Privacy Policy

Effective May 10, 2026 · Last updated May 10, 2026
The short version

Notch does not collect, transmit, or store any of your data outside your device. There are no accounts, no servers, no analytics, no advertising, no third parties. Everything you record lives in an encrypted database on your iPhone, and only you can unlock it.

If that's all you needed to know, you can stop reading here.

You can verify all of this in-app. Tap the lock badge in the top-right of any tab to see the same six rules and the technical details. Settings → Security shows what's actually stored on your device, including the database file path and entry counts.

Who this applies to

This policy covers Notch, the iOS app published by an independent developer (referred to here as "we" or "us"). It applies to anyone who installs and uses the app.

What we collect

Nothing. Notch does not have a backend, does not use analytics SDKs, does not include crash reporters that phone home, and does not contain advertising or tracking code. There is no signup flow because there is nothing for you to sign up to.

What stays on your device

You enter the following information yourself, and it remains stored locally on your iPhone:

How it's encrypted

Two layers of encryption protect your data on the device:

Database
SQLCipher (AES-256) via op-sqlite. The encryption key is generated per install and stored in the iOS Keychain.
Photos
App sandbox under NSFileProtectionComplete — Apple's strictest data-protection class. Files are encrypted at rest using a key derived from your device passcode and are inaccessible whenever the device is locked.
Authentication
Optional LocalAuthentication.framework (Face ID / Touch ID) for biometric app lock. Off by default.
Apple Health
Optional, opt-in per direction and per data type. When enabled, Notch reads from and writes to your device's HealthKit database via Apple's HealthKit framework. HealthKit data is sandboxed and on-device; nothing is transmitted off your phone.
Network
None during normal use. Export uses UIActivityViewController — your phone decides where the data goes.

You can confirm what's stored — including the literal database file path inside the app sandbox — under Settings → Security.

Permissions and why we ask for them

Each permission is requested only the first time you use the corresponding feature. You can revoke any of them at any time in iOS Settings → Notch, or in iOS Settings → Privacy & Security → Health → Notch for Apple Health specifically.

Apple Health integration

If you enable Apple Health sync, Notch reads from and writes to your device's HealthKit database for two data types only: body weight and workouts. Notch does not read, write, or transmit any other HealthKit data type (heart rate, sleep, blood pressure, menstrual data, nutrition, etc.) — even if you've granted broader permission to other apps.

Four independent toggles in Settings → Apple Health let you opt in to each direction:

All four start off. You enable any combination you want; you can change them anytime, or disconnect entirely. When you disconnect, items already imported into Notch stay in Notch (they're yours); items pushed to Apple Health stay there until you delete them via the Health app.

Photos and habits never sync to Apple Health. Apple Health doesn't have a category for progress photos, and we wouldn't sync them even if it did — photos are designed to stay strictly inside Notch. Habit check-ins don't map to any HealthKit data type either.

Items that came in from Apple Health are clearly marked with a "From Health" badge inside Notch. Items Notch pushes into Apple Health are tagged with metadata identifying Notch as the source, so the same workout doesn't loop back into Notch as a duplicate import.

The HealthKit database itself is managed by iOS, encrypted at rest, and inaccessible to other apps without your explicit permission. If you have iCloud Health Sync enabled (in iOS Settings → your Apple ID → iCloud → Health), Apple may include the HealthKit database in iCloud under Apple's end-to-end encryption — that is between your phone, Apple, and your other devices, and is not controlled by Notch.

Photo redactions

When you redact a photo, the rectangles you draw are permanently composited into the saved image at full resolution. The unredacted original is deleted from temporary storage before the app moves on. EXIF metadata (location, device identifiers, original timestamps) is stripped during save. Once a photo is saved, no copy of the unredacted version exists anywhere — not on disk, not in any backup the app produces.

The in-app photo editor surfaces this directly: a small chip near the canvas reads "Photos stay on this device — redactions bake in permanently when you save."

Data export and deletion

You can export a complete copy of your weight, activity, habit, and photo metadata at any time from Settings → Security → Export all data. The export is a single JSON file shared via the iOS share sheet. Photo files themselves remain in the app's sandbox under iOS Data Protection; if you want to move them off-device, copy them through the iOS Files app or AirDrop. Where you store the export is up to you — Notch does not see or touch your iCloud, Files, or third-party storage.

To delete your data, use Settings → Security → Delete all data, or simply delete the app. Either way, iOS removes the encrypted database, all photo files, and the keychain entry. We can't delete data from our servers because we don't have any.

Backups

iOS may include the app's encrypted data in your iCloud or local device backup, depending on your iOS settings. Those backups are managed by Apple, not by us, and are encrypted by Apple under the protections of your Apple ID. If you don't want Notch data in those backups, exclude it in Settings → [your name] → iCloud → Manage Storage → Backups, or disable iCloud Backup entirely.

Third parties

None. Notch does not include any third-party SDKs that transmit data. The app uses open-source libraries (op-sqlite for the database, expo-file-system for storage, expo-local-authentication for biometric unlock, and — if Apple Health sync is enabled — the @kingstinct/react-native-healthkit bridge to Apple's on-device HealthKit framework) but none of them call out to a network during normal use. Apple HealthKit itself is an iOS framework provided by Apple; if you've enabled iCloud Health Sync, Apple may move HealthKit data between your devices under their end-to-end encryption — that is your iCloud and your choice, not Notch's. We do not sell, share, rent, or otherwise disclose your data, because we do not have it.

Children

Notch is not directed at children under 13 and we do not knowingly collect any data from anyone (including children, since we do not collect data from anyone). If you are under the age of majority in your jurisdiction, please use the app only with the involvement of a parent or guardian.

Your rights

Privacy laws like the GDPR and CCPA give you rights to access, correct, port, and delete personal data that companies hold about you. Because we do not hold any of your data, there is nothing for us to access, correct, port, or delete on your behalf — your data lives on your device, under your control. Use the in-app export and delete functions in Settings → Security to exercise those rights directly.

Changes to this policy

If this policy changes in any meaningful way, we'll update the "Last updated" date at the top, and — because the app may need to disclose changes — surface a notice in the app the next time you open it. Material changes that increase data collection will require a separate App Store update with reviewable release notes.

Contact

Questions, concerns, or anything to flag? Email echo.2dma8a@bumpmail.io.