App Privacy Details
This document outlines the privacy data disclosures required by Apple's App Privacy Details (also called "privacy nutrition labels") in App Store Connect. These disclosures inform users about what data SignPad collects and how it is used.
Apple requires developers to declare all data types collected by their app and specify whether that data is used for tracking, linked to the user's identity, or used for other purposes. Below are the data types SignPad collects and the corresponding declarations.
Data Types Collected
1. Photos and Videos
Users capture and upload photos of sign locations during site surveys. Photos are stored locally on the device and optionally synced to our servers if the user enables cloud sync. Photos may also be submitted for AI-powered surface analysis through SmartScan.
- Photos are collected only when the user explicitly captures or uploads them
- Photos are stored encrypted on the device
- Photos submitted for AI analysis are transmitted securely and not retained by the AI provider after processing
- Photos are not shared with third parties without user consent
- Photos are retained for as long as the user's account is active
2. User Content (Survey Data, Notes, Voice Notes)
Users create surveys that include site information, checklist responses, text notes, voice notes, and AI-generated analysis results. This content is the core data of the app and is necessary to provide the site survey service.
- Survey data is collected only when the user creates and completes surveys
- AI-generated results (substrate type, confidence scores, risk levels, fixing recommendations) are stored as part of survey data
- Survey data is stored encrypted on the device by default
- Survey data may be synced to our servers if the user enables cloud sync
- Survey data is not shared with third parties without user consent
- Users can delete surveys at any time
3. Email Address
Email address is collected if the user creates an account or enables account-based features. The email is used for account recovery, password reset, and to send important notifications about the app and the user's account.
- Email is collected only during account creation
- Email is stored securely and encrypted
- Email is used only for account management and support communications
- Email is not shared with third parties without consent
- Users can request deletion of their email address by deleting their account
4. Name
Name is optionally provided by the user during account setup or in survey information. It is used to personalize the app experience and to identify the user in support communications.
- Name is optional and collected only if the user provides it
- Name is stored securely
- Name is not shared with third parties without consent
- Users can update or delete their name at any time
5. Device ID / IDFA
The device identifier (IDFA on iOS) is collected for analytics purposes to understand app usage patterns and improve the app. It is not used for advertising or cross-app tracking.
- Device ID is collected automatically by our analytics service
- Device ID is used only to aggregate usage statistics
- Device ID is not linked to personally identifiable information
- Device ID is not shared with third parties for advertising purposes
- Users can opt out of analytics collection in the app settings
6. Crash Data and Diagnostics
Crash logs and error reports are collected to help us identify and fix bugs. This data is essential for maintaining app stability and reliability.
- Crash data is collected only if the user has enabled diagnostic reporting
- Crash data does not include survey data, photos, or personal information
- Crash data is stored on our crash reporting service for up to 90 days
- Crash data is not shared with third parties
- Users can disable crash reporting in the app settings
7. Usage Data (Analytics)
We collect aggregated information about how users interact with the app (e.g., which screens are visited, which features are used, how long users spend in the app, and how often AI features like SmartScan are used). This helps us understand user behavior and improve the app.
- Usage data is collected automatically and is aggregated and anonymized
- Usage data is not linked to personally identifiable information
- Usage data is retained for up to 12 months
- Usage data is not shared with third parties for advertising or tracking
- Users can opt out of analytics in the app settings
8. Device Model and OS Version
We collect information about the user's device model and operating system version to ensure the app is compatible and to help us optimize performance for different devices.
- Device information is collected automatically
- Device information is used only for app optimization and compatibility testing
- Device information is not linked to personally identifiable information
- Device information is not shared with third parties
Data Not Collected
SignPad does not collect the following data types:
- Precise Location - We do not collect GPS coordinates or precise location data (though users may optionally enter location information in survey fields)
- Coarse Location - We do not collect approximate location based on IP address or cellular data
- Health Data - We do not collect any health or fitness information
- Financial Information - We do not collect payment information (payments are processed by Apple/Google, not by us)
- Browsing History - We do not track web browsing or app usage outside of SignPad
- Search History - We do not collect search queries
- Sensitive Personal Information - We do not collect government IDs, biometric data, or other sensitive identifiers
Third-Party Data Sharing
SignPad does not share user data with third parties for the following purposes:
- Advertising - We do not share data with advertising networks
- Marketing - We do not share data with marketing partners
- Data Brokers - We do not sell or share data with data brokers
- Cross-App Tracking - We do not use data to track users across other apps
We may share data with third-party service providers (such as cloud hosting providers, AI processing providers, and crash reporting services) solely for the purpose of operating and improving the app. These providers are contractually obligated to maintain the confidentiality of your data. Photos submitted for AI analysis are processed in real time and are not retained by the AI provider after processing is complete.
Data Deletion and User Rights
Users have the following rights regarding their data:
- Access - Users can access their survey data, photos, notes, and AI-generated results at any time through the app.
- Deletion - Users can delete individual surveys or their entire account at any time. Upon deletion, their data is permanently removed from our systems within 30 days.
- Portability - Users can export their surveys as PDF reports to preserve their data.
- Opt-Out - Users can opt out of analytics collection and crash reporting in the app settings. AI features (SmartScan) are entirely opt-in and are not required to use SignPad's core functionality.
Security Practices
SignPad implements the following security measures to protect user data:
- Encryption in Transit - All data transmitted between the app and our servers, including photos sent for AI analysis, is encrypted using HTTPS/TLS
- Encryption at Rest - All data stored on the device and on our servers is encrypted
- Access Controls - Only authorized personnel have access to user data
- Regular Security Audits - We conduct regular security reviews and penetration testing
- Secure Authentication - User credentials are hashed and never stored in plain text
Changes to This Document
We may update this App Privacy Details document as our practices change or as new features are added to the app. Any material changes will be reflected in an updated version of this document and in the app's privacy settings.
Questions
If you have questions about SignPad's privacy practices or data collection, please contact us:
Email: [email protected]