Security
We design AwareFlow with privacy and security in mind. This page summarizes our current practices.
Platform-first approach
- Apple-native frameworks: StoreKit for purchases, CloudKit for sync (when enabled). No Firebase or third-party analytics by default.
- On-device processing: AwareFlow’s habit detection is designed to run on-device. Audio is not sent to our servers for processing.
- Minimum data by default: We collect only what’s necessary to operate the app and provide support (see Privacy).
Data protection
- Encryption in transit: TLS 1.2+ for all network communication.
- Encryption at rest: Apple-managed encryption for data stored in iOS and CloudKit containers.
- Access controls: Principle of least privilege for any service accounts we use.
Payments
All purchases are handled by Apple via In-App Purchase. We do not store full payment credentials on our systems.
Third-party processors
We aim to minimize third parties. If we integrate a processor (e.g., email support), it will be listed in our Privacy Policy and bound by a data processing agreement.
Responsible disclosure
If you believe you’ve found a security issue, please email us. We appreciate detailed reports and will respond quickly.
- Email: [email protected]
- Include: steps to reproduce, expected vs. actual behavior, and relevant screenshots or logs.
Updates
We review this page and our practices periodically as the app evolves.
Last updated: 2025-09-24.