Privacy Policy

The short version: Aperture Protocol has no accounts and no servers. It does not collect, transmit, sell, or share your personal data. Everything you do in the app stays on your device unless you personally choose to export and share it. In Apple's terms, this app is marked "Data Not Collected."

Who we are
What we collect
Information stored on your device
Device permissions we request
Health & heart-rate data
Notifications
Exporting & sharing
Third parties
Children
Your choices & rights
Security & retention
Changes
Contact

1. Who we are

This Privacy Policy describes how the Aperture Protocol mobile application ("Aperture Protocol," "the app," "we," "us," or "our") handles information. Aperture Protocol is an independently published wellness and reflection app for iOS and Android. It is offered for personal use only and is not a medical device or a healthcare service.

2. What we collect

We do not collect any personal data. Aperture Protocol has no user accounts, no login, and no backend servers operated by us. We do not run analytics, advertising, crash-reporting, or tracking software of any kind, and the app performs no background network transmission of your information. We cannot see your sessions, your logs, your heart-rate readings, or anything else you enter, because none of it ever reaches us.

Because the app does not transmit data off your device or link any data to your identity, its App Store privacy label is "Data Not Collected."

3. Information stored on your device

The app saves your practice information in a private database on your device so the experience works and your progress is remembered. This may include:

Session records (which day of the protocol, durations, a computed coherence value, and an estimated model value);
Logs you choose to create, such as intrusion entries (type, an intensity rating, a timestamp, and any optional note you write);
Your settings and preferences (reminder time, haptics and audio toggles, chosen biofeedback source, baseline selection);
The status of the in-app environmental checklist and any reframe scripts you save.

This information is stored locally using the device's standard app storage. It is not uploaded to us or to any third party. If you delete the app, this data is removed from your device by the operating system. You can also clear it at any time using the in-app reset.

4. Device permissions we request

To provide its features, the app may ask your permission to use certain device capabilities. You can grant or deny each of these, and change them later in your system settings. Denying a permission only disables the related feature.

Camera — used optionally to measure your pulse by detecting subtle color changes when you rest a fingertip on the rear camera (photoplethysmography). The camera signal is processed live, on your device, to derive a heart rate. No photos or video are recorded, saved, or transmitted.
Bluetooth — used optionally to connect to a compatible heart-rate monitor (for example a chest strap) for biofeedback during a session. Readings are used on-device and are not transmitted by us.
Notifications — used optionally to send you a local daily practice reminder. These reminders are scheduled on your device; we do not use push servers and do not receive any related information. See section 6.

A note on system-required permission text. Because of how Apple analyzes app binaries, the app includes standard notices referencing location and microphone capabilities used by bundled system libraries. The app does not track your location and does not record audio; these prompts are never triggered in normal use, and no such data is accessed, stored, or transmitted.

5. Health & heart-rate data

On iOS, you may optionally allow the app to read your heart rate from a paired Apple Watch through Apple HealthKit, to use as a biofeedback signal during a session. When you use this feature:

The app reads heart-rate values only, and only while you are using it;
Heart-rate and biofeedback data are used on your device for the session experience and your local progress;
We do not use any health data for advertising or marketing, we do not sell it, and we do not share it with any third party;
Health data obtained through HealthKit is never transmitted off your device by us.

You can review and revoke the app's Health permissions at any time in the iOS Settings → Privacy & Security → Health screen, or within the Health app.

6. Notifications

If you enable reminders, the app schedules local notifications on your device at a time you choose. These are generated entirely on-device. We do not operate a push-notification service and receive no information about whether a reminder was delivered or opened. You can turn reminders off in the app or in your system settings.

7. Exporting & sharing

The app includes an optional export feature that lets you save or share a copy of your practice data (for example, to move it to another tool you use). This only happens when you actively choose it and use your device's standard share sheet to pick a destination. At that point the data goes wherever you send it, under the terms of whatever app or service you choose. The export is deliberately limited and excludes free-text notes you write in your intrusion log. We never trigger exports automatically.

8. Third parties

We do not share data with third parties because we do not collect it. The app does not embed third-party analytics, advertising, or tracking SDKs. The only third parties inherently involved are:

Apple and Google, as the app stores through which you download the app and which may collect their own information under their respective privacy policies; and
Any destination you personally choose when using the export/share feature.

The app also includes a privacy manifest declaring its use of certain standard, "required-reason" device APIs (such as reading available disk space and file timestamps) used purely for normal on-device operation — not for tracking.

9. Children

Aperture Protocol is intended for a general adult audience and is not directed to children. We do not knowingly collect personal information from children (and, in fact, we do not collect personal information from anyone). The app's themes are best suited to mature users; please review the App Store age rating before allowing a minor to use it.

10. Your choices & rights

Because your data lives only on your device, you are in direct control of it at all times. You can:

Use the in-app reset to erase your stored practice data;
Delete the app to remove all of its locally stored data from your device;
Grant or revoke camera, Bluetooth, Health, and notification permissions at any time in your system settings;
Choose whether and where to export your data.

We do not hold any copy of your data, so there is nothing for us to access, correct, or delete on your behalf. Depending on where you live (for example, under the GDPR or the CCPA/CPRA), you may have additional rights regarding personal data — but since we neither collect nor process your personal data, these rights are satisfied by the on-device, no-collection design described above.

11. Security & retention

Your information is protected by your device's own security model and stays in the app's private storage area. We retain nothing on our side. Your data remains on your device for as long as the app is installed, or until you reset it or delete the app. As with any locally stored information, we recommend using a device passcode and keeping your operating system up to date.

12. Changes to this policy

We may update this Privacy Policy from time to time — for example, if we add a feature. When we do, we will revise the "Last updated" date above and post the new version at this URL. Material changes will be reflected here before they take effect in a new app version.

13. Contact

Questions about this policy or your privacy? Reach us at [email protected]. We're a small independent project and will respond as soon as we can.

Contents