Draft for review. Last updated: [DATE]. This describes the actual behavior of MomentClose V1 as built. It must be kept in sync with the app's real data handling — if analytics is ever enabled (see below), this document and the App Store privacy label must be updated before that build ships.
MomentClose is built to be a quiet, local-first tool. By default it collects no personal data and sends nothing about you off your device. Your loops, notes, and activity stay on your device.
Everything you enter — your loops, their titles, notes, and their open/resting/ closed status — is stored locally on your device only, using your device's standard app storage. We do not have a server that holds your content. We cannot see your loops. There is no account, no sign-in, and no cloud sync in V1.
If you delete the app, this local data is removed by your operating system in the normal way.
V1 ships with analytics turned off by default. The app's store privacy label is declared as "Data Not Collected," and that is accurate for the default build.
The codebase contains an optional, privacy-minimal analytics seam that is only active if a future build is explicitly configured to enable it (a build-time flag plus a configured key). If that ever happens:
As shipped for launch, none of this is active.
The "Data Not Collected" label depends not only on analytics being disabled at runtime, but on what is bundled in the build. Some analytics and crash SDKs (for example, certain configurations of PostHog or Sentry) may collect identifiers or diagnostic data automatically once initialized — sometimes even before an explicit opt-in. Therefore:
If crash reporting is enabled in a build, it is limited to technical diagnostic information needed to fix defects — error type, a stack trace, and basic device/ OS information. Crash reports do not include the content of your loops or notes. Crash reporting, like analytics, is infrastructure-only and is not used to profile you.
MomentClose may schedule local notifications on your device — for example, a gentle reminder about a loop that has been open a while, or an occasional recall if the app hasn't been opened in some time. These are scheduled and delivered entirely by your own device's operating system. They are not push notifications: nothing is sent from a server, no push token is registered, and no data about you leaves the device to produce them. The scheduling decisions are made locally from data already on your device. You can disable notifications at any time in your device settings, and the app will simply stop scheduling them.
Because all of your content lives only on your device and there is no cloud backup or sync in V1, your data exists in exactly one place. If you delete the app, switch devices, or your device is lost, reset, or its storage is cleared, that content cannot be recovered — not by you and not by us, because we never held a copy. This is a deliberate privacy tradeoff (we can't lose or leak data we never receive), but it means you should not rely on MomentClose as a system of record for anything you cannot afford to lose.
MomentClose is not directed at children and does not knowingly collect data from children.
Because your data is local, you are in control of it: it lives on your device, and removing the app removes it. There is no server-side copy for us to access, export, or delete on your behalf.
If the app's data behavior changes (most notably, if analytics or crash reporting is enabled in a shipped build), this policy will be updated to match, and the store privacy label will be updated accordingly, before that build is released.
[CONTACT EMAIL / SUPPORT URL]
← Back to MomentClose