QuotedAI Privacy Policy

Last updated: April 12, 2026

1. Overview

QuotedAI ("the App," "we," "our") is designed with privacy as a foundational principle. The vast majority of the App's functionality operates entirely on your device. We do not maintain user accounts, and we do not operate backend servers that store your personal data. This Privacy Policy explains what data the App accesses, how it is used, and your rights regarding that data.

2. Data Collection Summary

Data Type	Collected?	Stored Where	Shared?
Personal identifiers (name, email)	No	N/A	No
Display name (optional)	On-device only	Device	No
Quote preferences & history	On-device only	Device	No
Mood check-in entries	On-device only	Device	No
Reflection journal entries	On-device only	Device	No
Stress check-in data	On-device only	Device	No
Daily intentions	On-device only	Device	No
Bookmarks & collections	On-device only	Device	No
Gamification progress (XP, achievements)	On-device only	Device	No
HealthKit data	On-device, read-only	Not stored	No
Location data	On-device only	Device (places you define)	No
Calendar events	On-device, read-only	Not stored	No
Now Playing music info	On-device, read-only	Not stored	No
Community collections (if published)	Yes (opt-in)	Apple CloudKit	Public
Challenge submissions (if participating)	Yes (opt-in)	Apple CloudKit	Public
Quote reactions (anonymous)	Device fingerprint hash	Apple CloudKit	Anonymous aggregate only
Subscription status	Via Apple StoreKit	Apple servers	No
Analytics or advertising data	No	N/A	No

3. On-Device Data

The following data is stored locally on your device using standard iOS storage mechanisms (UserDefaults, App Group containers, and the app's Documents directory). This data is never transmitted to us or any third party:

Preferences — Selected categories, font, theme, notification settings, energy preference, motivation goals
Bookmarks & Collections — Quotes you save and organize into collections
Quote History — Which quotes you have viewed (used to avoid repetition for 90 days)
Mood Check-Ins — Daily mood entries (1-5 scale) with optional notes, retained for 90 days
Reflection Journal — Quote-prompted micro-reflections, retained for 90 days, never transmitted
Stress Check-Ins — Body/mind/heart assessments, stored locally for trend tracking
Daily Intentions — Morning intention text you enter, stored locally
Gamification Data — Achievement progress, Wisdom XP, category mastery levels, daily challenge completion, streak data
Display Name — The optional name you provide during onboarding for quote personalization

This data is included in your iCloud device backup if you have iCloud Backup enabled in iOS Settings. We do not have access to your iCloud backups.

4. HealthKit Data

If you enable the "Match quotes to your energy" feature, QuotedAI requests read-only access to the following HealthKit data types:

Active Energy Burned (HKQuantityTypeIdentifier.activeEnergyBurned)
Workouts (HKWorkoutType)

This data is:

Read-only — QuotedAI never writes to HealthKit
Processed entirely on your device — Used to determine your current energy level (calm, steady, or intense) for quote selection
Never stored, logged, or transmitted — Only the resulting energy level classification is retained temporarily in memory
Never used for advertising, marketing, or data mining
Never shared with third parties under any circumstances

In full compliance with Apple's HealthKit guidelines and the App Store Review Guidelines Section 5.1.3, health data is never shared with third parties, used for advertising, or stored outside the secure HealthKit container. You can revoke HealthKit access at any time in iOS Settings > Privacy & Security > Health.

5. Location Data

If you enable location-based quote delivery, QuotedAI monitors up to 5 geofence regions that you explicitly define (e.g., your gym, office, or favorite cafe). This data is:

User-defined — QuotedAI only monitors places you explicitly add
Processed on-device by iOS — Geofence monitoring is handled by the operating system's CLLocationManager, not by our code or external servers
Never transmitted — Your location is never sent to any server
Never stored beyond your configured places — Only the place names and coordinates you configure are saved locally

You can remove places or revoke location permission at any time in the App's Settings or in iOS Settings > Privacy & Security > Location Services.

6. Calendar Data

If you enable calendar-aware quote context, QuotedAI requests read-only access to your calendar via EventKit. This data is:

Read-only — QuotedAI never creates, modifies, or deletes calendar events
Processed entirely on your device — Used only to detect context (e.g., upcoming meeting, day off, birthday) for quote category selection
Never stored or logged — Event details are read, a context signal is derived, and the event data is discarded from memory
Never transmitted to any server

You can revoke calendar access at any time in iOS Settings > Privacy & Security > Calendars.

7. Music Data

If you enable "Now Playing" quote mode, QuotedAI uses MusicKit to detect the genre of currently playing music. This data is:

Read-only — QuotedAI does not control playback or access your music library
Used only for genre detection — The genre is mapped to a quote category (e.g., lo-fi → mindfulness)
Never stored or transmitted

You can revoke media access at any time in iOS Settings > Privacy & Security > Media & Apple Music.

8. On-Device AI

On supported devices (iOS 26+), QuotedAI uses Apple's on-device Foundation Models to generate personalized quotes, wisdom explanations, author conversations, morning briefs, reflection prompts, and mood pattern insights. This processing:

Happens entirely on your device using Apple's privacy-preserving on-device language model
Sends no data to any server — no prompts, inputs, or generated content leave your device
Is cached locally — Generated content is cached on-device for performance; cache can be cleared by deleting the app

9. Community Features (Optional, Opt-In)

QuotedAI offers optional community features powered by Apple CloudKit. These features are entirely opt-in — you must take explicit action to participate:

Public Collections

If you choose to publish a collection, its title, theme, and quotes become publicly visible to other QuotedAI users via Apple's CloudKit public database. No personal information (name, email, Apple ID) is attached to published collections.

Daily Challenges

If you submit a quote card to a daily challenge, the card image is uploaded to Apple's CloudKit public database and visible to other participants. Submissions are identified by an anonymous device hash, not by your name or Apple ID.

Quote Reactions

When you react to a quote, an anonymous, irreversible SHA-256 hash of your device identifier is stored in CloudKit to prevent duplicate reactions. This hash cannot be used to identify you or your device. Reaction counts are displayed as anonymous aggregates.

Apple's CloudKit infrastructure is governed by Apple's own privacy policy. We do not operate or have administrative access to user-identifying data within CloudKit.

10. Subscriptions (QuotedAI Pro)

QuotedAI Pro subscriptions are managed entirely by Apple through StoreKit 2. We do not collect or store any payment information. Apple handles all billing, receipts, and subscription management. Your subscription status is verified on-device via StoreKit's transaction APIs. See Apple's Media Services Terms for details on Apple's handling of subscription data.

11. Photo Library

When you choose to save a shared quote card image, QuotedAI requests write-only access to your photo library via PHPhotoLibrary. QuotedAI does not browse, read, or access your existing photos.

12. Notifications

If you enable notifications, QuotedAI schedules local notifications on your device to deliver quotes at your preferred times. These are iOS local notifications — they do not involve any push notification server or external service.

13. Sharing

When you share a quote card via the iOS share sheet, the rendered image is passed to your chosen app (Instagram, iMessage, etc.) using Apple's built-in sharing mechanisms. Once content leaves QuotedAI, the receiving app's privacy policy governs that content. We do not track or log shares.

14. SharePlay

If you use SharePlay to browse quotes with others during a FaceTime call, quote synchronization data is transmitted peer-to-peer via Apple's GroupActivities framework. No data passes through our servers. Apple's privacy policy governs the FaceTime/SharePlay infrastructure.

15. Widgets, Watch App, Live Activities & CarPlay

QuotedAI's widgets, Apple Watch companion, Live Activities, Dynamic Island presentations, StandBy mode displays, and CarPlay interface access the same on-device data through a shared App Group container. No data is transmitted externally. All content is rendered locally.

16. Third-Party Services

QuotedAI contains no third-party SDKs, frameworks, or services of any kind. The App is built exclusively with Apple frameworks including SwiftUI, WidgetKit, HealthKit, EventKit, MusicKit, CoreLocation, ActivityKit, AVFoundation, CloudKit, StoreKit, GroupActivities, CoreSpotlight, and UserNotifications. There are no analytics, advertising, crash reporting, or attribution frameworks.

17. Children's Privacy (COPPA Compliance)

QuotedAI does not knowingly collect any information from children under 13. The App contains no user accounts, no social profiles, and no personally identifiable data collection of any kind. Optional mature content is gated behind an age confirmation screen requiring the user to confirm they are 13 or older. If you believe a child under 13 has provided personal information through the App, please contact us and we will take steps to address the concern.

18. International Users (GDPR/CCPA)

Because QuotedAI does not collect, process, or store personal data on any server, the data protection obligations under GDPR (EU), CCPA (California), and similar regulations are minimal. All data processing occurs locally on your device under your control. For the optional community features (CloudKit), Apple acts as the data processor and is subject to its own GDPR compliance commitments. You have the right to:

Access — All your data is on your device; you can view it in the app
Delete — Delete the app to remove all local data; unpublish collections to remove CloudKit data
Portability — Export reflections as PDF or plain text from within the app
Restrict processing — Disable any optional feature (HealthKit, Location, Calendar, Music, Community) independently

19. Data Retention & Deletion

On-device data (mood entries, reflections, quote history) is automatically pruned after 90 days. Deleting the QuotedAI app removes all local data. For community features, published collections and challenge submissions stored in CloudKit can be unpublished from within the app. Reaction data (anonymous hashes) is retained in CloudKit aggregate counts and cannot be individually deleted as it contains no personally identifiable information.

20. Security

All on-device data is protected by iOS's built-in data protection (hardware encryption when the device is locked). HealthKit data is stored in the iOS secure enclave. The App Group container uses iOS standard file protection. No data is transmitted unencrypted.

21. Changes to This Policy

We may update this Privacy Policy to reflect changes in the App's features. Material changes will be noted by updating the "Last updated" date above. We encourage you to review this policy periodically. Continued use of the App after changes constitutes acceptance of the updated policy.

22. Contact

Questions or concerns about this Privacy Policy? Contact us at:

Email: quotedaiapp@gmail.com
App Store support link
Website: jakeintech.github.io/quotedai-site

Back to QuotedAI