Every privacy scandal starts the same way: a company collected data it didn't need. We skip that step entirely.
Short version: your data goes from your fingers to your device to your private iCloud. That's it. There is no step where it touches our servers, because we don't have servers.
All data is stored using Apple's SwiftData framework with CloudKit sync to the user's private iCloud database. The private database is encrypted by Apple and accessible only by the user's Apple Account. KindSoft has no ability to query, read, list, or access records in any user's private container.
If iCloud is unavailable or not enabled, data is stored locally on the device only. It never falls back to a KindSoft server — we don't have one.
Our apps make no network calls to KindSoft-operated servers. No analytics pings. No crash reports. No telemetry. No heartbeats. The only network traffic is Apple's own CloudKit sync (device ↔ iCloud) and optional public content fetches (RSS news feeds, public recipe APIs) — none of which carry user data.
We don't operate a backend. There is no API endpoint, no database server, no cloud function, no Lambda, no container. The "server" in our architecture is Apple's iCloud infrastructure, which we don't administer and can't access.
CloudKit private databases use Apple's end-to-end encryption for data at rest and in transit. On-device data is protected by the device passcode and hardware encryption (Secure Enclave). We don't implement our own cryptography because we don't need to — Apple's platform encryption covers our entire data surface.
Our job is the architecture decision that makes encryption sufficient: never store user data anywhere Apple's encryption doesn't already cover.
Every system permission our apps request (HealthKit, Calendar, Contacts, Notifications) is disclosed with a plain-language purpose string, is opt-in only, and is used exclusively for the stated purpose. Permissions that aren't needed are never requested. Data from one permission is never used for another purpose.
If you deny a permission, the feature that needs it is unavailable but the rest of the app works normally. We never degrade the experience to pressure you into granting access.
Our apps contain no third-party analytics SDKs (Google Analytics, Mixpanel, Amplitude, Firebase), no crash reporters (Crashlytics, Sentry, Bugsnag), no advertising frameworks, and no attribution trackers. The only third-party code is Apple's own frameworks — SwiftUI, SwiftData, CloudKit, HealthKit, StoreKit, WidgetKit.
When our apps fetch external content (public recipe APIs, RSS news feeds), those requests carry no user data, no authentication tokens, no identifiers. They are anonymous, stateless HTTP GETs.
If you discover a security issue in any KindSoft product, please report it. We take every report seriously and respond within 24 hours.
support@kindsoft.tech