Privacy Policy for Cift

Last Updated: October 29, 2025
Effective Date: October 29, 2025

Introduction

Cift is a privacy-first task and event management app. Your data stays on your device. This privacy policy explains how Cift protects your information.

What Cift Does NOT Do

Does NOT store your tasks or events on servers
Does NOT track your behavior
Does NOT sell your data
Does NOT share your data with advertisers
Does NOT collect personal information (no names, emails, or phone numbers)

How Your Data Stays Private

On Your Device

All your tasks and events are stored locally on your iPhone or iPad
Data is encrypted using AES-256-GCM (military-grade encryption)
Encryption keys are stored in iOS Keychain (hardware-protected when available)
With iCloud Keychain enabled, your encryption keys can sync across your Apple devices

Voice Input

When you use voice input, audio is processed entirely on your device using Apple's Speech Recognition
Voice recordings never leave your device
Audio is immediately discarded after converting to text
Only the transcribed text is used (see "Temporary Processing" below)

Local Storage Only

Your data remains on your device until you delete it
Uninstalling Cift removes all local data
No cloud backup or server storage exists

Temporary Processing by OpenAI

When you create tasks or events, Cift sends your text to OpenAI's API for intelligent parsing and categorization.

What This Means:

Your task/event descriptions are sent securely via HTTPS encryption
OpenAI processes the text to understand and categorize it
OpenAI does not use API data to train AI models (per their API policy)
Data is processed temporarily and not permanently stored by OpenAI
Cift's backend server does not log or store this data - it passes through in memory only

OpenAI Privacy & Policies:

Privacy Policy: https://openai.com/privacy
API Data Usage Policy: https://openai.com/policies/api-data-usage-policies

What Data Passes Through Cift's Backend

Cift's backend server acts as a secure proxy between your device and OpenAI:

Data Flow:

You create a task/event on your device
Text is sent via HTTPS to Cift's server
Cift's server forwards it to OpenAI for processing
OpenAI returns structured data (task details, categories, etc.)
Cift's server sends the result back to your device
Your device encrypts and saves the data locally

Backend Privacy Measures:

No logs contain your task/event content
Logs only show: timestamps, request counts, error types
Data is processed in memory only - nothing is saved to disk
Even the app developer cannot see your data in logs

Data Security

Security Measure	Implementation
Encryption at Rest	AES-256-GCM on device
Encryption in Transit	HTTPS/TLS 1.3
Key Storage	iOS Keychain (hardware-backed)
Server Storage	None - processed in memory only
Rate Limiting	1000 requests per 15 minutes (prevents abuse)

Your Rights and Control

Access Your Data

All your data is on your device. You can view, edit, and manage it anytime in the app.

Export Your Data

Go to Settings → Export My Data
Receive a JSON file with all your tasks and events
Save or share it however you like

Delete Your Data

Delete individual items: Swipe to delete any task or event
Delete all data: Settings → Delete All My Data
Uninstall the app: Removes all local data permanently

Manage Permissions

Microphone: You can revoke microphone access in iOS Settings
Speech Recognition: You can disable speech recognition in iOS Settings
Notifications: You can disable reminders in iOS Settings

Third-Party Services

OpenAI

Purpose: Natural language processing for task/event parsing
Data Sent: Text descriptions of tasks and events you create
Data Retention: Temporary processing only
Training: OpenAI does not use API data for model training
Privacy Policy: https://openai.com/privacy
API Data Usage: https://openai.com/policies/api-data-usage-policies

Apple Services

Speech Recognition: On-device only (audio never leaves your device)
iOS Keychain: Stores encryption keys securely
iCloud Keychain (Optional): Syncs encryption keys across your devices
Local Notifications: Reminder notifications are handled on-device

No Other Third Parties: Cift does not use analytics, crash reporting, or advertising services.

Children's Privacy

Cift does not knowingly collect information from children under 13. The app is designed to store all data locally on the user's device.

If you are a parent or guardian and believe your child has used the app, you can simply delete the app to remove all data.

International Users

Cift's backend server is hosted in the United States. When you use AI features, your task/event text is temporarily transmitted to the US for processing.

Your data is protected by:

HTTPS encryption during transmission
No server-side storage
Privacy measures described in this policy

Changes to This Privacy Policy

Cift may update this privacy policy occasionally. Changes will be communicated through:

Updated "Last Updated" date at the top
In-app notification for significant changes

Continued use of Cift after changes indicates acceptance of the updated policy.

Data Retention

Data Type	Retention Period
On Your Device	Until you delete it or uninstall the app
Cift's Server	Not stored (processed in memory only)
OpenAI Processing	Temporary (per OpenAI's API data retention policy)
Backups	Encrypted data may be in your iCloud/iTunes backups

Legal Compliance

GDPR (European Users)

Cift respects your rights under the General Data Protection Regulation:

Right to Access: Export your data anytime
Right to Erasure: Delete all data anytime
Right to Portability: Export in JSON format
Right to Object: Don't use the app if you object to OpenAI processing

CCPA (California Users)

Cift does not sell personal information
You can request data deletion anytime
You have the right to know what data is collected (see this policy)

Data Processing Basis

Consent: By using Cift, you consent to the processing described here
Legitimate Interest: Processing is necessary for the app to function

Security Incident Response

In the unlikely event of a security breach:

Affected users will be notified promptly
Steps to protect your data will be communicated
The issue will be resolved immediately

Note: Since Cift does not store your data on servers, the risk of a server breach affecting your data is minimal.

Contact Information

If you have questions about this privacy policy or Cift's privacy practices:

Email: ciftdev@gmail.com

Technical Details for Transparency

Encryption Specifications

Algorithm: AES-256-GCM (NIST-approved, authenticated encryption)
Key Size: 256 bits
Key Generation: Cryptographically secure random number generator
Key Storage: iOS Keychain with kSecAttrAccessibleAfterFirstUnlock
Key Sync: Optional via iCloud Keychain (end-to-end encrypted by Apple)

Network Security

Protocol: HTTPS with TLS 1.3
Backend Server: Stateless, processes requests in memory only
Rate Limiting: 1000 requests per 15 minutes per IP address
Logging: Metadata only (no user content)

Data Format

Local Storage: Encrypted binary data
Export Format: Human-readable JSON
Backup Format: Encrypted (part of iOS device backup)

Summary

Cift prioritizes your privacy:

Your tasks and events are encrypted and stored only on your device
OpenAI temporarily processes text for AI features (not stored, not used for training)
Cift's backend does not store any user data
You have full control over your data at all times
No tracking, no advertising, no data selling

By using Cift, you agree to this privacy policy.