Notch does not collect, transmit, or store any of your data outside your device. There are no accounts, no servers, no analytics, no advertising, no third parties. Everything you record lives in an encrypted database on your iPhone, and only you can unlock it.
If that's all you needed to know, you can stop reading here.
You can verify all of this in-app. Tap the lock badge in the top-right of any tab to see the same six rules and the technical details. Settings → Security shows what's actually stored on your device, including the database file path and entry counts.
Who this applies to
This policy covers Notch, the iOS app published by an independent developer (referred to here as "we" or "us"). It applies to anyone who installs and uses the app.
What we collect
Nothing. Notch does not have a backend, does not use analytics SDKs, does not include crash reporters that phone home, and does not contain advertising or tracking code. There is no signup flow because there is nothing for you to sign up to.
What stays on your device
You enter the following information yourself, and it remains stored locally on your iPhone:
- Weight entries (date, weight, optional note) — manual or imported from Apple Health
- Activities (type, duration, exercise details, optional note) — manual or imported from Apple Health
- Habit and task check-ins
- Progress photos, after redactions are baked in
- Your unit preference (kg or lb), Face ID lock setting, Apple Health sync toggles, and similar in-app preferences
How it's encrypted
Two layers of encryption protect your data on the device:
NSFileProtectionComplete — Apple's strictest data-protection class. Files are encrypted at rest using a key derived from your device passcode and are inaccessible whenever the device is locked.LocalAuthentication.framework (Face ID / Touch ID) for biometric app lock. Off by default.HealthKit framework. HealthKit data is sandboxed and on-device; nothing is transmitted off your phone.UIActivityViewController — your phone decides where the data goes.You can confirm what's stored — including the literal database file path inside the app sandbox — under Settings → Security.
Permissions and why we ask for them
- Camera. Used only when you tap "Take photo" inside the app, to capture a progress photo for redaction. The image is held in temporary storage just long enough for you to redact it, then it is replaced by the redacted version and the original is deleted.
- Photo library. Used only when you tap "Pick photo" to import an existing photo for redaction. The same temp-and-delete flow applies.
- Face ID / Touch ID. Used only to unlock the app when you have biometric lock enabled in Settings → Security. Apple does not share your biometric data with the app, and we don't see it.
- Apple Health. Optional. Requested only if you turn on a sync direction in Settings → Apple Health. iOS shows you its native permission sheet with separate toggles for read and write per data type (Body Mass, Workouts). We never see which toggles you set — Apple deliberately doesn't share that. If we can't read or write because permission was declined, we surface a gentle in-app notice; nothing crashes, nothing retries silently.
Each permission is requested only the first time you use the corresponding feature. You can revoke any of them at any time in iOS Settings → Notch, or in iOS Settings → Privacy & Security → Health → Notch for Apple Health specifically.
Apple Health integration
If you enable Apple Health sync, Notch reads from and writes to your device's HealthKit database for two data types only: body weight and workouts. Notch does not read, write, or transmit any other HealthKit data type (heart rate, sleep, blood pressure, menstrual data, nutrition, etc.) — even if you've granted broader permission to other apps.
Four independent toggles in Settings → Apple Health let you opt in to each direction:
- Read activities — pull workouts from Apple Health into Notch.
- Read weights — pull body weight measurements into Notch.
- Write activities — push Notch activities into Apple Health.
- Write weights — push Notch weights into Apple Health.
All four start off. You enable any combination you want; you can change them anytime, or disconnect entirely. When you disconnect, items already imported into Notch stay in Notch (they're yours); items pushed to Apple Health stay there until you delete them via the Health app.
Photos and habits never sync to Apple Health. Apple Health doesn't have a category for progress photos, and we wouldn't sync them even if it did — photos are designed to stay strictly inside Notch. Habit check-ins don't map to any HealthKit data type either.
Items that came in from Apple Health are clearly marked with a "From Health" badge inside Notch. Items Notch pushes into Apple Health are tagged with metadata identifying Notch as the source, so the same workout doesn't loop back into Notch as a duplicate import.
The HealthKit database itself is managed by iOS, encrypted at rest, and inaccessible to other apps without your explicit permission. If you have iCloud Health Sync enabled (in iOS Settings → your Apple ID → iCloud → Health), Apple may include the HealthKit database in iCloud under Apple's end-to-end encryption — that is between your phone, Apple, and your other devices, and is not controlled by Notch.
Photo redactions
When you redact a photo, the rectangles you draw are permanently composited into the saved image at full resolution. The unredacted original is deleted from temporary storage before the app moves on. EXIF metadata (location, device identifiers, original timestamps) is stripped during save. Once a photo is saved, no copy of the unredacted version exists anywhere — not on disk, not in any backup the app produces.
The in-app photo editor surfaces this directly: a small chip near the canvas reads "Photos stay on this device — redactions bake in permanently when you save."
Data export and deletion
You can export a complete copy of your weight, activity, habit, and photo metadata at any time from Settings → Security → Export all data. The export is a single JSON file shared via the iOS share sheet. Photo files themselves remain in the app's sandbox under iOS Data Protection; if you want to move them off-device, copy them through the iOS Files app or AirDrop. Where you store the export is up to you — Notch does not see or touch your iCloud, Files, or third-party storage.
To delete your data, use Settings → Security → Delete all data, or simply delete the app. Either way, iOS removes the encrypted database, all photo files, and the keychain entry. We can't delete data from our servers because we don't have any.
Backups
iOS may include the app's encrypted data in your iCloud or local device backup, depending on your iOS settings. Those backups are managed by Apple, not by us, and are encrypted by Apple under the protections of your Apple ID. If you don't want Notch data in those backups, exclude it in Settings → [your name] → iCloud → Manage Storage → Backups, or disable iCloud Backup entirely.
Third parties
None. Notch does not include any third-party SDKs that transmit data. The app uses open-source libraries (op-sqlite for the database, expo-file-system for storage, expo-local-authentication for biometric unlock, and — if Apple Health sync is enabled — the @kingstinct/react-native-healthkit bridge to Apple's on-device HealthKit framework) but none of them call out to a network during normal use. Apple HealthKit itself is an iOS framework provided by Apple; if you've enabled iCloud Health Sync, Apple may move HealthKit data between your devices under their end-to-end encryption — that is your iCloud and your choice, not Notch's. We do not sell, share, rent, or otherwise disclose your data, because we do not have it.
Children
Notch is not directed at children under 13 and we do not knowingly collect any data from anyone (including children, since we do not collect data from anyone). If you are under the age of majority in your jurisdiction, please use the app only with the involvement of a parent or guardian.
Your rights
Privacy laws like the GDPR and CCPA give you rights to access, correct, port, and delete personal data that companies hold about you. Because we do not hold any of your data, there is nothing for us to access, correct, port, or delete on your behalf — your data lives on your device, under your control. Use the in-app export and delete functions in Settings → Security to exercise those rights directly.
Changes to this policy
If this policy changes in any meaningful way, we'll update the "Last updated" date at the top, and — because the app may need to disclose changes — surface a notice in the app the next time you open it. Material changes that increase data collection will require a separate App Store update with reviewable release notes.
Contact
Questions, concerns, or anything to flag? Email echo.2dma8a@bumpmail.io.