which tasks)
  • Contacts, location, microphone, camera, photos
  • Anything from outside the app

Section 03 // Third parties

The only third-party service the app may communicate with is PostHog — and only for anonymous, aggregate, product-usage events, only if your build has been configured with a PostHog key.

  • PostHog's privacy policy: posthog.com/privacy
  • We use the EU region (eu.posthog.com) by default
  • We set sessionReplay = false (no screen recording, ever)
  • We set captureScreenViews = false (no per-screen tracking)
  • We do not call identify() with any personal data — only anonymous UUIDs

If your build does not include a PostHog key (open-source builds, sideloaded builds, dev builds without a Configs/Local.xcconfig), PostHog is not initialized and nothing leaves the device.

Section 04 // CloudKit (iCloud sync)

If you turn on iCloud Replication:

  • Your task progress, notes, onboarding answers, and settings sync through Apple's CloudKit private database
  • This database is owned by you, scoped to your Apple ID, encrypted at rest by Apple
  • We — wrongperson, the developer — do not have access to this data. We cannot read it, dump it, share it, or sell it.
  • Apple's iCloud privacy: apple.com/legal/privacy

Section 05 // The catalog

The catalog of privacy tasks (Equifax credit freeze, Opt-Out Prescreen, etc.) ships with the app as a bundled file. The catalog itself never moves between your device and our servers. We do not know which tasks you read, only — if analytics are enabled — how many you mark complete in aggregate.

Section 06 // Your rights

You always have the right to:

  • Export your data — Settings → Export Dossier produces a JSON or CSV of everything we hold about you on this device
  • Reset progress — Settings → Strip All Stamps clears task progress while keeping the catalog and your notes
  • Delete everything — Settings → Burn The File destroys progress, notes, onboarding answers, and settings. The catalog re-seeds on next launch
  • Opt out of analytics — coming in a future build as a Settings toggle; today, sideload a build without a PostHog key to fully disable

If you live in the EU, UK, California, or anywhere with data-protection rights (GDPR, UKDPA, CCPA, etc.), the rights above already cover the legal minimum: access (Export), erasure (Burn The File), and portability (JSON/CSV export).

Section 07 // Children, security, changes

Children. wrongperson is rated 4+ and is suitable for all ages. We do not knowingly collect any data from children. The "Kids Credit Freeze" task in the catalog is parental guidance — not a feature aimed at children.

Security. Local storage uses iOS's standard SwiftData (SQLite under the hood) protected by the device's file system encryption. iCloud sync uses Apple's CloudKit (encrypted in transit and at rest). Network traffic to PostHog is over HTTPS, certificate-pinned by the system.

Changes. If we change this policy, we'll update the "Last updated" date at the top, ship the new copy with an app update, and explain what changed in the release notes.

Section 08 // Contact

For privacy questions: support@wrongperson.app