Privacy Policy

Last updated: 5 June 2026

This policy describes how Patter ("the app") handles information when you use it on iPhone. The app is local-first: chat messages and personas are stored on your device. You can use the app in two modes:

• BYOK (Bring Your Own Key): You provide an API key from a supported AI provider (Google AI Studio, OpenAI, Anthropic, OpenRouter, Grok/xAI, or any OpenAI-compatible endpoint). Messages go directly from your device to that provider — no developer-owned server is involved.
• PatterAI (optional subscription): If you don't want to manage your own API key, the PatterAI plan routes AI requests through a Cloudflare Worker operated by the developer for authentication and credit tracking. The Worker does not log or retain message content.

If anything here conflicts with Apple's in-app labels in App Store Connect or on the App Store product page, the store listing and system permission dialogs control for required disclosures.

Summary

• All conversations (chat messages, grammar corrections, persona data) are stored on your device only via SwiftData. We do not collect, transmit, or store any of your conversation content on a server.
• For BYOK, you provide your own API key from a supported AI/LLM provider (Google AI Studio, OpenAI, Anthropic, OpenRouter, Grok/xAI, or any OpenAI-compatible endpoint). Your API key is stored exclusively in the iOS Keychain — it is never written to SwiftData, UserDefaults, or logs.
• For PatterAI, subscription credentials are managed by Apple's App Store and validated via RevenueCat using an anonymous user identifier. No personal account is created.
• When you send a message in BYOK mode, your text (along with recent conversation history and system prompts) is sent directly from your device to the API of the provider whose key you configured. That provider's own privacy policy governs how they process that data.
• When you send a message in PatterAI mode, your text is forwarded through a Cloudflare Worker operated by the developer to an AI provider. The Worker validates your subscription and tracks credits without logging or retaining message content.
• The app uses on-device retrieval/memory features to let AI personas recall salient facts from prior conversations across sessions, enabling continuous language-learning context.
• The app uses local notifications (proactive pings) to remind you to practice. These are scheduled entirely on your device and do not transmit any personal information.
• Subscriptions are processed by Apple's App Store and validated through RevenueCat as a sub-processor. Only an anonymous user identifier, purchase receipt, and basic device metadata are shared — never conversation content or API keys.
• The app uses Sentry for anonymous diagnostics — crash reports, performance metrics, and aggregated usage events (e.g. "a message was sent", "onboarding was completed"). No conversation content, message text, API keys, or personal identifiers are collected. Aggregated counts and provider type (e.g. "OpenRouter") may be recorded. You can opt out in Settings → Privacy.

Information the app stores or processes

Conversation data (stored locally)

• What: Chat messages, AI persona definitions (name, emoji, backstory, tone), grammar correction history, and conversation metadata.
• Where: Stored locally on your device via SwiftData in the app's container. Nothing is uploaded to any server.
• Your control: You can delete conversations at any time within the app. Deleting the app removes all stored data (subject to iOS backup behavior).

API key (stored in Keychain)

• What: Your personal API key for an LLM provider.
• Where: Stored exclusively in the iOS Keychain using standard secure-storage APIs. The key is never stored in SwiftData, UserDefaults, files, or logs.
• Usage: Used only to authenticate requests sent directly from your device to your chosen LLM provider's API endpoint. The app developer cannot access or see your key.

Data sent to your LLM provider

• What: Your chat messages, recent conversation history (last 20 messages), system prompts (including your selected CEFR level and persona instructions), and — when you use the in-app translation or tap-to-define-a-word features — the text or word you ask to translate or define.
• Where: Sent directly to the API endpoint of the provider you configured. This traffic is not routed through any intermediate server owned by the app developer.
• Governance: Your data sent to the LLM provider is subject to that provider's privacy policy and terms of service, not this policy. We encourage you to review their policies before providing an API key.

Third-party AI providers (BYOK)

When you use Bring-Your-Own-Key mode, your messages and conversation context are sent directly to the AI provider whose API key you configure. We have selected established providers that publish privacy policies offering protections comparable to those described here; we encourage you to review the relevant policy before configuring a key, as their handling of your data is governed by their terms, not this policy:

• OpenAI: openai.com/policies/privacy-policy
• Anthropic (Claude): anthropic.com/legal/privacy
• Google AI Studio (Gemini): policies.google.com/privacy
• OpenRouter: openrouter.ai/privacy
• xAI (Grok): x.ai/legal/privacy-policy
• Perplexity: perplexity.ai/hub/legal/privacy-policy
• Custom (OpenAI-compatible) endpoint: if you configure your own endpoint URL, your data is governed by the privacy policy of whichever service operates that endpoint.

Patter asks for your explicit in-app consent — disclosing what is sent and which provider it is sent to — before any message is shared with a third-party AI provider.

PatterAI subscription data (when you subscribe to PatterAI)

• What: An anonymous RevenueCat App User ID, your Apple-issued purchase receipt, and a short-lived authentication token issued by the developer's Cloudflare Worker. No personal account, email, or third-party login is collected by the app.
• Where: Credentials are stored exclusively in the iOS Keychain. They are never written to SwiftData, UserDefaults, files, or logs.
• Purpose: Validate your PatterAI subscription, authenticate requests to the Cloudflare Worker, track remaining credits, and restore your entitlement across reinstalls.
• Your control: Manage or cancel the subscription in iOS Settings → Apple ID → Subscriptions. Use Restore Purchases in the app's Settings screen to re-sync entitlements.

iCloud sync (opt-in, future feature)

• What: Conversation data may be synced via your personal iCloud container in a future update (v2). This is opt-in and uses your own private iCloud storage.
• Governance: iCloud sync follows Apple's privacy framework and your iCloud settings. No data is accessible to the app developer beyond what iCloud provides for your personal container.

PatterAI Cloudflare Worker

When you use the optional PatterAI plan, AI requests are forwarded through a Cloudflare Worker operated by the developer. The Worker performs three jobs and nothing else:

• Validate your PatterAI subscription and remaining credits via RevenueCat.
• Enforce per-account rate limits to protect the service.
• Forward your chat request to a downstream AI provider and return the response to your device.

What the Worker does not do: It does not log or retain message content, prompts, or AI responses. It does not store conversation history. It does not share your data with advertisers or any third party other than the downstream AI provider needed to fulfil the request. Cloudflare, Inc. acts as the infrastructure provider; their handling of network metadata is governed by Cloudflare's Privacy Policy.

The Worker also uses Apple's App Attest to verify that requests come from a genuine, unmodified copy of the Patter app, which helps prevent abuse of the managed-AI credits you paid for.

Data security and protection mechanisms

Patter applies the following technical safeguards to protect your credentials and chat data against unauthorised access, disclosure, alteration, or destruction.

iOS Keychain storage

All sensitive credentials — your BYOK API keys and any PatterAI authentication tokens — are stored exclusively in the iOS Keychain using Apple's Keychain Services API with the kSecAttrAccessibleWhenUnlockedThisDeviceOnly protection class. The Keychain is encrypted by iOS using hardware-backed AES encryption and is isolated per app by the operating system's sandbox. No other app on your device can read Patter's Keychain items.

No developer-owned conversation storage

The app developer operates no server, database, or cloud storage that holds your conversations. With BYOK, chat traffic goes directly from your device to the chosen AI provider. With PatterAI, chat traffic passes through the Cloudflare Worker only in transit and is not logged or retained.

Encrypted transport (TLS)

All network requests — to AI provider APIs, to the PatterAI Cloudflare Worker, and to RevenueCat — are made over HTTPS with TLS 1.2 or higher, enforced by iOS App Transport Security (ATS). This protects your credentials and chat messages in transit against interception.

No logging of sensitive data

API keys, authentication tokens, and conversation content are never written to log files, console output, crash reports, SwiftData, or UserDefaults. The crash-reporting SDK (Sentry) is configured to exclude credentials and conversation content from all error reports.

Anonymous diagnostics (Sentry)

Patter uses Sentry (sentry.io) to collect anonymous diagnostics. This helps identify bugs and improve performance.

• What is collected: Crash reports, stack traces, performance spans (e.g. AI reply latency), and aggregated usage events (e.g. "a message was sent", "onboarding completed"). Also: app version, device model, and OS version. No conversation content, message text, API keys, or personal identifiers are ever included. Aggregated counts and provider type (e.g. "OpenRouter") may be recorded.
• IP addresses: Sentry is configured with sendDefaultPii = false — your IP address is not transmitted.
• Your control: You can disable diagnostics at any time in Settings → Privacy → Share anonymous diagnostics. EU/UK users are asked for consent on first launch.
• Sentry's policy: sentry.io/privacy (https://sentry.io/privacy/)

Data retention

All conversation data and settings remain on your device until you delete them in the app or remove the app. BYOK API keys and PatterAI authentication tokens stored in the Keychain persist until you remove them in Settings or delete the app. The developer holds no server-side conversation data to request deletion of.

PatterAI subscription history held by RevenueCat and Apple is retained per their respective policies; you can manage those records through Apple's data and privacy tools and RevenueCat's privacy policy.

Subscriptions and in-app purchases

Patter offers optional auto-renewing subscriptions processed by Apple's App Store. To validate purchases, restore entitlements across reinstalls, and aggregate anonymous subscription metrics, the app uses RevenueCat (RevenueCat, Inc.) as a sub-processor.

• Data shared with RevenueCat: an anonymous RevenueCat App User ID (not linked to your Apple ID or any personal account), purchase receipts, product identifiers, country, language, device model, and iOS version.
• Not shared: conversation content, message text, API keys, or PatterAI authentication tokens.
• Purpose: validate subscription status, restore purchases, enforce entitlements, and compute anonymous subscription analytics.
• Governance: RevenueCat acts as our data processor. See RevenueCat's privacy policy for their practices. Apple's processing of your purchase is governed by Apple's Privacy Policy.
• Your control: Manage or cancel subscriptions in iOS Settings → Apple ID → Subscriptions. Use Restore Purchases in the app's Settings screen to re-sync entitlements after a reinstall.

Your rights (EU / UK / California residents)

Because Patter is local-first and stores all conversation data on your device, you exercise rights of access, correction, and deletion directly through the app — delete individual conversations, sign out to clear credentials, or remove the app to erase all local data. For data held by sub-processors (RevenueCat, Sentry, Cloudflare, Apple, and your chosen BYOK AI provider), exercise rights with each provider through their respective account or privacy controls. We do not sell or share personal information for advertising, and we do not perform automated decision-making with legal effects on you.

Children

The app is not directed to children. Parents and guardians should use Apple's Screen Time and Family Sharing controls if needed.

International users

If you use the app outside your home country, data sent to your LLM provider may be processed in the United States or other countries where that provider's infrastructure operates, as described in their respective privacy policies.

Changes to this policy

We may update this page to reflect product, legal, or App Store requirements. The Last updated date at the top will change when we do; continued use of the app after changes means you accept the updated policy.

Contact

For questions about this policy or the app's privacy practices, open an issue in the public repository: vilaverdeapps/patter.

Your privacy choices

• iOS: Settings → Privacy & Security → Tracking — control whether apps may ask to track you across other companies' apps and websites (see Apple's support).
• API key management: You can view or remove your API key at any time in the app's Settings screen. The key is stored in the iOS Keychain and cannot be exported from the app.

This page is provided for the Privacy Policy URL field in App Store Connect. Repository: vilaverdeapps/patter.