Privacy Policy

Data we collect

None. iReflection's developer does not collect, request, or receive any personal information, identifiers, usage metrics, diagnostics, or content of any kind. There is no analytics SDK, no crash reporter, no ad network, and no developer-operated backend server. If you choose to enable iCloud Backup (see below), your journal entries are sent to your private iCloud — Apple stores them on your behalf, and the developer has no ability to read them.

Data stored on your device

The app stores the following locally on your iPad, inside the app's sandboxed container managed by iPadOS:

• Your handwritten journal entries (stored as Apple PencilKit .pkdrawing files).
• Entry metadata such as the date each entry was created and modified.
• Your in-app preferences (canvas background, orientation, appearance mode, reminder settings, App Lock state).
• If you set an App Lock PIN: a salted PBKDF2-HMAC-SHA-256 hash of the PIN, held in the iOS Keychain. The PIN itself is never stored, never synced, and never transmitted. This applies even if iCloud Backup is enabled — the PIN is intentionally device-only.

This data is never transmitted off your device by iReflection unless you explicitly enable iCloud Backup. It is included in your iPadOS device backups and local Finder/iTunes backups according to your iPadOS settings — the app itself has no awareness of, or access to, those system backups.

Optional iCloud Backup

iReflection 1.2.x introduces an optional iCloud Backup feature that you can enable in Settings → iCloud Backup. The feature is free for every user as of 1.2.1. It is off by default and never activates without your explicit action.

When iCloud Backup is enabled:

• Each journal entry you write (its handwritten .pkdrawing bytes and the date metadata) is sent to your private iCloud database via Apple's CloudKit framework. The data is encrypted in transit using Apple-supplied TLS and stored in a CloudKit container scoped to your Apple ID.
• Your other iPads signed into the same Apple ID can sync these entries automatically. Apple identifies your devices to each other; the developer is not involved in routing.
• The developer cannot read this data. CloudKit private databases are accessible only to you and Apple — the iReflection developer does not have, request, or receive access to any iCloud account.
• If your iPad is offline, writes queue locally and sync automatically when network is restored. No data is lost.
• If you turn iCloud Backup off, the app gives you two choices: (a) keep the cloud copy in your iCloud (in case you re-enable later), or (b) delete the cloud copy. In either case, your local entries on the device are preserved. Disabling iCloud Backup never deletes anything from your iPad.
• Your App Lock PIN does not sync through iCloud Backup. The PIN remains in the iOS Keychain on the device where you set it, by design. If you set up a new iPad, you will be prompted to set a new PIN there.
• If you sign out of iCloud, disable iCloud Drive, or run out of iCloud storage, the sync engine pauses and surfaces an error in Settings → iCloud Backup. Your local entries continue to work normally.
• Apple's privacy policy and Apple ID terms govern Apple's handling of your iCloud data; see apple.com/legal/privacy.

Note for users who purchased the original 1.2.0 release: 1.2.0 introduced iCloud Backup behind a one-time $4.99 In-App Purchase. After feedback from Apple's App Review team, the IAP was retired in 1.2.1 and the feature was made free for everyone. The app no longer reads or stores anything from Apple's StoreKit framework.

Third-party services

None. iReflection does not integrate with any third-party SDKs, analytics providers, advertising networks, or crash reporters. CloudKit, used by the optional iCloud Backup feature described above, is Apple's own platform service, not a third-party service — it is part of iPadOS and operates under Apple's privacy policy. The app does not make any network requests outside of CloudKit when iCloud Backup is enabled, and makes no network requests at all when it is not.

Analytics

None. We do not collect usage analytics, performance metrics, or any form of telemetry.

Tracking

None. iReflection does not track you across apps or websites, and does not use the iOS Advertising Identifier (IDFA) or any similar identifier.

Children's privacy

iReflection is rated 4+ and does not collect any data from any user, including children. The app is safe for users of any age to use without parental consent to data collection (because there is no data collection).

Your rights

Because iReflection's developer never collects your data, there is nothing for the developer to export, correct, or delete. You can delete all local data created by iReflection at any time by deleting the app from your iPad, which removes the app's sandbox container and all its contents (including the App Lock PIN hash in the Keychain). If you have enabled iCloud Backup, you can additionally delete the iCloud copy in two ways: (1) Settings → iCloud Backup → Disable, then choose "Delete cloud copy"; or (2) on any of your iPads, sign in to iCloud.com and use Apple's iCloud storage management to remove the iReflection container's data. Deleting the iCloud copy never deletes the local copy on any of your iPads.

Permissions requested

iReflection requests the following iPadOS permissions, all of which are optional and used only for the feature they enable:

• Notifications — used only to deliver the daily reminder you schedule in Settings. Notifications are scheduled locally on-device via UNUserNotificationCenter; no content is sent to Apple's push servers.

Changes to this policy

If this policy changes, the updated version will be published at the same URL with a new "Last updated" date. Because iReflection does not collect data, any future changes will, at most, clarify existing practices.

Developer

iReflection is developed and maintained by Shuta Suzuki. For support and more information, visit shutasuzuki.com/iReflection.