Privacy Policy

Last updated: April 20, 2026

In brief: Beatrice does not collect, store, or transmit your personal data. Your knowledge graph lives entirely on your device. We have no servers, no accounts, no telemetry, and no way to identify you. This privacy policy is short because there is almost nothing to describe — and that is by design.

1. Who We Are

Beatrice (“the App”) is developed by an independent team based in Canada. We are committed to protecting your privacy under all applicable laws, including:

GDPR (General Data Protection Regulation) — European Union / European Economic Area
CCPA / CPRA (California Consumer Privacy Act) — California, United States
PIPEDA (Personal Information Protection and Electronic Documents Act) — Canada
UK GDPR and Data Protection Act 2018 — United Kingdom
LGPD (Lei Geral de Proteção de Dados) — Brazil
Applicable local laws in every jurisdiction where the App is distributed.

References to “we,” “us,” or “our” refer to the developers of Beatrice. References to “you” or “user” refer to any person who downloads or uses the App.

2. Information We Do Not Collect

Beatrice operates on a strict local-first principle. The following categories of data are never collected, transmitted, or stored by us:

No personal identifiers: We do not require an account, email address, name, or phone number.
No usage analytics or telemetry: We do not track how you use the App, which features you access, or how often you open it.
No knowledge graph data: Your nodes, connections, tags, and content never leave your device except through sync methods you explicitly configure (see Section 5).
No device identifiers: We do not collect UDID, IDFA, advertising identifiers, or any persistent device fingerprint.
No location data: We do not access or store your GPS location, IP address geolocation, or approximate location.
No biometric data: We do not collect Face ID, Touch ID, or any biometric information.

3. Information We May Process

The following describes all data that the App may interact with. In every case, processing occurs locally on your device and is never transmitted to us or any third party.

3.1 Knowledge Graph Content

All notes, documents, images, code snippets, and other content you create or import into Beatrice are stored locally on your device using Apple’s SwiftData framework. This data is encrypted at rest only by the device’s own file-system encryption (e.g., APFS encryption). We hold no decryption keys because we hold no data.

3.2 Embeddings and AI Processing

Beatrice generates text embeddings on-device using Apple’s NaturalLanguage and Core ML frameworks. No API calls are made to external services. Your text is never sent to any server for processing.

3.3 App Store Data

If you download Beatrice through the Apple App Store, Apple may collect data as described in Apple’s Privacy Policy. We do not control Apple’s data practices. App privacy labels and data collection disclosures are managed through Apple’s App Store Connect platform.

3.4 Crash Reports (Optional)

If you choose to share crash reports with us through Apple’s built-in App Analytics or TestFlight diagnostic sharing, those reports may include technical information such as OS version, device model, and stack traces. These reports do not include your knowledge graph content, personal identifiers, or usage patterns. Participation is entirely voluntary and can be disabled in your device settings.

4. Legal Basis for Processing (GDPR)

Under Article 6 of the GDPR, processing of personal data requires a lawful basis. Because Beatrice does not collect or process personal data, no lawful basis is required for our operations. To the extent that any processing occurs (e.g., local embeddings generation), the lawful basis is legitimate interest (Article 6(1)(f)) — namely, providing the core functionality of the App you voluntarily installed.

For any optional crash diagnostics you choose to share, the lawful basis is consent (Article 6(1)(a)). You may withdraw this consent at any time by disabling analytics in your device settings.

5. How Your Data May Leave Your Device

Your knowledge graph data may leave your device only through the following mechanisms, all of which you must explicitly configure:

Mechanism	How It Works	Who Has Access
iCloud Sync (Pro subscribers only)	Your knowledge graph is synced between your own Apple devices using Apple’s CloudKit infrastructure. You must be signed into iCloud and have a Beatrice Pro subscription. This feature is opt-in and activates after your next app restart following purchase.	Only you, across your own Apple devices. Apple’s privacy policy governs how CloudKit stores data. The Beatrice development team has no access to data stored in CloudKit.
Local Mesh Sync	Peer-to-peer transfer over your local WiFi network using Apple’s Network framework and Bonjour service discovery. Data never leaves your local network.	Only devices on your local network that you explicitly pair with a PIN code.
Email-Relay Sync	Encrypted payloads sent through your own IMAP/SMTP email account as a transport layer.	Only you (the email account holder). Payloads are encrypted before transmission.
Export	You may export your graph as JSON or Markdown files to your device’s local storage.	You control where exported files go.

At no point does Beatrice transmit your data to any server owned, operated, or controlled by the Beatrice development team. We do not have servers. iCloud sync, when enabled, uses Apple’s infrastructure exclusively and is governed by Apple’s Privacy Policy.

6. Third-Party Services

Beatrice uses the following third-party frameworks and services. Each is described with its data implications:

6.1 Apple Frameworks

SwiftData: Local database. No network access. Data stays on device.
NaturalLanguage Framework: On-device text embeddings and language analysis. No API calls.
Core ML: On-device machine learning inference. No data leaves the device.
MultipeerConnectivity: Local network peer-to-peer discovery and data transfer. Data never traverses the internet.

6.2 Google Analytics (Website Only)

Our marketing website (landing pages and documentation) uses Google Analytics to understand general traffic patterns. This is separate from the App. Google Analytics does not have access to your knowledge graph, App usage, or any personal data stored within Beatrice. Google’s privacy policy can be found at https://policies.google.com/privacy. You can opt out of Google Analytics via the Google Analytics Opt-out Browser Add-on.

6.3 Apple App Store

Distribution, purchase processing, and App Store analytics are handled by Apple Inc. Apple’s privacy policy governs data collected through the App Store. We do not receive personal information about individual users from Apple beyond aggregated sales and analytics data.

7. Data Retention

Because we do not collect or store your data, there is no retention period imposed by us. Your knowledge graph data persists on your device for as long as you keep the App installed. Deleting the App removes all Beatrice data from your device.

8. Your Rights

Depending on your jurisdiction, you may have some or all of the following rights. Because Beatrice does not collect personal data, many of these rights are not applicable in practice — but we list them for completeness and transparency.

8.1 Under the GDPR (EU/EEA/UK)

Right of Access (Article 15): You may request access to any personal data we hold about you. Since we hold no personal data, there is nothing to access.
Right to Rectification (Article 16): Not applicable — we hold no data to rectify.
Right to Erasure (Article 17): You may delete all your data by deleting the App from your device.
Right to Restriction (Article 18): Not applicable — we do not process personal data.
Right to Data Portability (Article 20): You may export your entire knowledge graph at any time using the App’s built-in export feature.
Right to Object (Article 21): Not applicable — we do not process personal data for any purpose you could object to.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your EU/EEA/UK member state.

8.2 Under the CCPA / CPRA (California, USA)

Right to Know: We do not collect, sell, or share your personal information.
Right to Delete: Not applicable — we hold no personal information to delete.
Right to Opt-Out of Sale/Sharing: Not applicable — we do not sell or share personal information.
Right to Limit Use of Sensitive Personal Information: Not applicable — we do not collect sensitive personal information.
Right to Non-Discrimination: We do not discriminate against users for exercising their privacy rights.

8.3 Under PIPEDA (Canada)

Right to Access: You may request access to any personal information we hold about you. We hold none.
Right to Correct: Not applicable — we hold no personal information to correct.
Right to Withdraw Consent: If you opt-in to crash diagnostics sharing, you may withdraw this consent at any time in your device settings.
Right to Complain: You may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.

8.4 Under the LGPD (Brazil)

Right to Confirmation and Access (Article 18): We confirm that we do not process your personal data.
Right to Deletion (Article 18(6)): You may delete all your data by removing the App.
Right to Portability (Article 18(V)): You may export your data at any time via the App’s export feature.

9. Children’s Privacy

Beatrice does not knowingly collect personal information from children under the age of 16 (or the applicable age of digital consent in your jurisdiction). Because the App does not collect any personal information from any user, this policy applies equally to users of all ages. Parents and guardians may review the “Information We Do Not Collect” section above for full details.

10. International Data Transfers

Because Beatrice does not transmit data to any server operated by us, there are no international data transfers to consider. Your data remains on your device unless you choose to sync it using one of the mechanisms described in Section 5. Any data transferred through Email-Relay Sync travels through your own email provider and is governed by that provider’s privacy policy and data transfer practices.

11. Data Security

While we do not hold your data, Beatrice is designed with security as a foundational principle:

All processing occurs on-device — no data crosses a network boundary to be understood or analyzed.
Local Mesh Sync uses encrypted peer-to-peer connections over your local network.
Email-Relay Sync encrypts data before it enters your email provider’s systems.
The App uses Apple’s built-in security frameworks (SwiftData sandboxing, file-system encryption, Keychain for credentials).

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date at the top of this page. For changes made after the App is distributed through the App Store, we will also note significant changes in the App’s version history or release notes. We encourage you to review this page periodically.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your rights, you may contact us at:

Email: privacy@beatrice-app.com
Mail: Beatrice Development Team, Canada

We aim to respond to all inquiries within 30 days. Under GDPR, we are required to respond to data subject access requests without undue delay and within one month (Article 12(3)).

14. Data Protection Officer

Given the nature of Beatrice’s data processing (i.e., the absence thereof), we have not appointed a formal Data Protection Officer (DPO). However, all privacy inquiries are handled directly by the Beatrice development team with equivalent care and attention. If you believe a DPO is required under your jurisdiction, please contact us and we will cooperate fully with relevant supervisory authorities.

15. Severability

If any provision of this Privacy Policy is found to be unenforceable or invalid under applicable law, the remaining provisions will continue to be valid and enforceable to the fullest extent permitted by law.