Privacy Policy

Your privacy matters to us. Choose a policy below to learn how we protect your data.

Effective date: March 8, 2026

1. Introduction

Unsent: The Unsent Message ("Unsent," "we," or "our") is a private space for reflection, drafts, and unsent messages. Your data belongs to you alone. This policy explains how information is handled.

2. Data Collection & Storage

We do not collect, transmit, or store your personal data on external servers.

2.1 Local Storage

All entries, contacts, categories, media (photos, videos, audio recordings), link metadata, drafts, and settings are stored locally on your device using Apple's SwiftData framework.

2.2 Data Ownership

You retain full ownership of your data. If you delete the app, all stored data is permanently removed and cannot be recovered by us.

2.3 No Cloud Sync

Unsent does not sync your data to iCloud or any third-party cloud service. The app functions fully offline.

3. Media & Permissions

3.1 Camera

If you choose to capture photos or videos within the app, camera access is requested. Media is stored locally on your device and is never uploaded.

3.2 Microphone

If you choose to record audio messages, microphone access is requested. Audio is recorded in M4A format and stored locally. Recordings have a maximum duration of 5 minutes.

3.3 Photo Library (Save Only)

If you choose to save a photo from the app to your device's photo library, write-only access is requested. Unsent cannot read or browse your existing photos.

3.4 Video Compression

Videos captured or imported are compressed on-device to reduce storage usage. The original is not retained — only the compressed version (up to 5 minutes, 100 MB maximum) is stored locally.

4. Backup & Restore

4.1 Backup Formats

You may create a backup at any time. Two formats are available:

4.2 Encryption (Optional)

You may choose to encrypt either backup format with a password you set. Encryption uses AES-GCM-256 with PBKDF2 key derivation (100,000 iterations). Your password is never stored by the app. If you lose your password, the backup cannot be recovered by anyone, including us.

4.3 Backup Handling

Backups are created entirely on-device and are never sent to us. Once created, the backup file is fully under your control, and we cannot access or recover it under any circumstances. How you store or share the backup after creation is your responsibility.

5. Network Activity

5.1 Link Previews

When you add a URL to a message, the app may fetch the webpage to retrieve a title, description, and thumbnail image. This is the only network request the app makes. No personal data or identifiers are sent with the request.

5.2 No Other Network Activity

The app does not contact any analytics, advertising, crash reporting, or tracking services. There are no server-side components.

6. Face ID & Touch ID

Biometric protection is optional and handled entirely by iOS through the device's Secure Enclave. The app only receives a "success" or "failure" signal from iOS and does not store, transmit, or process any biometric data. When enabled, the app locks when backgrounded and requires authentication to re-enter.

7. App Usage Metrics

The app tracks a small number of usage metrics locally for the sole purpose of determining when to show an optional App Store review prompt:

These values are stored on your device only and are never transmitted or shared.

8. Bug Reporting

Bug reports are submitted manually via email. A pre-filled template may include your device model, iOS version, and app version. You review and control the contents before sending. No system diagnostics or personal data are sent automatically.

9. Third-Party Services

The app does not use third-party analytics, tracking SDKs, advertising networks, or crash reporting services. It is built entirely with Apple's native frameworks. Standard Apple diagnostics may apply based on your device settings.

10. Data Deletion

You can delete individual messages, entire conversations, or all data at any time from within the app. Deletion is immediate and irreversible. Deleted data cannot be recovered.

11. Children's Privacy

Unsent is not intended for children under 13 (or 16 in the EU).

12. GDPR (EU Users)

Under the General Data Protection Regulation (GDPR), EU users have specific rights regarding personal data:

13. Policy Updates

Updates to this policy will be reflected in the app and on this page.

14. Contact

Questions about privacy can be sent to support@theunsentmessage.app.

Last Updated: January 20, 2026

1. Our Philosophy

The Unsent Message is built on the belief that your private thoughts belong to you. While our App is a closed vault (no tracking, local storage only), our Website uses standard tools to help us understand how to reach the people who need this product.

2. Information We Collect

Usage Data (Analytics)

We use Google Analytics to understand visitor behavior—such as which pages you visit, how long you stay, and where you came from. This data is aggregated and does not identify you personally by name or address.

Email Addresses

If you voluntarily join our waiting list, we collect your email address solely to notify you of app updates.

3. Cookies & Tracking

Why we use them

We use cookies to function effectively and to gather analytics data. This helps us fix broken pages and improve the user experience.

Your Control

You will see a cookie banner when you first visit. You can choose to accept or decline non-essential cookies. If you decline, we will not track your visit in our analytics, but the website will still work for you.

4. How We Use Your Email

If you provide your email address, it will be used for one purpose only: to notify you about The Unsent Message app (launches, major updates, or critical news). We never sell, rent, or share your email address with third-party advertisers.

5. Third-Party Services

6. Contact Us

Questions? Contact us at: support@theunsentmessage.app