Privacy is part of the product.
Last updated: June 27, 2026. This policy explains local storage, optional accounts, backup, permissions, deletion, and service providers.
1. Privacy model
Unleft is local-first. Core cards and attachments are stored on the device. An account is optional. Cloud backup is not enabled automatically and begins only after the user explicitly approves it.
2. Information you choose to provide
Depending on how you use Unleft, the app may process card titles, next actions, dates, reminder settings, status, photos, screenshots, camera captures, voice notes, and other content you deliberately add. Email address and a user identifier may be processed when you create an optional account or use Sign in with Apple.
3. On-device features
Selected images may be processed by on-device text recognition to suggest card details. Suggestions are shown for review; the user decides what to keep. Local reminders are scheduled through the device notification system.
4. Optional secure backup
If you enable secure backup, card content and selected attachments are transmitted to authenticated, private cloud services for backup and recovery. Supabase is used for authentication, database, and file storage. Transactional email delivery may be used to send sign-in codes. Backup is access-controlled per user, but Unleft does not currently claim end-to-end or zero-knowledge encryption.
5. Permissions
Photos, Camera, Microphone, Notifications, and sharing access are requested only when the related feature is used. You can change these permissions in iPhone Settings.
6. How information is used
Information is used to provide app functionality, authentication, optional backup and restore, account deletion, customer support, reliability, and security. Unleft does not sell personal data, use third-party advertising, or use saved content to build advertising profiles.
7. Service providers
Service providers may process limited information on our behalf to operate authentication, cloud backup, transactional email, website hosting, and support. The Unleft website is hosted using Netlify. These providers are used for product operation—not for behavioral advertising.
8. Retention and deletion
You can delete individual cards and local data in the app. Account holders can initiate account deletion inside Unleft. The account-deletion flow is designed to remove cloud profile data, cloud cards, attachment metadata, private cloud files, and the authentication account, except information that must be retained by law or for legitimate security purposes.
9. Security
Unleft uses platform protections, authenticated access, encrypted native session storage on supported devices, private cloud storage, and database access controls. No system can promise absolute security, and users should not use Unleft as the sole record for emergency, medical, legal, financial, or safety-critical obligations.
10. Children and students
Unleft can be useful for homework and school-related organization, but the app is not designed to collect information from children without appropriate consent. Parents and guardians should supervise account and backup choices for younger users where required.
11. Changes
This policy may be updated as Unleft moves from beta to public release or adds material features. The “Last updated” date will reflect significant revisions.
12. Contact
Privacy questions can be sent to hello@unleft.app.