Privacy Policy

This Privacy Policy explains how Backtrack ("we", "us", or "the app") handles your information when you use our iOS application. We've written it to be readable, but it also serves as our formal disclosure under the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Apple's App Store Privacy guidelines.

Who we are

Backtrack is operated by Ihor Malovanyi, a sole proprietor based in Ukraine ("we"). You can reach us about anything in this policy at backtrack-support@ihor.pro.

For users in the European Economic Area, United Kingdom, or Switzerland, we act as the Data Controller for the limited personal data we process. We do not operate an EU establishment and do not currently have an appointed EU representative; if regulatory contact is needed, please email us first and we will respond promptly.

The short version

Backtrack is designed around a principle: your recordings stay on your device unless you choose otherwise. We don't have a server. We don't host your audio or video. We don't share your data with advertisers, brokers, or any third party for marketing purposes. Speech recognition runs on-device. Crash reports and aggregated usage statistics, if collected, are anonymous and never contain your recordings.

Below is the detail.

What information we handle, and why

Recordings (audio and video)

The core function of Backtrack is to continuously record audio (and optionally video) into a rolling buffer on your device. When you press CUT, the relevant portion of the buffer is saved as a file in the app's local storage.

• Storage location. Recordings are saved to the app's sandboxed file system on your device. They are not transmitted to us at any time.
• iCloud Sync (optional). If you enable iCloud Sync in Settings, your recording metadata (titles, ratings, tags, notes, timestamps) is synchronized through your personal iCloud account using Apple's CloudKit. We do not have access to your iCloud account or to the synced data. Audio/video files themselves are not synced in the current version.
• Retention. Recordings persist on your device until you delete them, uninstall the app, or wipe your device. We do not retain any copies.
• Sharing. If you use the iOS share sheet to send a recording elsewhere (Messages, AirDrop, email, GarageBand, etc.), that destination service handles the file under its own privacy terms. We do not see or intercept those shares.

Microphone audio buffer (not stored)

While the app is running, it captures audio from the microphone into a rolling buffer in volatile storage. This is required for the retroactive-cut feature to work. Audio in the rolling buffer that you do not save with a CUT is overwritten and lost — we do not transmit, log, or analyze the rolling buffer.

Camera video buffer (not stored)

When the app is in video mode, the same rolling-buffer principle applies to video frames captured by the camera. Unsaved frames are overwritten and never leave your device.

Speech recognition (optional, on-device)

If you enable the voice-keyword trigger ("Voice command" in Settings), the app uses Apple's Speech framework to listen for a configurable keyword (e.g. "cut"). This processing happens entirely on your device — your voice is not transmitted to Apple's servers or to us. Apple requires the iOS system permission NSSpeechRecognitionUsageDescription, which you must grant for the feature to function. You can revoke this permission at any time in iOS Settings → Privacy & Security → Speech Recognition.

Subscription and purchase data

When you subscribe to Backtrack, the purchase is processed by Apple through StoreKit and the App Store. We receive a signed receipt indicating that an active subscription exists; we do not receive your name, billing address, or payment instrument. Apple's Privacy Policy (https://www.apple.com/legal/privacy/) governs this data.

We store, locally on your device only, two flags: whether you have completed onboarding, and whether your subscription is currently active. These flags are kept in iOS UserDefaults and are not transmitted to us.

Onboarding answers

During first-launch onboarding, we ask three multiple-choice questions about how you intend to use the app (what you'll capture, how you'll use the device, audio vs video). Your answers are stored locally on your device in UserDefaults. They are not transmitted to us in the current version. In the future, we may collect aggregated, anonymized responses to inform product decisions; if we do, we will update this Policy first and explain how to opt out.

Diagnostic data

Backtrack does not currently integrate any third-party analytics SDK or crash-reporting service. If a future version does, we will:

1. Update this Policy before the version is released.
2. Use only privacy-respecting providers (e.g. TelemetryDeck) that do not collect personal identifiers.
3. Honor your iOS-level "Share with App Developers" toggle.

Apple may collect aggregate, anonymized analytics about app usage under its own privacy terms if you have "Share with App Developers" enabled in iOS Settings → Privacy & Security → Analytics & Improvements. We may see this aggregate data in App Store Connect; it is not linked to identified individuals.

Apple Watch communication (optional)

If you install the optional Apple Watch companion, the iPhone and Watch communicate via Apple's WatchConnectivity framework. Messages are exchanged only between your paired devices and contain no recording content — only a one-word "cut" trigger. We never see this traffic.

Permissions we request

iOS requires that we explain what each permission is for. Here's the canonical statement for each:

• Microphone (NSMicrophoneUsageDescription): Backtrack records audio to a rolling buffer so you can save any moment after it happens. Without this permission, the app cannot perform its core function.
• Camera (NSCameraUsageDescription): Required only if you choose video mode. Optional.
• Speech Recognition (NSSpeechRecognitionUsageDescription): Required only if you enable the voice-keyword trigger. Recognition runs on-device. Optional.

You can revoke any of these in iOS Settings → Privacy & Security at any time. The app will respect the revocation and disable the relevant features.

What we DO NOT collect

For clarity, Backtrack does not:

• Collect your name, email address, phone number, or other contact details (no account system exists).
• Track your location or use location services.
• Read your contacts, calendar, photos library, or other apps' data.
• Send your audio or video to any cloud service operated by us.
• Send your audio to any third-party speech-recognition service (Apple processes speech recognition on-device when the requirements are met).
• Use advertising identifiers (IDFA, IDFV) for tracking.
• Sell or share your data with data brokers.
• Display third-party advertising.
• Use cookies or web trackers (the app is not web-based).

We do not engage in "sale" or "sharing" of personal information as defined by the CCPA, the CPRA, or comparable U.S. state privacy laws. Therefore there is nothing for you to opt out of in this regard. You can confirm this with the "Do Not Sell or Share My Personal Information" link in App Store privacy disclosures, which will indicate "Data Not Collected".

Legal basis for processing (EU/UK users)

For users to whom GDPR or UK GDPR applies, the legal bases for the limited processing described above are:

• Performance of a contract (Art. 6(1)(b)): processing required to deliver the recording functionality you requested when installing the app and starting a subscription.
• Legitimate interest (Art. 6(1)(f)): ensuring the app works reliably (e.g., locally-stored entitlement state to gate paid features).
• Consent (Art. 6(1)(a)): for any optional iOS permissions you grant (microphone, camera, speech recognition).

Recordings remain on your device and are not processed by us at any time, so most of the GDPR's transmission, storage, and breach-notification machinery does not apply to that data.

Your rights

If GDPR / UK GDPR applies to you, you have the right to:

• Access the personal data we hold about you (we hold none beyond the on-device flags described above).
• Have it corrected or erased (delete the app, and all local data is removed with it).
• Restrict or object to its processing.
• Data portability (your recordings are standard .m4a / .mp4 files in iOS Files, already portable).
• Withdraw consent at any time by revoking iOS permissions or deleting the app.
• Lodge a complaint with your local data-protection supervisory authority (in Ukraine: the Ukrainian Parliament Commissioner for Human Rights; in the EU: your national DPA; in the UK: the Information Commissioner's Office, ico.org.uk).

If CCPA / CPRA applies (you reside in California), you have analogous rights to know, delete, correct, and limit. Because we do not collect personal information through the app, exercising most of these rights consists of deleting the app from your device.

You can exercise any of the above by emailing backtrack-support@ihor.pro. We will respond within 30 days. We may ask for reasonable identifying information to confirm your request — typically the email address you used to contact us, plus the approximate date you installed the app.

Children's privacy

Backtrack is rated 4+ in the App Store and may be used by people of any age, but it is not designed for or directed at children under 13 (or under 16 in jurisdictions where that is the minor threshold). We do not knowingly collect personal information from children. As described above, we do not collect personal information through the app from anyone. If a parent or guardian believes a child has provided personal information to us by some other means (for example by emailing support), please contact us and we will delete any such information.

Data retention and deletion

There is no remote data to retain because we don't have a server. On-device data is retained until you delete the app or your device. Uninstalling the app removes:

• All saved recordings
• The local SwiftData store containing recording metadata
• Settings and onboarding flags

iCloud-synced metadata persists in your iCloud account until you remove the app's data from iCloud (Settings → Apple ID → iCloud → Manage Storage → Backtrack on any device).

International transfers

We do not transfer personal data internationally because we do not collect personal data centrally. Apple-handled data (subscriptions, App Store purchase data) is subject to Apple's transfer mechanisms, which include Standard Contractual Clauses and other safeguards Apple maintains.

Security

Recordings are stored in your device's sandboxed filesystem and are protected by iOS's at-rest encryption when your device is locked. We rely on Apple's platform security; we have no additional infrastructure that could be compromised.

In the unlikely event of a security incident affecting any data we control, we will notify affected users by an in-app message at next launch and, where legally required, by notice on this page within 72 hours of becoming aware.

Third-party services we use

Backtrack uses the following Apple-provided frameworks. None of them transmit your recordings to third parties.

• StoreKit — subscription management. Governed by Apple's Privacy Policy.
• CloudKit — optional iCloud Sync of metadata. Uses your personal iCloud account.
• Speech (SFSpeechRecognizer) — on-device voice keyword detection.
• AVFoundation — audio/video capture.
• WatchConnectivity — Watch companion communication.

We use no third-party analytics, advertising, or attribution SDKs.

Changes to this Policy

If we change this Policy materially — for example, if a future version of the app introduces analytics or cloud features that process personal data — we will:

1. Update the "Last updated" date at the top.
2. Show a clear notice on next app launch describing what changed.
3. Where required by law (e.g., for sensitive new processing), ask for fresh consent before the new processing begins.

Minor wording changes that don't affect what we do with your data will be updated silently.

Contact

Questions, complaints, or rights requests: backtrack-support@ihor.pro.

We aim to respond within 5 business days for routine inquiries, and within 30 days for formal rights requests.