Shagbook is a private diary app for recording your sexual history. Your privacy is fundamental to what this app does — the nature of the content you record is deeply personal, and we have designed Shagbook from the ground up to keep your data on your device and under your control.

This policy explains exactly what data we collect (very little), what we do with it, and your rights. Where third-party services are used, we name them and describe what data they receive.

All diary entries, notes, dates, partner information, STI test records, and any media you attach are stored locally on your iPhone using Apple's SwiftData framework. Shagbook does not transmit this data to our servers or to any third party. We cannot read it, access it, or recover it if you lose your device.

iCloud Backup

If you have iCloud Backup enabled on your device, Apple may back up Shagbook's local data as part of your standard device backup. This is governed by Apple's Privacy Policy and encrypted end-to-end by Apple. Shagbook has no access to your iCloud backups.

Data you store about other people

A free, self-hosted server is in development and will be available in a future release. It will allow you to sync your Shagbook diary across devices and access a full web version (PWA) from any browser — all running on your own hardware. We will never see your data.

If you choose to use this feature when available:

• You are solely responsible for the security, privacy, and operation of your self-hosted instance.
• We have no access to any data stored on your self-hosted server.
• We make no warranties regarding the security of self-hosted deployments.
• You should configure your server in accordance with applicable data protection laws in your jurisdiction.

Shagbook uses TelemetryDeck to collect limited, anonymous technical and usage data. TelemetryDeck is a privacy-first analytics platform designed to be GDPR-compliant without consent banners, because it is genuinely non-identifiable by design.

What we collect via TelemetryDeck

• App lifecycle events (launched, became active, entered background)
• Screen navigation events — which screens are viewed, not what is on them
• Feature usage counts — e.g. that a partner was created, not who it was
• Settings changes — e.g. that app lock was enabled, not by whom
• Paywall interaction events (shown, dismissed, purchase completed, restored)
• Error event types (e.g. sync failed, API error code) — no content or personal details
• Onboarding preferences — see below

Onboarding preferences — special category data

During onboarding, the app asks for your gender identity, sexual orientation, and partner preference. Every question offers a "prefer not to say" option — this information is entirely optional.

This information is used for two purposes:

• App personalisation — stored locally on your device only, used to customise your dashboard layout and suggest relevant predefined tags. This data never leaves your device.
• Anonymous product analytics — an anonymised signal is sent to TelemetryDeck to help us understand our user base in aggregate (e.g. "60% of users who completed onboarding selected X"). Due to TelemetryDeck's daily-rotating salt model, this signal cannot be linked to any individual across any time period.

What we never collect

• The content of any diary entry, note, or encounter record
• Details of any STI test you record
• Partner information — names, photos, phone numbers, social media handles, or any details you store about people
• Your name, email address, or any personally identifying information
• Advertising identifiers (IDFA)
• Precise or approximate location data
• Health or medical data

Analytics data is aggregated and cannot be used to identify you individually. It is never sold and never shared with any party beyond TelemetryDeck's processing.

Shagbook offers Shagbook Pro, an in-app purchase unlocking unlimited diary entries and additional features. Payments are processed exclusively by Apple via the App Store — we do not receive or store your payment card details or billing address.

RevenueCat

We use RevenueCat to manage purchase entitlements. When the app checks your Pro status, RevenueCat receives:

• A randomly generated anonymous user identifier (not linked to your name, email, or Apple ID)
• The product identifier of the purchase
• Transaction timestamps from the App Store receipt

• RevenueCat does not receive any diary content, partner data, or personally identifying information
• We do not receive or store your Apple ID or payment details

RevenueCat is a US-based company. See their Privacy Policy. Purchase records held by Apple are governed by Apple's Privacy Policy.

Shagbook is intended for users aged 17 and over. Because all diary data is stored locally on your device and we collect no personal information from any user, we have no ability to identify users, verify ages, or access or remove any individual's data remotely. Age restriction is handled by Apple's App Store rating system.

If you are a parent or guardian concerned about a minor's access to the App, use Apple's Screen Time controls to restrict 17+ rated apps on their device. There is nothing we can do on our end — no data exists for us to act on.

Because your diary data is stored locally on your device, its security depends primarily on your device's own security measures. We recommend:

• Using a strong passcode or biometric lock (Face ID / Touch ID) on your device
• Keeping your iOS version up to date
• Enabling the app's built-in Face ID / Touch ID lock in Settings

In the event of a security vulnerability in the app itself, we will release a patch as quickly as possible and notify users via an App Store update notice.

Your local diary data persists on your device until you delete the app or manually delete records within it. Deleting the app will remove all locally stored data.

Anonymous analytics data held by TelemetryDeck is subject to their own retention policy. Because it is non-identifiable, it cannot be extracted or deleted in a way that corresponds to a specific individual.

Purchase entitlement data held by RevenueCat is retained as long as your anonymous user ID exists in their system. It contains no personally identifying information.

Because we do not hold your diary data on our servers, most data subject rights — access, rectification, erasure — are exercised directly on your device by editing or deleting records in the app.

UK & EU (GDPR / UK GDPR)

You have the right to access, correct, or erase personal data we hold. Because we hold no identifiable user data — your diary is on your device and our analytics are genuinely non-attributable — these rights are best exercised directly on your device by editing or deleting records in the App.

The only personally identifiable information we could ever hold is any you voluntarily send us in correspondence (e.g. an email). If you would like such correspondence deleted, contact hello@maploft.com and we will action it within 30 days.

You may lodge a complaint with your supervisory authority — in the UK, the ICO.

Our lawful basis for processing anonymous analytics data is legitimate interests under Article 6(1)(f) UK/EU GDPR, given that the data is technically non-identifiable and presents no privacy risk to individuals.

California (CCPA / CPRA)

We do not sell personal information. The only data that reaches third-party services is anonymous and cannot reasonably be linked to any individual, so it does not constitute "personal information" under the CCPA. Because we hold no identifiable user data, there is nothing to disclose, delete, or transfer at an individual level. Questions? hello@maploft.com

We may update this Privacy Policy from time to time as the app evolves or laws change. We will notify you of material changes via an in-app notice or App Store update description. The effective date at the top will always reflect the latest update. Continued use of the app constitutes acceptance of the revised policy.

If you have any questions or concerns about this Privacy Policy or your data, please contact us:

hello@maploft.com