Dribtack

Privacy Policy

Effective date: May 02, 2026 · Last updated: May 02, 2026

This Privacy Policy explains how the Dribtack iOS application (the “App”) handles information about you. References in this Policy to “we,” “us,” or the “Publisher” refer to the publisher of the App. It is written to be readable. Where we use a defined term, we mean what it says here.

Summary — the short version Dribtack is built to keep your data on your device and in your private iCloud account. We do not run a server, we do not have a database of users, and we do not collect your name, email or contact details. The only third party that processes any data on our behalf is RevenueCat, which observes your in-app purchase transactions so that we can see anonymised, aggregate sales analytics. RevenueCat does not receive your name or email; it does receive a randomly generated app-user identifier, your device’s vendor identifier (IDFV), your IP address, and the transaction metadata that the App Store generates for each purchase.

Contents

Scope and roles
Data stored on your device
Data stored in your iCloud (CloudKit)
Data processed by Apple (App Store, StoreKit, Push, iCloud)
Data processed by RevenueCat (purchase analytics)
Data we do not collect
How we use information
Legal bases (EU/UK GDPR)
Notifications and permissions
Sharing
International transfers
Retention and deletion
Your rights
Children
Security
Changes to this Policy
Contact

1. Scope and roles

This Policy covers the Dribtack iOS app and any data processed in connection with it. It does not cover websites, services or apps operated by Apple, RevenueCat or other third parties, even if you reach them from inside Dribtack.

For data we determine the purpose of (such as the small set of pseudonymous purchase analytics described in §5), the Publisher acts as the “controller” under EU/UK GDPR. For data that lives only on your device or in your private iCloud database, we do not act as a controller because we do not have access to it.

2. Data stored on your device

The vast majority of Dribtack’s data lives on your iPhone and is processed entirely on-device. We do not transmit it to any server we operate (we do not operate a server). This includes:

Your profile — name, optional avatar, age, gender, height, weight, fitness level, goals, injuries, equipment, preferred split, rep range, intensity, session length, weekly frequency, preferred days and times, and unit preferences.
Your workout data — sessions, exercise logs, individual sets (weight, reps, duration, distance, rest, warmup/drop-set/failure flags, completion timestamps), templates you generate or create, and the body-measurement history you log.
Your derived data — personal records, streaks, heatmap intensities, achievement-badge state, insights, and notification copy.
Your preferences and local flags — e.g. whether you have completed onboarding on this device, whether you have seen the initial paywall, your plate inventory, and contextual-paywall dismissal counters.

None of this leaves your device unless you explicitly enable iCloud sync (see §3) or use the share-card feature (see §7).

3. Data stored in your iCloud (CloudKit)

If you are signed into iCloud and have iCloud Drive enabled for Dribtack, the App synchronises the categories listed in §2 (other than purely device-local flags) to your private CloudKit database. This means:

The data sits in your iCloud account, under your Apple ID, in space that counts against your iCloud storage.
The Publisher cannot read it. CloudKit private databases are not visible to app developers.
Apple processes this data as the operator of iCloud, under Apple’s Privacy Policy and the iCloud terms of service.
Sync, conflict resolution and deletion (including device-to-device tombstones) are handled by Apple. Dribtack merely reads and writes records.

If you sign out of iCloud, disable iCloud for Dribtack, or delete the App, the on-device copy of your data is removed by iOS in the usual way. The iCloud copy is governed by your iCloud account settings.

4. Data processed by Apple (App Store, StoreKit, Push, iCloud)

Dribtack relies on a number of Apple services. Apple acts as an independent controller of the data it collects through those services. We do not receive identifying information from Apple, but you should be aware that:

App Store — Apple processes your download, age, and any reviews you leave. We see only aggregate App Store Connect analytics if we enable them.
StoreKit 2 — when you purchase or restore a subscription or the lifetime IAP, Apple processes the transaction. The App receives a signed transaction record (product identifier, transaction identifier, dates, original transaction identifier) which it uses solely to determine whether your subscription is active. The App does not receive your payment details.
Apple Push Notification service — CloudKit silent pushes are used to wake the App for sync. Dribtack does not send marketing or content push notifications. Local reminders are scheduled by iOS on the device and do not leave it.
iCloud Key-Value Store — a small number of preference flags are mirrored to NSUbiquitousKeyValueStore. The same iCloud privacy framing applies.

5. Data processed by RevenueCat (purchase analytics)

To understand sales performance, conversion and renewal rates, the App integrates the RevenueCat SDK. RevenueCat acts as our processor for billing analytics: it observes the StoreKit transactions that occur in the App and provides us with anonymised, aggregate dashboards and webhook events.

What RevenueCat receives

Category	Specific data	Purpose
Pseudonymous user ID	An anonymous “App User ID” (e.g. `$RCAnonymousID:…`) generated by the RevenueCat SDK on first launch. We do not call `Purchases.logIn` with any account identifier, because the App has no account system.	To group transactions belonging to the same install / Apple ID and avoid double-counting.
Device identifier	The iOS Identifier for Vendor (IDFV).	De-duplication and entitlement matching.
Network identifier	Your IP address (used by RevenueCat for country-level geolocation, tax handling and fraud detection; not stored long-term in identifiable form).	Geographic analytics, fraud prevention, tax compliance.
Transaction metadata	The App Store product identifier of the purchased subscription or one-time in-app purchase, transaction and original-transaction identifiers, purchase and expiration dates, price and currency, country of purchase, trial / introductory-offer status, refund or chargeback events.	Subscription analytics: conversion, retention, churn, LTV, revenue.
Environment metadata	App version, OS version, device model, locale, SDK version.	Diagnostics and segmentation.

What RevenueCat does not receive

Your name, email address or any other contact details (the App never asks for or sends these).
Your Apple ID, payment-card details, or other payment instruments — these stay with Apple.
Any of your workout data, body measurements, profile preferences, photos, or content from inside the App.

Under EU/UK data-protection law, the IP address and device identifier described above are still considered personal data even though they are not directly identifying. We have therefore described them clearly here rather than calling the integration "fully anonymous."

RevenueCat’s own privacy practices are described at revenuecat.com/privacy.

6. Data we do not collect

For clarity, the Publisher itself does not:

Operate any back-end server, database, login system or account system. There is no “Dribtack account”.
Collect your name, email, phone number, postal address, photo, voice or biometric data.
Receive your workout data, profile, body measurements, or any other content you create in the App.
Use HealthKit. Calorie estimation is computed locally from your self-reported data.
Use third-party advertising SDKs, attribution SDKs, or product-analytics SDKs (such as Mixpanel, Amplitude, Firebase Analytics, AppsFlyer, Adjust, Branch or Meta SDK) at the time of writing. RevenueCat is the only third-party SDK in the App and is used solely for the purpose described in §5.
Track your activity across other companies’ apps and websites. We do not request the App Tracking Transparency permission.
Sell, rent or trade any data.

7. How we use information

Because most of your data never leaves your device or your iCloud, “use” in the privacy sense applies to a narrow slice:

RevenueCat purchase analytics — to operate, understand and improve the paid offering, set prices, decide whether to keep a free trial, monitor refund rates, and meet our tax / accounting obligations.
Local processing inside the App — to render the heatmap, generate templates, compute insights, schedule notifications, detect personal records, render share cards and otherwise provide the features you have asked for.
Share cards — if you choose to share a workout, streak, weekly-goal or PR card, the image is rendered on-device and handed to iOS’s standard share sheet. Once you pick a destination (Messages, Instagram, etc.), the receiving app handles the image under its own terms. The Publisher does not receive a copy.

8. Legal bases (EU/UK GDPR)

If you are in the EU, EEA, UK or Switzerland, our legal bases for processing the limited personal data described in §5 are:

Contractual necessity (Art. 6(1)(b) GDPR) for matching your purchase to your install so that paid features unlock for you.
Legitimate interests (Art. 6(1)(f) GDPR) in understanding aggregate sales performance, preventing fraud, and improving the App. We balance this against your privacy by minimising the data, not linking it to your identity, and using a single processor with appropriate contractual safeguards.
Legal obligation (Art. 6(1)(c) GDPR) for tax and accounting records that include transaction-level information.

For everything that stays on your device or in your iCloud, no Publisher-side legal basis is required because the Publisher does not process it.

9. Notifications and permissions

The App may ask for the following iOS permissions:

Notifications — for local workout reminders, rest-day reminders and re-engagement nudges. Reminders are scheduled and fired by iOS on your device. No data leaves the device for this purpose. You can revoke this at any time in Settings.
iCloud — granted at the operating-system level. You can disable iCloud for Dribtack in iOS Settings.

10. Sharing

We share personal data only as described in this Policy:

With Apple, as the operator of the App Store, StoreKit, iCloud, CloudKit, and the iOS notification system.
With RevenueCat, as our processor for the purchase analytics described in §5.
With law enforcement or regulators, where we are legally compelled and where we actually hold relevant data — which, for the kinds of requests typically made about a user’s in-app activity, would not be the case.
With a successor, in the event of a merger, acquisition, restructuring or sale of all or part of the Publisher’s business. Any successor would be bound by a privacy policy at least as protective as this one.

11. International transfers

RevenueCat is based in the United States. Where we transfer personal data of EU/UK/Swiss users to RevenueCat, we rely on the EU Standard Contractual Clauses (and the UK Addendum / Swiss equivalent where relevant) as the lawful transfer mechanism, supplemented by RevenueCat’s technical and organisational measures. Apple operates a global infrastructure and will determine the location of data it processes in accordance with its own policies.

12. Retention and deletion

On-device and iCloud data is retained for as long as you keep the App installed and your iCloud account configured. You can permanently delete it at any time using the in-App control: Profile → Manage Data → Delete All Data. This wipes your sessions, logs, sets, measurements, personal records, custom templates, custom exercises, and profile from your device, and propagates the deletion to your iCloud database (and through CloudKit to any other Apple devices signed into the same Apple ID).

RevenueCat retains transaction-level data for as long as it is needed for analytics, fraud prevention and the Publisher’s tax and accounting obligations (which can be up to ten years in some jurisdictions). To request deletion of RevenueCat-side records associated with your install, contact us at the address in §17 with the approximate date of your purchase and your country of purchase — we will use that information to identify the relevant pseudonymous record and ask RevenueCat to delete it, except where a legal obligation requires us to keep it.

13. Your rights

Depending on where you live, you may have rights to: access, correct, delete or receive a copy of your personal data; object to or restrict its processing; withdraw consent; or lodge a complaint with your local data-protection authority. Because most of your data lives on your own device and your own iCloud account, you can exercise most of these rights yourself by editing or deleting data in the App, or by managing iCloud settings on your device.

For the limited data described in §5, contact us using §17 and we will respond within the timeframe required by applicable law (typically one month under GDPR).

If you are a California resident, you have rights under the CCPA/CPRA, including the right to know, delete and correct, and the right to opt out of “sale” or “sharing” of personal information. We do not sell or share personal information for cross-context behavioural advertising.

14. Children

Dribtack is not directed at children under 13, and we do not knowingly collect personal data from anyone under 13. Use of Dribtack by minors above the age of 13 should be supervised by a parent or guardian.

15. Security

We rely on Apple’s platform security (iOS sandboxing, Keychain, iCloud encryption in transit and at rest) for on-device and iCloud data, and on RevenueCat’s security programme for the analytics data described in §5. No system is perfectly secure; we encourage you to keep your device, OS and Apple ID protected with up-to-date software and a strong passcode or biometric lock.

16. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, surface the change in the App or on the App Store listing.

17. Contact

For any questions or to get in touch, reach out at:

Asad Nawaz
Email: turretspire@gmail.com