Privacy and security

Local-first is a product boundary, not a slogan.

EEG TraceLab is built around local storage, anonymised metadata, no advertising tracking, and explicit control over what users import, export, share, or delete.

This page explains the product privacy model in plain language. It complements, but does not replace, the formal Privacy Policy and Terms.

Read Privacy PolicyRead Terms

Local-first processing

Privacy boundary

LocalAnonymiseSupportManifest
Parameters, warnings, and provenance stay attached.
Tracking falsePrivacyInfo.xcprivacy
Data types emptyCollected data declaration
LocalRaw EDF files by default

Local-first storage

Imported recordings and derived work stay on device by default.

By default, EEG TraceLab does not upload raw EDF files, analysis results, workspace data, or exports to developer servers.

Local-first processing and storage
No raw EDF cloud upload by default
No advertising tracking
No third-party advertising SDKs
No sale of personal data
User controls imported, exported, shared, and deleted files

Anonymisation

The local library is built around safer recording metadata.

Identifying EDF header fields are rewritten before the recording is saved into the app library, and app metadata stores anonymised IDs and safe user-facing labels.

Automatic EDF header anonymisation on import
Exact original EDF start date/time is not retained in app metadata
Original file names are stored only as a SHA-256 hash where applicable
User-entered recording names and notes are sanitized to reduce PHI-like content
Raw EDF samples and raw EDF headers are not mutated by preprocessing

Payments and support

External data flows are narrow and intentional.

Apple handles payments and subscriptions. If users contact support or use a configured feedback form, the message and device/app metadata are used for support, debugging, and product feedback.

Apple StoreKit and the App Store handle subscription payment processing
EEG TraceLab does not receive full payment card numbers or payment credentials
Support messages may include contact email, iOS version, device model, app version/build, message, bundle identifier, and timestamp when included
Do not include names, patient IDs, raw EDF content, medical records, or personal health information unless intentionally choosing to do so

Privacy manifest

Current iOS privacy manifest summary.

The current PrivacyInfo.xcprivacy declares tracking false, tracking domains empty, collected data types empty, and required-reason API access for UserDefaults and file timestamps.

NSPrivacyTracking: false
NSPrivacyCollectedDataTypes: empty
NSPrivacyTrackingDomains: empty
UserDefaults reason: CA92.1
File timestamp reasons: C617.1 and 3B52.1