Privacy Policy

Last updated: April 2026

Sylph is a privacy-first app. We collect the absolute minimum required to run the app. This policy explains which data is processed when — and which is not.

1. Controller

Martin Rost, c/o flexdienst – #20426, Kurt-Schumacher-Straße 76, 67663 Kaiserslautern, Germany.
Contact: [email protected]

2. General principles

  • Sylph requires no account and no sign-up.
  • We use no tracking pixels, no ad networks, no third-party cookies.
  • Session and history data is stored only on your device (SwiftData).
  • Optionally, you can enable iCloud sync — data is then encrypted in your private iCloud container managed by Apple; we have no access.

3. Third-party services we use

3.1 RevenueCat (subscription management)

We use RevenueCat, Inc. (USA) for in-app purchases and subscriptions. Transmitted: an anonymous app-user-ID (UUID), device country, platform and purchase data — no plain identifiers. Legal basis: Art. 6(1)(b) GDPR (contract performance). RevenueCat privacy.

3.2 TelemetryDeck (anonymous analytics)

We use TelemetryDeck (Telemetry GmbH, Germany) for anonymous usage analytics. Personal identifiers are hashed technically; re-identification is not possible. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in product improvement). TelemetryDeck privacy.

3.3 Sentry (crash reporting)

In release builds, Sentry is used for crash reporting. Transmitted: stack trace, iOS version, device model, app version — no personal data, no session content. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stability).

4. HealthKit

Sylph may access Apple Health to write Mindful Minutes and optionally display heart rate and HRV. This permission is opt-in and can be revoked at any time in iOS Settings. Apple manages this data; it never leaves your device.

5. Apple App Store

Purchases and subscriptions go directly through Apple. Apple shares only anonymous aggregate statistics with us. See Apple's terms for their privacy practices.

6. Your rights

You have rights to access, rectification, erasure, restriction of processing and data portability (Articles 15–20 GDPR). Because we do not store plain identifiers, direct attribution may not always be possible. Requests: [email protected].

7. Right to lodge a complaint

You may lodge a complaint with a data protection authority — e.g. the State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate, Germany.

8. Changes to this policy

We may update this policy when we add features or services. The current version is at sylph.appstellar.de/en/privacy/.