Privacy Policy

Effective date: 2026-05-02 · Last updated: 2026-05-02

This is not tax or legal advice. SnowbirdDays records observations of where your device was. It does not determine your legal residency. Always consult a qualified CPA, tax attorney, or audit professional before relying on the app's output for any tax or legal purpose.

Summary

Your data stays on your device. SnowbirdDays stores your location records, settings, and exported files only on this iPhone or iPad.
No analytics, no crash reporter, no ad tracking, no third-party SDKs that observe you. We do not run a backend that receives your data.
The only outbound traffic the app initiates on its own is a hash submission to a public timestamp authority (FreeTSA). That submission contains a 32-byte SHA-256 hash and an 8-byte nonce. The request body contains no location, no name, no email, and no app account identifier. FreeTSA and network operators may receive ordinary transport metadata such as IP address and request time.

What we collect

We collect nothing beyond what you enter into the app. Specifically, the app stores on your device:

Background location events from iOS (visits and significant location changes), used to count which state or country you were in on each day.
Manual entries you create or import (for example, a CSV of past travel days). Manually imported records are tagged so they are distinguishable from device-derived records.
App preferences such as your primary state, threshold alert settings, and appearance choices.

We do not have a server that receives any of this data. We do not have an account system, so there is no name, email, password, or billing record on our side.

What we don't collect

No analytics or product-usage telemetry of any kind.
No crash reporting service operated by us.
No advertising identifiers and no ad-network SDKs.
No third-party tracking or fingerprinting libraries.
No contact list, photo library, microphone, or camera access.
No browsing history, no search queries, and no behavioural profiling.

Apple's standard system-level crash reporting (Settings → Privacy & Security → Analytics & Improvements → Share With App Developers) is controlled by you at the iOS level. If enabled, Apple — not us — decides what symbolicated crash logs to forward to developers. You can disable it at any time.

Where your data lives

Your records live in a SwiftData database inside the app's sandboxed Application Support directory on your device, protected by iOS file protection. Some non-sensitive caches (for example, an attestation key reference) may live in the iOS Keychain on this device only. Nothing is synchronised to iCloud unless you explicitly export a file and place it in iCloud Drive yourself.

If you use Apple's iCloud Backup feature for your device, iOS may include the app's data in your encrypted device backup. That backup is governed by Apple's privacy policy, not ours. We do not see it and cannot read it.

Outbound traffic

The app initiates only one category of network request on its own: an RFC 3161 timestamp request to FreeTSA at https://freetsa.org/tsr, periodically, to anchor your record chain to real-world time. Each request contains:

A 32-byte SHA-256 message imprint (the hash of your chain tail — a value indistinguishable from random bytes to the receiver).
An 8-byte cryptographic nonce.
The provider URL itself.

The submission is hash-only. It does never contain your raw location, your dates, your jurisdiction names, your day counts, your email, your name, your Apple ID, or any identifier that could link the submission back to you.

Other categories of network activity may occur because of how iOS and the App Store work — not because the app reaches out on its own:

Apple's App Store / StoreKit. Apple processes subscription purchases, restores, and renewal updates per Apple's privacy policy. We receive only a coarse entitlement state (do you have an active subscription, yes or no), not your Apple ID, your payment method, or your email.
Apple system services such as iCloud Keychain. If you have iCloud Keychain enabled, iOS may sync small, non-sensitive Keychain items between your devices using Apple's end-to-end encryption. This is system behaviour controlled by you, not by us.

StoreKit and subscriptions

Subscriptions are processed by Apple through the App Store. We do not operate a payment server and do not see your payment information, your Apple ID, or your billing email. Apple gives the app a privacy-preserving entitlement summary so the app knows whether to unlock paid features. Cancel any time in Settings → [your name] → Subscriptions on iOS. Apple's privacy policy governs your relationship with Apple as the payment processor.

If Apple Family Sharing is enabled for your subscription, Apple handles family eligibility and membership. We do not receive your family-member list or manage family access.

Subject access and deletion

Because all your data lives on your device, you already have direct access to it through the app's UI and exports. To delete:

Delete All Data. Open the app and choose Settings → Delete All Data. That wipes every record, every preference, every cached file, and every export the app created in its own container.
Uninstall the app. Removing the app from your home screen tells iOS to delete the app's container, which takes everything with it (subject to any iCloud Backup retention you have configured).

If you want a machine-readable dump of your records, the in-app Export feature produces CSV, JSON, Audit Evidence JSON, and plain-text summary files in open formats you can keep or send to anyone you choose. Backup and visit-event exports may contain precise coordinates and timestamps.

Children

SnowbirdDays is rated 4+ in the App Store. The app is not directed to children under 13 (United States — Children's Online Privacy Protection Act) or to children under the equivalent age in your jurisdiction, and we do not knowingly collect information from children. If a parent or guardian believes a minor has used the app and wants the data removed, the in-app Delete All Data function wipes the device-local data; because we have no servers, there is no further deletion to perform.

Changes to this policy

If we change this policy, we will update the effective date at the top of this page. For material changes — for example, a new outbound destination, or a new category of data collection — we will also surface a notice in the app on the next launch after the change.

Contact

Questions about this policy or about the data we (do not) hold: privacy@snowbirddays.app.

Governing law

This policy is governed by the laws of the United States and the State of Minnesota, without regard to conflict-of-law principles. For users whose local consumer-protection or privacy law confers rights that cannot be waived by contract, those rights prevail to the minimum extent required.