Privacy Policy

---

Effective date: April 8, 2026

Overview

CONFESS collects no personal data. Your examination responses, journal entries, and examen reflections are encrypted on your device using AES-256-GCM. The encryption key is stored in the iOS Keychain and is bound to your device.

No data is sold. No data is used for advertising. No third-party analytics SDK has access to your content.

Data Storage

All user-generated content is encrypted with AES-256-GCM using Apple's CryptoKit framework. The 256-bit symmetric encryption key is stored in the iOS Keychain with the kSecAttrAccessibleWhenUnlockedThisDeviceOnly access level. This means:

• The key is bound to your physical device
• The key is not included in iCloud or iTunes backups
• The key is accessible only when the device is unlocked
• If the key is lost, data cannot be recovered — this is by design

What Is Stored on Your Device

The following data is created by you and stored encrypted in the app's sandboxed storage:

• Examination of conscience responses, notes, and session metadata
• Spiritual journal entries (reflections, resolutions, free notes)
• Evening examen reflections and voice note recordings
• Examination history records (commandment-level category data only — never specific questions, sin items, or counts)
• Confession queue items

Non-sensitive preferences (state of life, auto-delete timer setting, onboarding status) are stored unencrypted in UserDefaults on the device.

What Is Never Stored

• No accounts, usernames, or passwords
• No email addresses or names
• No device identifiers or advertising IDs
• No usage analytics or behavioral data
• No location data

Network Activity

The app makes two read-only network calls to display liturgical content:

• Catholic Readings API — fetches the daily Gospel reference and USCCB reading link. No user data is sent.
• Open-source prayer content — fetches basic prayers and Stations of the Cross text. No user data is sent.

Both endpoints serve static JSON files hosted on GitHub Pages. No cookies are set. No user data is transmitted in any request. No analytics or tracking pixels are loaded.

Links to USCCB readings and Wikipedia saint pages open in an in-app Safari view. Traffic to those sites is handled by the device's Safari engine, not routed through the app.

Permissions

• Face ID / Touch ID — used to protect access to the app when the app lock feature is enabled. Biometric data is handled entirely by iOS and is never accessed by the app.
• Microphone — used to record voice notes during the Evening Examen prayer. Recordings are stored locally within the app's encrypted storage. They are never transmitted.

Both permissions are requested only when the relevant feature is first used.

Third-Party Services

CONFESS uses no third-party SDKs, frameworks, or services for analytics, advertising, crash reporting, or data collection of any kind. The app is built entirely with native Apple frameworks.

Data Deletion

• Auto-delete timer — examination session summaries are automatically deleted after a user-configured period (2, 6, 12, 24, 48, or 72 hours).
• Manual deletion — journal entries can be deleted individually. Examination history and the confession list can be cleared from Settings.
• Uninstalling the app — removes all encrypted files from the device. The encryption key in the Keychain is also destroyed, making any residual data permanently unreadable.

Children

The app includes a "Child under 13" state-of-life option that tailors examination questions to be age-appropriate. No data is collected from any user, regardless of age. Because the app collects no personal information, it complies with COPPA requirements.

Changes to This Policy

If this policy is updated, the effective date at the top of this page will be revised. Significant changes will also be noted in the app's release notes on the App Store.

Contact

For questions about this privacy policy or the app's data practices, please visit the support page.