Symtrac · Privacy
Symtrac stores all data on your iPhone or in your own iCloud container. The developer does not collect, transmit, sell, or share user data. This page describes every external request the app can make.
The short version
Symtrac is local-first. Everything you log — meals, drinks, medication, supplements, symptoms, photos, profile information — is stored on your iPhone using SwiftData (Apple's local database). If you turn on iCloud sync, the same data is mirrored to your personal CloudKit private database. CloudKit private databases are end-to-end controlled by you: neither Symtrac the developer nor any third party can read their contents.
Symtrac does not run any backend server. There is no analytics collection, no crash-reporting service, no advertising SDK, and no telemetry of any kind. We do not track users across apps or websites.
Data the app handles
- Health-adjacent data you enter
- Symptoms, severity scores, body regions, known allergies, medications, supplements, environmental sensitivities, photos of food labels or symptoms. Stored on-device. Mirrored to your private iCloud if you enable it. Never sent anywhere else.
- Consumption logs
- Meals, drinks, ingredients, portions, timestamps. Same handling.
- Profile information
- Profile name and an optional photo. Stays on your device or in your iCloud. Symtrac the developer does not see profile data and has no way to associate any data with a real-world identity.
- API keys (optional)
- If you enable AI-assisted ingredient label parsing, the Anthropic or OpenAI API key you provide is stored in the iOS Keychain — Apple's encrypted credential store, scoped to Symtrac and not accessible to other apps.
External requests the app can make
The app makes network requests in only three scenarios:
1 · Barcode lookup (Open Food Facts)
When you scan a barcode on a packaged food, the app sends the barcode number to Open Food Facts — a public, community-maintained food database — to retrieve product information. The request is anonymous; no profile data, user identifier, IP-bound login token, symptom data, or photo is sent. Open Food Facts is operated by a French non-profit; their privacy policy applies to the lookup.
2 · Norwegian food nutrition table (Matvaretabellen)
The first time you search for a food, the app downloads Matvaretabellen's public dataset (a Norwegian government nutrition table) and caches it locally for ~30 days. Identical to downloading a public CSV; no user data is transmitted with the request.
3 · Optional AI label parsing (Anthropic or OpenAI)
If, and only if, you explicitly enable AI label parsing in Settings → AI label parsing and provide your own Anthropic or OpenAI API key, the OCR-extracted text from a photographed ingredient label can be sent to your chosen provider for cleanup into a structured list. The request is signed with your API key and goes directly from your device to the provider — Symtrac the developer never sees the request, the response, or your API key. Only the OCR text is sent; never the photo itself, never profile data, never symptom data, never allergen flags.
When you turn this feature off (or never turn it on, which is the default), no data is sent to any AI provider.
Data the app does NOT collect or transmit
- No analytics, telemetry, or usage statistics.
- No crash reporting via a third-party service.
- No advertising identifiers.
- No location data.
- No contacts, calendar, microphone, or HealthKit access.
- No tracking across other apps or websites.
What Apple receives
When Symtrac is installed via the App Store or TestFlight, Apple handles the transaction, the device-to-iCloud encryption keys, and any anonymous crash reports you've opted into at the iPhone-system level (Settings → Privacy & Security → Analytics & Improvements). Those flows are governed by Apple's privacy policy, not by us.
Photos and the camera
The Camera permission lets the app scan barcodes and photograph ingredient labels or portions. The Photos permission lets you attach existing photos to meals or symptoms. Both are entirely opt-in. Captured or imported photos stay on your device (and in your iCloud, if sync is enabled). Photos never leave your device as part of any feature.
Children
Symtrac is intended for adult users keeping a self-diary or for a parent keeping a diary for a child. The app does not have accounts, age gates, or child-specific data flows. No data collection from anyone occurs, so no child-specific collection occurs either.
Data export and deletion
You can export your entire database to a single JSON file from Settings → Data & Backup, and you can delete all data from the same screen. iCloud-synced data is removed by signing out of iCloud or by deleting the app's data in Settings → Apple ID → iCloud → Manage Storage.
Support requests
If you email support, we receive whatever you choose to write to us. We don't combine that with any other information (because we have none), and we retain support emails only as long as needed to help you.
Changes to this policy
If the policy changes materially, the change will be noted here with an updated date at the top of the page. Substantive changes (e.g. a new external request) will also be flagged inside the app on next launch.
Contact
trondk@me.com — Trond Kristiansen, Bodø, Norway.