Privacy Policy

Last updated {DATE}

Tuckaway has no account and no server that receives vault data. Your photos and videos are encrypted on your device and never sent to us. We don’t collect, store, or have access to your media, your passphrases, or whether you even use a vault. This website does not use cookies, analytics, forms, or tracking scripts; its hosting provider may process limited technical request data to deliver and protect the site.

What the app collects

Nothing. Tuckaway does not collect, transmit, or store any personal data on any server we operate, because we operate no server. Specifically, we never receive:

  • Your photos, videos, thumbnails, filenames, or media metadata (camera, location, dates).
  • Your vault passphrases or folder PINs, or whether any vault or folder exists, is empty, or how much it holds.
  • Your Face ID / biometric data (handled entirely by iOS; the app never sees it).
  • Any device identifier, advertising identifier, or analytics event.

The app contains no third-party analytics, advertising, attribution, or crash-reporting SDKs.

What this website collects

This site is static. We don’t run our own analytics, set cookies, or use forms or tracking scripts, and we don’t profile your visit. Like any website, our hosting provider (Cloudflare) may process basic technical request data (such as IP address) transiently to deliver the site and protect against abuse; see Cloudflare’s Privacy Policy. We have no sign-up, newsletter, or contact form.

Limited data outside the app

If you email support, we receive your email address and any information you choose to include. We use it only to reply, handle the request, and keep ordinary support records for as long as needed. Where privacy laws require a legal basis, this limited processing is based on your request, consent, contract necessity, website security, or our legitimate interest in operating and protecting the site and support channel, as applicable.

Apple services the app uses

Tuckaway relies on Apple system services. Data sent to these goes to Apple, not to us, and is governed by Apple’s Privacy Policy:

  • iCloud Backup — If you enable it, only encrypted vault data is included in your device’s iCloud backup. Keys used for convenient access to your everyday gallery may be protected by Apple Keychain and device security features such as Face ID and Secure Enclave. Your hidden-vault passphrases are never stored by Tuckaway; they are required each time to derive the keys for those vaults. None of this is readable by us.
  • In-app purchases (StoreKit) — Subscriptions are processed by Apple. We receive anonymized, aggregate sales data from Apple; we do not receive your name, email, or payment details.
  • Maps (MapKit)Only if you open the location map for a photo in its info sheet, that photo’s coordinates are sent to Apple Maps to render the preview. This is the app’s only outbound location request, and it happens solely at that moment — if you don’t open the map, no location data is sent.

The app contains no other third-party analytics, advertising, attribution, crash-reporting, or cloud-storage SDKs.

Forgotten passphrases cannot be recovered

Because encryption is the point, a forgotten passphrase cannot be recovered by anyone, including us. We have no copy of your keys and no recovery backdoor. Deleting the app removes its local data from your device. If you use iCloud Backup or iCloud Keychain, some encrypted data and Apple Keychain items that allow your everyday gallery to be restored may remain in iCloud until you remove them through iOS Settings.

Children

Tuckaway is not directed to children under 13 (or the minimum age in your jurisdiction) and we do not knowingly collect data from them. As the app sends us no vault or usage data, this is structural.

Your rights (GDPR / CCPA and similar)

You may have rights to access, correct, delete, or port your personal data, and to object to its processing. Because the app sends us no vault or usage data, there is no app account, media, passphrase, vault record, or analytics profile for us to retrieve, correct, delete, or sell. We do not sell personal data or share it for cross-context behavioral advertising. For limited support email or website request data, contact us at support@{DOMAIN}. For data held by Apple (e.g., subscription records), contact Apple.

Changes

If this policy changes, we’ll update the date above and post the new version here. Material changes affecting any future data practice (for example, if advertising is ever introduced) will be disclosed here and reflected in the App Store privacy label before taking effect.

Contact

Questions about privacy: support@{DOMAIN}. If you contact us by email, we’ll receive the email address and any information you choose to include, and we use it only to reply to you and handle your request. We don’t add you to any list or use it for marketing.