cusper — Privacy Policy
The short version
cusper is a reality shifting companion app. It runs on your phone. There are no accounts, no servers we operate, no analytics, no ads, and no third-party trackers.
By default, every reality you create, every line you write, every dream you log, every voice memo you record, and every audio file you import stays on your device. Nothing is sent to us — there is no us to send it to.
If you turn on iCloud sync from Settings (off by default), your text-shaped data syncs through your own iCloud account. Apple holds that data on your behalf; we never see it. Audio files and photos always stay local — even with sync on, only metadata travels.
When you subscribe, App Store handles your payment. We never see your payment details.
That's the whole posture. The rest of this document is detail.
What we collect, and where it lives
On your device, never sent anywhere
Stored in iOS's standard local app storage (SwiftData and the app sandbox). Removed if you delete the app.
- The realities (Desired Realities) you create — names, archive state, creation dates
- Your scripts: the four sections (self / world / relations / return), their bodies, tags, and any photos you attach via the iOS photo picker
- Journal entries: dreams, waking practice, and notes — including bodies, tags, vividness, lucid flag, and the date
- Voice memos attached to journal entries: the audio file in your app sandbox, plus the on-device transcript
- Attempts: date, duration, outcome, notes, and which method (if any) was used
- Methods: the eight built-in shifting methods, plus any custom methods you create
- Subliminals you import: the audio file in your app sandbox, or — if you paste a YouTube or SoundCloud link — the URL only (we never download the linked audio)
- Simulated notifications you compose for yourself: type (text / email / bank), sender name, body, schedule
- Onboarding state, paywall state, content-guidance acknowledgments, and your subscription entitlement
That's the complete list. None of it leaves your device unless you turn on iCloud sync (next section) or use the iOS share sheet to export it yourself.
iCloud sync — only if you turn it on
iCloud sync is off by default. You enable it from Settings → iCloud sync.
When enabled, the text-shaped records above (realities, scripts, journal entries, attempts, methods, simulated notifications) sync through your private iCloud database via Apple's CloudKit. Apple holds the data on your behalf inside your own iCloud account. We don't have a CloudKit dashboard for your records, we don't query them, and we have no way to read them.
Audio files and photos never sync. Voice memos, imported subliminal audio files, and photos attached to scripts are always device-local. If you sign in on a new device with sync on, your library list and script entries arrive intact, but the audio files and images are not present until you re-import them. The app shows a placeholder where a missing audio file would have played, and a re-import affordance.
You can turn sync off at any time from Settings. Turning it off stops new changes from leaving your device; what's already in your iCloud account remains in your iCloud account until you remove it through Apple's iCloud controls or by deleting the app from all your devices.
Apple's privacy policy applies to data they hold on your behalf: https://www.apple.com/legal/privacy/.
Subscriptions
When you subscribe, App Store handles your payment. We never see your payment details — Apple's privacy policy applies. We use StoreKit 2 directly (no third-party subscription analytics service). Your subscription entitlement is stored on your device; if you sign in to another device with the same Apple ID, App Store restores it.
What we don't do
- We don't have user accounts. There is nothing to sign up for.
- We don't run a backend.
- We don't track you across apps or devices.
- We don't use third-party analytics, advertising IDs, or marketing pixels.
- We don't sell or share your personal data — there's nothing to sell.
- We don't upload your scripts, journal entries, voice memos, photos, or audio files to any server.
- We don't profile you for advertising.
- We don't show ads.
Microphone and speech recognition
The microphone is used for voice memos when you record one inside a journal entry. iOS will ask your permission on first use. You can revoke access at any time in iOS Settings → cusper → Microphone.
Voice memos are transcribed on-device using Apple's Speech framework. cusper enforces requiresOnDeviceRecognition = true on every transcription request — your audio never goes to Apple's servers for transcription, and never to ours. If on-device recognition isn't available on your device for the chosen language, the audio still saves and the transcript stays empty rather than falling back to the network.
Audio files for voice memos live inside the app sandbox at Documents/voice-memos/. They are removed if you delete the app, or if you delete the journal entry or the recording from inside the app.
Photos
You can attach photos to script sections. cusper uses iOS's built-in PhotosPicker: you choose which photos to share, and iOS hands those specific images to the app. cusper never has full access to your photo library.
Picked photos are copied into the app sandbox at Documents/photos/. They are removed if you delete the app, or if you remove them from inside the app.
Notifications
cusper uses notifications in two ways:
- Simulated notifications you author for yourself. The fake-notifications feature lets you compose text-style, email-style, or bank-style alerts that fire on your own device at a time you choose. These are scheduled through iOS's local notification system (
UNCalendarNotificationTrigger) — there is no push server, no APNS token, no remote service. The notifications fire from your device to your device. - Custom on-device rendering. When a simulated notification fires, a notification content extension that ships with cusper renders it in the iMessage / Mail / bank-app visual style. The rendering happens locally on your device. iOS's lock-screen header still identifies the notification as coming from cusper — that part can't be customized.
You can turn notifications off at any time in iOS Settings → cusper → Notifications.
Sensitive content and responsible use
cusper supports composing simulated messages addressed to yourself. Whatever you type stays on your device.
Please respect the privacy of others. Don't use real photos, real names, or other identifying information of people who haven't agreed to be referenced. cusper shows a one-time reminder about this the first time you open the feature. The reminder isn't a legal substitute for consent — it's a nudge. The judgment is yours.
cusper does not include AI-generated scripts, AI-generated affirmations, or any feature that sends what you write to an external model.
Age, and minors
cusper's audience includes younger users. We've designed the privacy posture to hold for everyone regardless of age: there is no account, no server, and no behavioral data collection — and what stays on your device stays on your device unless you opt into iCloud sync, in which case Apple holds it on your behalf.
We do not knowingly collect personal information from anyone, child or adult, beyond what's described above. There is no name, email, or contact field anywhere in the app.
If a parent or guardian wants to remove a young cusper's data, the simplest path is to delete the app from the device — everything goes with it. If iCloud sync was on, removing the data from iCloud is done through Apple's iCloud controls (Settings → [name] → iCloud → Manage Account Storage → cusper).
Your rights
Because cusper stores almost everything on your device, the simplest way to delete your data is to delete the app — everything goes with it. If you had iCloud sync on, also remove the cusper records from your iCloud account through Apple's iCloud controls.
cusper includes an export option in Settings. It writes a single JSON snapshot of all your records (realities, scripts, journal entries, attempts, methods, subliminals, simulated notifications) and opens the iOS share sheet so you can save it wherever you choose. Audio and photo binaries aren't embedded in the snapshot — only their filenames are recorded. The export gives you a portable record of your data; what you do with it after the share sheet is your decision.
If you live in a jurisdiction with specific privacy rights (such as the EU under GDPR or California under CCPA), those rights apply. Because we hold no personal data on a server, most rights — access, deletion, portability — are exercised by you directly through the app or through your iCloud account. Contact us if you need help.
Changes to this policy
If we change this policy, we will update the effective date at the top. If the change is significant — meaning it affects what data the app collects or where it goes — we will surface a notice inside the app before the change takes effect.
Contact
Questions, requests, or concerns: [email protected]