Privacy Policy
For the UsageLens iOS app · Effective 15 July 2026 · Version 1.0
The short version
UsageLens has no account system, no backend server, and no analytics. We do not receive your data — we have nowhere to receive it. Everything the app records stays on your iPhone. Your API keys are stored in the iOS Keychain and are never written to the file the widget reads, never transmitted to us, and never shown again after you enter them.
The one thing worth understanding in detail: when you configure a provider, your device talks to that provider directly. Those requests never pass through us, but the provider does see them. That is explained in “Network connections” below.
1. Who this policy covers
This policy applies to the UsageLens application for iPhone and its Home Screen and Lock Screen widget extension. It does not cover the AI providers you choose to connect to (for example OpenAI or Anthropic) or any endpoint you configure yourself. Those services are operated by other parties under their own privacy policies.
2. Data we collect
None. UsageLens contains no analytics SDK, no advertising SDK, no crash reporting service, and no third-party SDKs of any kind. It does not use the Advertising Identifier (IDFA). It does not track you across apps or websites. There is no server that belongs to us for the app to talk to.
In App Store terms, our App Privacy declaration is “Data Not Collected.”
3. Data stored on your device
All of this stays on your iPhone. None of it is sent to us.
| What | Where it is kept |
|---|---|
| Provider configuration — the name you give a provider, its type, metric, unit, quota limit, reset window, and for Custom REST the endpoint URL and JSON paths you entered | An App Group container shared only between the app and its own widget |
| Usage snapshots — the numbers returned by your providers or entered by you, with timestamps and status | The same App Group container |
| Settings — refresh interval, notification preference, warning thresholds, widget privacy mode, history retention | The same App Group container |
| Notification state — which threshold last fired for which usage window, so a warning does not repeat | App Group preferences |
| API keys and endpoint secrets | The iOS Keychain, and nowhere else — generic password items marked kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly |
The App Group file is written atomically with file protection and contains no credentials. This separation is deliberate: the widget extension can read your usage numbers but has no access to the Keychain, so it cannot reach your keys even in principle.
Usage snapshots older than your retention setting (90 days by default) are deleted automatically.
4. Network connections
UsageLens makes network requests only to providers you explicitly configure, and only when a refresh runs (you pull to refresh, you tap refresh, or iOS runs a background refresh). Manual trackers make no network requests at all.
Depending on what you configure, your device may connect directly to:
api.openai.com— if you add an OpenAI Platform providerapi.anthropic.com— if you add an Anthropic Claude Platform provider- Any HTTPS host you enter yourself — if you add a Custom REST provider
These requests go from your device straight to that service. They do not pass through any server of ours, and we do not see them, log them, or proxy them. However, the service you are calling necessarily receives the request and can see your device's IP address, the time of the request, and the credential you gave it. What that provider does with that information is governed by their privacy policy, not this one.
All connections are HTTPS. The app rejects non-HTTPS endpoints, uses an ephemeral session with no persistent cookies and no response cache, applies request and resource timeouts, and refuses responses larger than 2 MB. Response content is parsed as JSON and never executed.
5. Notifications
Threshold warnings are optional and are generated and delivered entirely on your device by iOS. No push server is involved and no notification content leaves your phone. Notifications are off by default; turning them on asks iOS for permission, which you can revoke at any time in the Settings app.
6. Widgets and Shortcuts
The widget reads only the credential-free App Group file described above. The “Log AI Usage” Shortcut updates a manual tracker on your device. Neither sends anything anywhere.
If you place a widget on your Lock Screen, the usage figures it shows are visible to anyone who can see your screen. Widget privacy mode replaces exact amounts with dots while keeping the quota ring visible. Note that the ring itself still communicates approximate usage — that is its purpose.
7. Children
UsageLens is a developer and productivity tool. It is not directed at children, and it does not knowingly collect information from anyone — including children — because it does not collect information at all.
8. Your choices and deleting your data
- Delete one provider: swipe to delete it in the Providers list. This removes its configuration, its entire usage history, and its Keychain credential.
- Delete everything: delete the app. iOS removes the App Group container and the app's Keychain items with it.
- Stop network activity: disable a provider with its toggle, or turn off Background App Refresh for UsageLens in the iOS Settings app.
Important: deleting the app does not revoke your API keys at the provider. If you want a key to stop working, revoke it in your OpenAI or Anthropic organization settings — that is the only place that can actually invalidate it.
9. Data security
Credentials are held in the iOS Keychain, are marked as device-only (they are not included in iCloud Keychain sync or encrypted backups that could move them to another device), and are not readable until the device has been unlocked once after boot. Usage data is written with iOS file protection. Errors shown in the app are sanitized so that keys, authorization headers and raw provider responses are never displayed.
No security measure is absolute. A jailbroken, compromised, or physically accessible unlocked device can expose data that these protections otherwise cover. If you are responsible for an organization's Admin API key, consider keeping it on a broker service and pointing the Custom REST connector at that broker instead of putting the key on a phone at all.
10. Changes to this policy
If this policy changes, the revised version will be published at this address with a new effective date. Material changes affecting how data is handled will also be described in the app's release notes. This page always reflects the current version of the app.
11. Contact
Questions about this policy or about privacy in UsageLens: forall@tuta.com