Legal

Privacy Policy

Last updated: May 2025

1. Introduction

Welcome to Private I ("we," "our," or "us"). This Privacy Policy explains how we handle information in connection with the Private I iOS application ("App"). We built Private I on a foundational commitment to privacy: the App exists to protect your personal information, and we apply that same commitment to how we operate.

By downloading or using Private I, you agree to the practices described in this policy. If you do not agree, please do not use the App.

2. What Data We Collect

2.1 Biometric Face Data

Private I captures and processes images of your face during the enrolment process to create a mathematical embedding used for face verification. This process involves:

  • Capturing one or more still images from your device's front camera
  • Extracting 76 facial landmarks and 24 geometric feature values
  • Storing the resulting numerical embedding (not the original image) in an encrypted file on your device

Raw camera images are never saved. Only the derived embedding is stored. The embedding cannot be reverse-engineered into a recognisable facial image.

2.2 Protected App List

The App stores a list of app bundle identifiers that you have chosen to protect. This data is kept in the app's shared container on your device and is never transmitted off-device.

2.3 Unlock and Access Logs (Pro)

Pro subscribers may enable unlock logging. Logs include timestamps and match/no-match results. These are stored locally and capped at 200 entries. They are never sent to us.

2.4 Intruder Photos (Pro)

Pro subscribers may enable intruder photography. When a face-verification attempt fails, a single still image may be captured from the front camera and saved to the app's local container. These images remain entirely on your device. We never access, transmit, or retain them.

2.5 Purchase and Subscription Data

In-app purchases and subscriptions are processed entirely by Apple through StoreKit. We do not receive your name, payment details, or Apple ID from Apple beyond a subscription status indicator (active/inactive). We do not store payment information.

2.6 Analytics and Crash Reports

We currently do not collect analytics or crash data through any third-party service. If this changes in a future update, this policy will be updated and users notified. Any crash reporting would be limited to aggregate, non-personally-identifiable data.

3. Key Privacy Commitment: Face Data Stays on Your Device

Your face data — including all embeddings, landmark data, and any related biometric information — never leaves your device. It is never uploaded to our servers, transmitted over the internet, shared with any third party, or stored in any cloud service. This is an architectural decision, not a policy preference. Private I has no servers that receive biometric data. There is no backend system capable of receiving it.

All face matching, embedding computation, and identity verification happens entirely within the App on your device using Apple's Vision framework. If you delete the App, all face data is permanently and irreversibly deleted from your device.

4. How Shortcuts Automation Data Is Handled

Private I integrates with iOS Shortcuts via Apple's App Intents framework. When you configure a Shortcuts automation, the automation metadata (e.g., which app triggers the intent) is stored by iOS in the Shortcuts app — not by us. We do not read or log which automations you have created beyond what is necessary to execute the Verify Identity intent when triggered.

The Protected App identifier passed to the intent at runtime is used only to determine the redirect behaviour and is not logged or stored beyond the active session.

5. Third-Party Services

Private I uses the following Apple-provided system frameworks and services only. No third-party SDKs, analytics tools, advertising networks, or data brokers are incorporated into the App:

  • Apple Vision Framework — local on-device face detection and embedding
  • Apple AVFoundation — camera access for face capture
  • Apple StoreKit 2 — in-app purchases and subscription management
  • Apple Security Framework / Keychain — secure local storage of PIN credentials
  • Apple App Intents / Shortcuts — automation integration

All data handling by these frameworks is governed by Apple's Privacy Policy.

6. Data Retention

All data created by Private I (face embeddings, protected app lists, unlock logs, intruder photos) is stored locally on your device. Data is retained until you delete it within the App, or until you uninstall the App.

We retain no data on our own systems about your device, identity, or usage of the App.

7. Your Rights

Because we do not collect personal data from you, traditional data subject rights (access, rectification, deletion, portability) apply primarily to data on your own device, which you control entirely. Specifically:

  • Access & Review: All data is stored on your device. You can view unlock logs and intruder photos directly in the App.
  • Deletion: Re-enrolling your face replaces existing embedding data. Deleting the App removes all data permanently.
  • Portability: Data is stored in Apple App Group containers on your device. iCloud backups, if enabled on your device, are governed by Apple's policies.

If you have questions about your rights or wish to contact us regarding any privacy concern, please email us at privacy@privatei.app.

8. Children's Privacy

Private I is not directed at children under the age of 13 and we do not knowingly collect personal information from anyone under 13. The App requires an Apple ID, which Apple restricts to users 13 and older (or older depending on jurisdiction). If you believe a child under 13 has used the App, please contact us at privacy@privatei.app and we will take appropriate steps.

9. Security

We employ the following security practices within the App:

  • Face embeddings are stored in an encrypted binary file in the App Group container
  • PIN credentials are stored in the iOS Keychain with App Group access controls
  • Camera access is requested only at enrolment and during face verification
  • No network connections are made by the App for data transmission

While no system is perfectly secure, Private I's architecture minimises risk by keeping all sensitive data on-device with no external transmission surface.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date above and notify users via an in-app notice on the next App launch. Your continued use of the App after any changes constitutes your acceptance of the revised policy.

We will never materially change our commitment to keeping face data on-device without explicit opt-in consent and prominent disclosure.

11. Contact

For privacy-related questions or concerns, please contact us at:

Privacy Enquiries
privacy@privatei.app