Privacy Audit Report

iOS Tracking Risk Assessment | Last updated: December 31, 2025

Executive Summary

✅ No Tracking Detected

The app does not engage in "tracking" as defined by Apple's App Tracking Transparency (ATT) framework. No IDFA access, no advertising identifiers, no cross-app data sharing for advertising purposes.

Status: The app is compliant with Apple's tracking requirements. No ATT permission is required.

Tracking Status

✅ No tracking detected

The app is compliant with Apple's tracking requirements. No ATT permission is required. The app is ready for App Store submission without tracking declarations.

What We Checked

No IDFA (Identifier for Advertisers) access

No ATT (App Tracking Transparency) permission required

No advertising SDKs installed

Firebase used only for backend services (authentication, database, functions)

No data shared with advertising networks or data brokers

No cross-app tracking or linking

Third-Party SDKs

The app uses the following SDKs, all verified to have no tracking capabilities:

  • Firebase - Backend services only (authentication, database, functions)
  • react-native-iap - In-app purchases (subscription management)
  • Expo - Development framework (device info, notifications, crypto)

No tracking SDKs: No advertising SDKs, no attribution SDKs, no marketing platforms, no data brokers, no analytics services beyond Firebase backend.

Data Collection

We collect only the data necessary to provide the app's core functionality:

  • Account Information: Email, display name (for account management)
  • Journal Content: Your journal entries, mood ratings, reflections (stored securely)
  • Device Information: Device ID (hashed), platform, app version (for support and security)
  • Subscription Information: Subscription status (for feature access)

Important Assurances:

  • ✓ We do NOT sell your data
  • ✓ We do NOT use your data for advertising tracking
  • ✓ We do NOT share your data with third parties (except Firebase as service provider)

Network Requests

The app only makes requests to the following services:

  • Firebase Services: Authentication, Realtime Database, Cloud Functions
  • Payment Processors: Google Play Billing API (Android), App Store Server API (iOS) - for subscription validation only
  • Bible API: Public CDN for Bible verse retrieval (no user data transmitted)

No marketing/advertising endpoints: No requests to advertising domains, attribution services, or analytics services beyond Firebase backend.

App Store Connect Declaration

  • Tracking: NO
  • Data Sharing: NO (except service providers: Firebase, payment processors)
  • Advertising: NO
  • Cross-App Tracking: NO
  • Third-Party Advertising: NO

Your Privacy Rights

You have full control over your data:

  • • View all your data in the app
  • • Delete individual journal entries
  • • Delete your account and all data
  • • Revoke AI consent (stops analytics collection)
  • • Export your data (via account deletion flow)

Related Information

Privacy Policy →Data Retention Policy →Account Deletion Information →

Audit Date: December 31, 2025
Compliance Status: ✅ No tracking detected
Next Review: As needed when data collection changes