Privacy Policy for Feedback App

Last updated: July 11, 2025

Feedback (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our iOS app (“App”), our server endpoints, and related services (“Services”). By downloading or using the App and Services, you agree to the collection and use of information as described in this Privacy Policy.

1. Information We Collect

1.1 Personal Profile Information

• Full Name, Display Name, Initials
  Collected when you sign up via Sign in with Apple or edit your profile.
• Email Address
  Collected at sign-up or profile edit for account creation and notifications.
• Phone Number
  Optional; collected when you add or edit your phone number for profile completeness.
• Date of Birth & Gender
  Optional; collected if provided to support age-appropriate features.

1.2 Authentication Credentials

• Apple ID Credential
  We integrate Sign in with Apple. We request only name and email scopes; no passwords are stored on our servers.

1.3 Profile Photo

• Image Data
  When you pick a photo and store the resulting image as a CKAsset in your private CloudKit record.

1.4 Location Data

• When-in-Use & Always-On Location
  
  • Check-In: Your precise location (latitude, longitude) is collected only after you explicitly tap “Check In.”
  • Background Sharing: If you grant Always authorization, we continue updating and querying your location in the background to power proximity-based feedback.
  We process and store latitude, longitude, and a locationLastUpdated timestamp in your CloudKit record.

1.5 Feedback & Interaction Data

• Feedback Messages & Ratings
  Text you send and the numeric rating (0.5–5.0) stored as CloudKit records.
• Feedback Score
  Computed and stored per user (1.0–5.0) in CloudKit based on feedback history.
• Encounters / Proximity Sessions
  Server-side code measures how long two users remain within proximity (≤ 10 m) and, upon separation, writes “Encounter” records to CloudKit with timestamps, durations, and latitude/longitude.

1.6 Blocking Information

• Blocked User IDs
  Stored locally in UserDefaults and synced to your CloudKit profile.

1.7 Notifications & Device Token

• APNs Device Token
  Collected and saved in your CloudKit record to enable push notifications.
• Push Notification Usage
  • Reminder Notifications: Daily 6 AM reminders and weekly summaries scheduled via UNUserNotificationCenter.
  • Leave Feedback: Prompt after qualifying proximity sessions.
  • Stale-Location Alerts: Server script detects when your location stops updating and pushes “please keep app running” notices.

1.8 Technical & Usage Data

• CloudKit Record Identifiers
  Used internally to fetch and update your profile, feedback, and encounter records.
• Timestamps & Metrics
  Recorded for when feedback is sent/viewed, location updates, notification scheduling, and CloudKit operations.
• Local Caching
  We cache profile fields, feedback arrays, blocked lists, and eligibility data in UserDefaults for offline support and performance.

2. How We Use Your Information

• Account Creation & Management: To create and maintain your user profile in CloudKit and in-app state.
• Feedback Functionality: To enable sending, receiving, and displaying feedback messages and ratings, and to compute and display your feedback score.
• Proximity-Based Features: To identify nearby users when checked in, manage eligibility timers, and trigger leave-feedback notifications after separation.
• Notifications: To schedule and deliver push notifications for daily/weekly reminders, leave-feedback prompts, and stale-location alerts.
• Blocking: To prevent blocked users from sending you feedback and to hide them from your radar view.
• Server-Side Proximity Processing: To aggregate CloudKit location data, compute proximity sessions, enforce together/grace/separation thresholds, and write “Encounters” back to CloudKit.
• Security & Integrity: To sign server-to-CloudKit requests with ECDSA, generate APNs JWTs, and verify request authenticity.
• Caching & Offline Support: To store data locally for smoother UI and offline access.

3. How We Share Your Information

• Other App Users
  • Feedback Records: Your feedback text, timestamp, rating, and display name are visible to the recipient.
  • Encounter Records: Proximity sessions write records for both participants.
  • Blocking: When you block someone, their ID is stored in your profile; recipients cannot see you.
• Apple’s CloudKit Service
  All personal and interaction data is stored in your private CloudKit container (iCloud.com.location.Feedback). We never share data outside CloudKit except as described above.
• Push Notification Servers
  • Apple APNs: We send your device token and payloads to Apple’s APNs.
  • Server-Side Scripts: Your device token is used to look up your CloudKit profile and send notifications; logs are not shared externally.
• No Third-Party Analytics or Advertising
  We do not integrate external analytics or ad networks.

4. Data Retention

• CloudKit Records
  Persist until you delete your account or we remove them upon request.
• Local Cache (UserDefaults)
  Persists until you uninstall the App or clear the app data.

5. Your Choices & Rights

• Edit or Delete Profile Information
  Use the in-app Edit Profile screen to update or clear name, photo, email, phone, birthday, or gender.
• Revoke Location Permissions
  Change “When In Use” or “Always” location permissions in iOS Settings to disable proximity features.
• Unblock Users
  Tap “Unblock” in Blocked Users to remove IDs from your block list.
• Data Export & Deletion
  To export or permanently delete your CloudKit data (profile, feedback, encounters), contact us at the email below.
• Children’s Privacy
  The App is not intended for users under 17. We do not knowingly collect data from children under 17.

6. Security

• Encryption in Transit & At Rest
  All data to/from CloudKit and APNs is sent over TLS. CloudKit encrypts data at rest.
• ECDSA Request Signing
  Server uses your private key to sign CloudKit API requests; only valid signatures are accepted by Apple.
• Device Security
  Local caches in UserDefaults are protected by iOS sandboxing and device encryption.

7. Changes to This Policy

We may update this Privacy Policy to reflect changes in features or legal requirements. We will post the revised date at the top and, for significant changes, notify you in-app.

8. Contact Us

If you have questions or requests regarding this Privacy Policy or your data, please contact:

Email: feedback@thefeedbackapp.org

By using our App and Services, you acknowledge that you have read, understood, and agree to this Privacy Policy.