Privacy Policy

Last updated: May 3, 2026

Core commitment: CareMyWish does not collect, upload, sell, or share any personal data. Everything stays on your iPhone, protected by hardware-level iOS encryption.

1. Information We Collect

We do not collect any of the following:

No account registration; no email, phone, or username collection;
No tracking identifiers (IDFA / IDFV);
No location data;
No crash logs, usage analytics, or behavioral data;
No third-party SDKs that collect data on our behalf.

2. Local Data Handling

All information you enter (personal info, health, emergency contacts, belongings, assets, digital accounts, journals, trustee data) is stored exclusively in:

SwiftData local database: kept inside the App sandbox, isolated from iCloud Drive and other apps;
iOS Keychain: stores password hashes, encryption keys, and friend codes — protected by device hardware Secure Enclave;
App sandbox files: photo and document attachments live in the app's private directory, inaccessible to other apps.

3. Encryption

Mechanism	Description
Master Password	PBKDF2-HMAC-SHA256, 100,000 iterations, derived with device-specific random salt
Key Storage	Derived key lives only in iOS Keychain with `kSecAttrAccessibleWhenUnlockedThisDeviceOnly` — never backed up to iCloud
Biometrics	Face ID / Touch ID validation in local Secure Enclave; biometric data never leaves the device
Auto-lock	App locks instantly when backgrounded or idle past your configured threshold

4. Device Permissions

Permissions are requested only when you actively trigger the related feature:

Permission	Trigger	Purpose
Camera	"Add photo attachment" or "Scan QR to add friend"	Capture attachments / scan trustee QR — never uploaded
Photo Library	"Choose from album"	Read photos you select as attachments
Microphone	"Hold to dictate"	Voice-to-text only while held; release stops recording
Speech Recognition	"Hold to dictate"	Apple SFSpeechRecognizer (local or Apple-side; if cloud, Apple processes the request — we never receive audio)
Face ID	Unlock / Security Center	Local biometric verification

You can revoke any permission anytime in Settings → CareMyWish.

5. Third-Party Services

We do not integrate any third-party analytics, advertising, or push services. Only native iOS APIs are used:

SwiftData / Core Data — local database
CryptoKit / Security — encryption
LocalAuthentication — Face ID / Touch ID
SFSpeechRecognizer — speech recognition (provided by Apple)
Vision — image OCR
AVFoundation — camera-based QR scanning

6. Children's Privacy

CareMyWish targets adult users (especially mid-life and older users planning their household affairs) and is not directed at children under 13. We do not knowingly collect children's data. Parents who discover unauthorized use should uninstall the app — this deletes all local data immediately.

7. Export and Deletion

Export: Use "Profile → Data Export" to export all data as PDF or JSON for your own safekeeping.
Deletion: Uninstalling the app deletes all local data (including Keychain keys) irreversibly. Export first if needed.

8. Policy Updates

Material changes will be reflected on this page and prominently announced in app updates.

9. Contact

For questions, suggestions, or complaints, please email:

support@caremywish.com

Because all data is stored only on your device and never uploaded, we cannot view your content nor recover it for you. Please safeguard your master password and use the export feature regularly for backups.