Data & Privacy

Loci is a fully standalone app that does not operate or connect to any proprietary server. Your data stays entirely on your device — you decide whether to sync, and where.

Data the App Accesses

To provide footprint tracking and trip recording, Loci accesses the following data on your device. This data is processed and stored locally by default:

• Location data — used to record your footprint tiles and trips.
• Motion & Fitness data — used to identify your activity state (walking, driving, etc.) and optimize location sampling.

As such, Loci has no means of obtaining your name, email address, phone number, or any other personal identifiers.

Optional Cloud Sync

Loci supports syncing your data to a cloud service of your choice (such as iCloud or WebDAV). Before syncing, all data is end-to-end encrypted on your device. The encryption key is stored solely on your device and is not accessible to any third party. Please keep your recovery key safe — if it is lost, your data will be permanently unrecoverable.

AI Features (Memories, Place Stories, Map Insights, Footprint Replay Search)

The app offers AI-powered features that turn your trail into natural-language narratives. AI behavior is fully controlled by you in Me → AI Settings, and operates in one of three modes:

• Off — no AI is called. The app uses built-in text templates only. No data leaves your device.
• On-device (default on iOS 26 or later with Apple Intelligence support) — generation runs locally via Apple Intelligence. No data leaves your device. Processing is governed by Apple's own privacy practices.
• Cloud — only enabled if you actively switch to this mode and provide your own OpenAI-compatible API endpoint and key. Data is sent only to the endpoint you configure.

What is sent in Cloud mode

Even in Cloud mode, the payload is strictly anonymized before leaving your device. We send:

• Anonymous tile tokens (e.g. LOC_001) instead of real place names
• Month-level dates (yyyy-MM) instead of precise timestamps
• Aggregated statistics: active days, step buckets, trip counts
• Tokenized place labels (e.g. "Home", "Workplace") when relevant

We do not send: raw GPS coordinates, raw photos, per-second timestamps, your name, email, phone, IP-derived identity, device identifiers, or any other personal information beyond what is necessary to render an aggregated narrative.

To audit exactly what would be sent, open Me → AI Settings → Preview Payload, which displays the precise prompt for each scene.

Your role in Cloud mode

In Cloud mode, the third-party AI service is selected, configured, and authorized by you. That service operates under its own privacy policy and terms — please review them before enabling Cloud mode. The app does not relay data through any proprietary server, does not retain a copy of your prompts, and does not bill or broker the third-party service.

Local storage & user control

AI call metadata (timestamp, scene, mode, endpoint host, payload size, outcome) is logged locally in a ring buffer of the most recent 50 calls. No payload bodies are stored. You can view or clear this log at Me → AI Settings → AI Call Log. AI-generated narratives are cached on-device and tied to your AI mode; clearing the call log or switching mode will naturally invalidate cached results over time.

API Key storage

When using Cloud mode, your API key is stored in the system Keychain, not in plain preferences. You can clear it at any time from Me → AI Settings.

Export & Migration

Export:
Use Me -> Export Data to export a full data file.

Move to a new device:

1. Confirm sync is complete on the old device.
2. Back up your recovery key.
3. Install Loci on the new device, enable sync, and import the recovery key.
4. Wait for cloud data restore.

Data Deletion

• Delete local data: uninstalling the app removes all local data from your device.
• Delete cloud data: if you have enabled cloud sync, clear/reset cloud data from Sync & Encryption settings before uninstalling.

Third-Party Services

The app uses Apple's frameworks and services (MapKit, CoreLocation, CoreMotion, Apple Intelligence), which are governed by Apple's own privacy policies. No third-party analytics, advertising, or tracking SDKs are integrated.

If you enable Cloud AI mode, the OpenAI-compatible endpoint you configure is a third party selected by you. Its data handling is governed by that provider's own policy, not by us.

Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy, please contact us via the feedback option in the app.