1. Introduction
RoseVault ("we," "our," or "us") is a privacy-first period and cycle tracking application for iOS. This Privacy Policy explains how RoseVault handles information when you use our mobile application (the "App"), available on the Apple App Store.
RoseVault is operated by an independent developer. We are committed to protecting your privacy — especially given the sensitive nature of menstrual and reproductive health data. Our entire architecture is designed so that we never have access to your personal information.
By downloading or using RoseVault, you agree to this Privacy Policy. If you do not agree, please do not use the App.
2. Data We Collect
2.1 Data Stored on Your Device Only
RoseVault stores the following types of data exclusively on your device using Apple's SwiftData framework with on-device encryption. This data is never transmitted to us or any third party:
| Data Type | Examples | Storage |
|---|---|---|
| Cycle data | Period start/end dates, cycle length, period length | Device Only |
| Daily logs | Mood, energy, sleep quality, flow intensity, symptoms, pain level | Device Only |
| Intimacy data | Sexual activity, contraception use | Device Only |
| Personal notes | Free-text notes you enter in daily check-ins | Device Only |
| Predictions | Predicted period dates, fertile window estimates, cycle phase | Device Only |
| App preferences | Cycle settings, app lock preferences, display options | Device Only |
2.2 Data We Do NOT Collect
We want to be explicit about what we do not collect:
| Data Type | Collected? |
|---|---|
| Name, email, or account credentials | No |
| IP address or location data | No |
| Device identifiers (IDFA, IDFV) | No |
| Analytics or usage telemetry | No |
| Advertising identifiers | No |
| Crash reports or diagnostics | No |
| Health data or biometric data | No |
| Contacts, photos, or other device data | No |
RoseVault does not require an account, login, or registration of any kind. You can use the App without providing any identifying information.
3. How Your Data Is Stored and Protected
3.1 On-Device Storage
All data is stored in a local database on your device using Apple's SwiftData framework. The database resides within the App's sandboxed container, which is protected by iOS's built-in security features including hardware-level encryption.
3.2 App Encryption
RoseVault applies AES-256 encryption to protect your data at rest. This encryption is applied at the application level, adding an additional layer of protection beyond the iOS filesystem encryption.
3.3 App Lock (Biometric Authentication)
You may optionally enable App Lock, which requires Face ID, Touch ID, or your device passcode to open RoseVault. Authentication is handled entirely by Apple's LocalAuthentication framework. We never see or store your biometric data — authentication happens at the hardware level on your device.
3.4 Encrypted Backups (Premium Feature)
Premium subscribers can create encrypted backup files of their data. When you create a backup:
- You set a passphrase that you choose and control
- Your data is encrypted on-device using your passphrase before being exported
- The encrypted file is stored wherever you choose (Files app, iCloud Drive, email, etc.)
- We do not have access to your passphrase or backup files
- If you lose your passphrase, neither we nor anyone else can decrypt your backup
4. Network Activity
RoseVault makes no network connections for the purpose of transmitting your personal or health data. The App does not contain any server-side backend, API endpoints, or cloud storage for user data.
The only network activity that may occur is:
- Apple StoreKit: For processing in-app purchases and verifying subscription status. This communication is between your device and Apple's servers, handled entirely by the StoreKit framework. We do not operate any purchase-related servers.
RoseVault contains no analytics SDKs (such as Firebase, Mixpanel, Amplitude, etc.), no advertising frameworks, and no third-party libraries that transmit data.
5. Third-Party Services
5.1 Apple (App Store, StoreKit)
When you purchase a subscription or make an in-app purchase, the transaction is processed by Apple through the App Store. Apple's handling of your payment information is governed by Apple's Privacy Policy. We receive only a transaction verification token — we do not receive your name, payment method, or Apple ID.
5.2 No Other Third Parties
RoseVault does not integrate with, transmit data to, or share data with any other third-party services, including but not limited to:
- Analytics services (Google Analytics, Firebase, etc.)
- Advertising networks
- Social media platforms
- Cloud storage providers
- Data brokers
- Health data platforms
6. In-App Purchases and Subscriptions
RoseVault offers optional premium subscriptions (monthly, yearly) and a one-time lifetime purchase. All payments are processed exclusively through Apple's App Store. We do not collect or have access to your payment information.
Subscription management, billing, and cancellation are handled through your Apple ID account in your device's Settings > Subscriptions.
7. Data Sharing and Disclosure
We do not share, sell, rent, or disclose your data to any third party because we do not have your data. Our zero-knowledge architecture means:
- We cannot comply with data access requests for user data — we don't possess it
- We cannot be compelled to hand over data we don't have
- There is no server to breach, no database to hack, and no user data to steal
In the event of a legal request (subpoena, court order, etc.), we can only confirm that we do not collect or store user data.
8. Data Retention and Deletion
Since all data is stored locally on your device:
- Your data exists only as long as you keep it. You are in full control.
- Delete all data: You can delete all data within the App via Settings > Data Management > Delete All Data.
- Uninstall the App: Removing RoseVault from your device permanently deletes all associated data.
- No residual data: We have no servers, backups, or copies of your data. Deletion is complete and irreversible.
9. Children's Privacy
RoseVault is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. Since RoseVault does not collect any personal information from any user, there is no risk of collecting children's data.
If you are a parent or guardian and believe your child has used the App, please note that no data from the App has been transmitted to us. All data remains on the device and can be deleted by removing the App.
10. International Users
RoseVault does not transfer data across borders because no data leaves your device. Regardless of where you are located — including the European Union, United Kingdom, California, or any other jurisdiction — your data stays on your device and is subject to the security protections of your device and iOS.
10.1 GDPR (European Union)
For users in the European Economic Area: since RoseVault does not collect, process, or store any personal data on our servers, the traditional GDPR data controller/processor framework does not apply to us. You maintain sole control over your data on your device. Your rights under GDPR — including the right to access, rectification, erasure, and data portability — are exercised directly through the App on your device.
10.2 CCPA (California)
For California residents: we do not sell personal information. We do not collect personal information. There is no data to opt out of selling, and no data to request disclosure about, because we have none.
11. App Store Privacy Nutrition Label
In accordance with Apple's App Store requirements, RoseVault's privacy nutrition label declares:
- Data Not Collected: RoseVault does not collect any data from this app.
This declaration is accurate and reflects our zero-knowledge architecture.
12. Medical Disclaimer
RoseVault is a wellness and informational tool. It is not a medical device and is not intended to diagnose, treat, cure, or prevent any disease or health condition. Cycle predictions and fertile window estimates are mathematical calculations based on your logged data and should not be used as a form of contraception or for medical decision-making. Always consult a qualified healthcare provider for medical advice.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes:
- The "Last Updated" date at the top of this page will be revised
- Material changes will be communicated through the App or App Store update notes
- Continued use of the App after changes constitutes acceptance of the updated policy
Our core commitment — that your data stays on your device and is never collected by us — will not change.
14. Contact Us
If you have questions, concerns, or feedback about this Privacy Policy or RoseVault's privacy practices, please contact us:
- Email: designempire@gmail.com
- Website: rosevault.xyz
We take privacy inquiries seriously and will respond as promptly as possible.