legal
Last updated: April 2026
The short version: shoebox collects nothing. Your data never touches our servers because we don't have any. Everything stays on your device and, optionally, in your own iCloud account.
None. shoebox does not collect, transmit, or store any personal information, usage data, analytics, crash reports, or any other data on any server operated by us.
Everything you write in shoebox is stored locally on your device using the device's built-in storage (IndexedDB / on-device storage). It never leaves your device unless you explicitly use iCloud sync.
If you enable iCloud sync, your entries are synced via Apple iCloud — Apple's infrastructure, governed by Apple's privacy policy. We never have access to your iCloud data. The sync goes directly between your devices through Apple's systems.
When you delete a memory, it is deleted immediately and permanently from your device. There is no server-side copy, no soft delete, no recovery. If you have iCloud sync enabled, the deletion propagates to iCloud on the next sync — after which it is gone everywhere.
shoebox uses no third-party analytics, advertising SDKs, crash reporting tools, or tracking libraries of any kind.
The only network request the app ever makes is to Apple's iCloud servers, and only when you have enabled iCloud sync.
shoebox contains no advertising and we do not share data with any advertising network.
shoebox does not collect data from any users, including children under 13. Because no data is collected or transmitted, there is nothing to govern under COPPA or similar regulations.
If the app ever changes in a way that affects how data is handled, this page will be updated and the date at the top will reflect that change. Given the architecture of the app, such a change would be significant and would be communicated clearly.
Questions about this policy or the app can be directed to keeganwhitacre at gmail dot com.