Privacy Policy
Effective July 7, 2026
Lifeline is a local-first life organizer. The short version: your data lives on your device, and we run no servers that store it. There are no accounts, no analytics, no ads, no tracking, and no telemetry of any kind.
What we store, and where
Everything you put into Lifeline — transactions, budgets, notes, documents, case details, maintenance records, emails it fetches for you — is stored only on your device, in a local database inside the app's private container. Credentials and API keys are stored in a locally encrypted file (AES-256-GCM) on the same device. We (the developer) cannot see, access, or recover any of it. Deleting the app deletes the data.
Lifeline never uploads your data to a Lifeline server, because there isn't one that stores anything.
When data leaves your device
Data leaves your device only when you connect a specific integration, and then only between your device and that provider:
- Banks (Plaid). If you use quick connect, your device talks to Plaid through a small stateless relay we operate. The relay adds API credentials to your request and passes Plaid's answer straight back — it stores nothing and logs only anonymous event names (e.g. "a link session was created") for abuse prevention, never account data, balances, transactions, or bank credentials. Your bank login itself happens inside Plaid's own interface; Lifeline and the relay never see your banking password. If you use your own Plaid keys instead, your device talks to Plaid directly and the relay is not involved at all. Plaid's handling of your data is described in the Plaid End User Privacy Policy.
- Email. If you connect an inbox, your device connects directly to your mail provider over IMAP using an app password you create. Mail is fetched to your device and processed there.
- Google Calendar. Connects directly from your device to Google using OAuth credentials you create in your own Google Cloud project.
- Weather, stocks, public records. Optional lookups query the relevant service directly from your device (OpenWeatherMap with your own API key; Yahoo Finance public quotes; USCIS public case status; your county's public property-appraisal search). These requests contain only the lookup itself (a city, a ticker, a receipt number, an address).
- Community board. Reads public posts from a public Reddit community. Read-only; nothing about you is sent.
Every integration above is optional, off by default, and removable in Settings.
Purchases
Subscriptions (for quick connect bank linking) are handled entirely by Apple In-App Purchase. Apple processes the payment; Lifeline only learns whether a subscription is active — never your payment details. Manage or cancel anytime in your Apple ID subscription settings.
AI features
Lifeline's engines are deterministic and run on your device. The optional AI-assist feature on desktop uses a locally installed model (Ollama) on your own computer and only when you explicitly invoke it. No cloud AI service receives your data.
What we collect about you
Nothing. No account, no email list, no usage analytics, no crash reporters, no identifiers. The relay's anonymous rate-limiting counters (per-IP request counts, retained briefly by Cloudflare) are the only operational data that exists, and they contain no personal or financial information.
Children
Lifeline is not directed at children under 13 and we do not knowingly collect information from them (we do not collect information from anyone).
Changes
If this policy changes, the updated version will be posted at this URL with a new effective date. Because the app is local-first, a policy change can never retroactively grant access to data on your device.
Contact
Questions or concerns: zuhair7773@gmail.com