Tideline Privacy Policy

Effective date: 15 May 2026 · For the Tideline iOS app

Short version. Tideline runs entirely on your device. It does not collect, transmit, share, or sell any data. It has no servers, no analytics, no third-party tracking, and no advertising. Your diary stays on your phone unless you choose to export it.

1. What this policy covers

This policy describes how the Tideline iOS app handles your information. It applies to the Tideline app and to nothing else.

It does not cover Apple's own handling of data when you install, update, or use an iOS app from the App Store. For that, see Apple's Privacy Policy.

2. How Tideline is built

Tideline is built around a single design choice: your data does not leave your device. There is no Tideline server. The app does not make network requests. There is no way for anyone, including the developer, to see your diary entries, your preferences, or how you use the app. That is enforced by what the app's code does and does not do, rather than by a promise asking for your trust.

The rest of this document explains how that holds for each kind of data Apple's App Privacy questionnaire asks about, and for each thing the app actually does.

3. What the app does not collect

The App Store Privacy questionnaire lists data categories that an app might collect. Tideline collects, transmits, or shares none of the following:

Contact info (name, email address, phone number, physical address, other user contact info).
Health and fitness (health, fitness, or wellness data of any kind, including the seizure diary entries themselves; see Section 4).
Financial info (payment info, credit info, other financial info).
Location (precise location, coarse location).
Sensitive info (racial or ethnic data, sexual orientation, pregnancy or childbirth info, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, biometric data: see Section 5 on Face ID).
Contacts (your address book).
User content (emails or messages, photos or videos, audio data, gameplay content, customer support, other user content).
Browsing history.
Search history.
Identifiers (user ID, device ID, advertising identifiers). Tideline does not assign or read any persistent identifier for any purpose.
Purchases (purchase history).
Usage data (product interaction, advertising data, other usage data).
Diagnostics (crash data, performance data, other diagnostic data). Tideline has no crash reporter that transmits anywhere.
Other data.

None of these categories is collected, none is transmitted off your device, none is sold, none is shared with third parties. Tideline does not contain any analytics SDK, advertising SDK, attribution SDK, crash-reporting SDK, or any other third-party component that sends data anywhere.

4. What the app does store, locally

As a seizure diary, Tideline records the information you enter. Everything below is stored on your device only:

Your diary entries. Seizure type, time, duration, recovery details, medication notes, wellbeing notes, and general notes (anything you type into the entry form). Stored in a local SQLite database inside the app's own sandboxed container.
Your preferences. Text size, font choice (system or OpenDyslexic), light/dark/system appearance, region, and whether the app lock is enabled. Stored in standard iOS preferences (UserDefaults) inside the same sandbox.
Onboarding state. Whether you have dismissed the first-launch disclaimer and whether you have completed the setup wizard. Same sandbox.

None of this is transmitted. None of it is backed up to a Tideline server, because there is no Tideline server. If iCloud Backup is enabled on your device, iOS may include this data in your device's encrypted iCloud Backup. That is Apple's mechanism, not Tideline's, and is covered by Apple's privacy policy.

When you delete the app, iOS removes the app's sandbox and everything in it.

5. Face ID and the app lock

If you enable the optional app lock, Tideline asks iOS to confirm it's you using Face ID, Touch ID, or your device passcode before showing your diary.

That check happens through Apple's LocalAuthentication framework. Your face data, fingerprint data, and passcode are processed on Apple's Secure Enclave on your device. Tideline never sees your biometric data; the framework only tells the app "yes" or "no". Nothing about the biometric check leaves your device.

If you disable your device passcode entirely, the lock can't run. Tideline shows a one-time banner explaining why and lets you back into your data. You are never permanently locked out of your own diary.

6. Exports and sharing

You can export your diary as a PDF, a CSV file, or a JSON file, for a date range you choose. The app generates that file locally and hands it to the standard iOS share sheet. You then pick where it goes: AirDrop, Mail, Messages, Files, a third-party app, or anywhere else iOS offers.

Tideline itself does not transmit, upload, or send the file to anything or anyone. The destination is entirely your choice and is handled by iOS and by whatever app you pick. Once the file leaves the share sheet, Tideline has no further involvement and no copy on any server.

7. Phone numbers, links, and the Support tab

The Support tab shows a curated list of epilepsy charities, helplines, and peer communities for your region. The list is bundled inside the app. There is no network fetch to display it.

If you tap a phone number or a website, iOS opens it in its standard handler (your dialler, Mail, or Safari). Tideline does not place the call, send the email, or load the page. The app does not request access to your contacts, your call history, or your messages.

8. Permissions the app requests

Tideline asks iOS for one capability:

Face ID, only if you enable the app lock. The iOS Face ID prompt cites the description "Tideline uses Face ID to unlock your seizure diary." If you do not enable the lock, this prompt never appears.

Tideline does not request access to: camera, microphone, photo library, location, contacts, calendar, reminders, motion data, HealthKit, HomeKit, Bluetooth, local network, App Tracking Transparency, Siri, or speech recognition. None of these capabilities is used.

9. Children

Tideline is suitable for any age but is not directed specifically at children under 13. Because the app collects no data at all, there is no special data-handling regime for under-13 users; there is nothing to handle.

10. Your rights

Under data-protection laws like GDPR and the UK Data Protection Act, you have rights to access, correct, export, and delete personal data held about you. Tideline holds no personal data about you on any server, so there is nothing held by Tideline to access, correct, export, or delete. Your data on your own device is yours; you can edit or delete any entry inside the app, and you can wipe everything by deleting the app.

If you wish to confirm any of this in writing, the contact address is in Section 12.

11. Changes to this policy

This policy may be updated. If a future version of the app introduces any change that affects what data is handled, even something minor, the change will be noted in the App Store release notes for that version, and this page will be updated. There is no automatic mechanism to notify you; the release notes are where you can check.

12. Contact

Privacy questions: tidelineapp@pm.me.

Replies come from one person, in plain language. There is no support ticketing system, no chatbot, no auto-response.