span
Updated 31 MAY 2026
Privacy · plain language

Local first.
No account.
No analytics.

The brand promise, written down. Nine tiles, each one a sentence you could read out loud. No buried clauses.

  1. 01 What we collect nothing
  2. 02 iCloud sync opt-in · E2E
  3. 03 Shared links revocable
  4. 04 Notifications local · on device
  5. 05 Photo library write-only
  6. 06 Crash reports opt-in · anonymized
  7. 07 Your rights GDPR · CCPA · nothing to give
  8. 08 Children 13+ · COPPA
  9. 09 Changes & contact span@heartbits.net
01

What we collect

Nothing on a server. span has no account system, no analytics, no advertising identifiers, and no third-party SDKs. We have no way to see your events, the dates on them, or the titles you give them.

There is no signup, no login, no profile. The first time you open the app, you start using it. The last time you open the app, that data leaves with your device.

02

iCloud sync

All events, settings, and preferences live on your device using Apple's SwiftData framework. If you enable iCloud sync (it is opt-in), Apple replicates that data across your own devices using their end-to-end encrypted CloudKit infrastructure. Heartbits never sees it.

iCloud sync is operated by Apple under their own terms.

04

Notifications

span schedules anniversary reminders as local notifications: they are created on your device, scheduled by iOS, and never leave. There is no push server. We do not have a device token for you, because there is nothing to push.

Notifications are opt-in — iOS asks the first time. Turn them off any time via iOS Settings → Notifications → span.

05

Photo library

When you save a share card to Photos, iOS prompts you to grant write access. We use that access to add the rendered image to your library. We do not read your existing photos, and we do not request read access.

The image is rendered on your device and handed to iOS. It does not pass through any Heartbits server.

06

Crash reports

Crash reports are opt-in via the iOS Settings → Privacy → Analytics toggle on your device. When enabled, Apple shares anonymized crash diagnostics with us through App Store Connect. The diagnostics contain no event data and nothing we can link back to you.

We use the reports only to find and fix bugs. We don't run analytics, performance instrumentation, or behavior tracking of any other kind.

07

Your rights

If you are in the European Economic Area, the United Kingdom, or California, you have rights under the GDPR, UK GDPR, and the California Consumer Privacy Act (and CalOPPA): to access, correct, port, restrict, or delete personal data we hold about you.

span holds none. There is no profile to access, no record to correct, no file to port, no row to delete. We do not sell or share personal information with third parties for advertising, and we never have.

If you'd still like a written answer for your records, email span@heartbits.net and we'll send one.

08

Children

span is rated 4+ and suitable for all ages. We do not knowingly collect data from anyone under 13 (as defined by the U.S. Children's Online Privacy Protection Act), because we do not collect data from anyone.

If you are a parent or guardian and have a question about a child's use of the app, email span@heartbits.net.

09

Changes & contact

Email span@heartbits.net for privacy questions or anything else. We read every message.

If this policy ever changes, the "Updated" stamp at the top of the ribbon will move. For any change that would actually affect what we collect, we will publish a clear, visible notice in the app. We will not start collecting data without one.