Privacy Policy
Effective: 14 July 2026 · Last updated: 14 July 2026
Still Scent (the “App”) is built and operated by Changao Ho, an independent developer (“we”, “us”). This policy explains what the App handles, why, where it goes, and what control you have.
The thirty-second version
- No account is required. We hold no identity data about you.
- Your collection, photos and wear journal live on your iPhone. With a subscription they sync through your own private iCloud database, which we cannot read.
- Content leaves your device only when you actively use an AI feature; it is processed by Anthropic’s Claude model, then discarded. It is never used to train models.
- No ads, no third-party tracking SDKs, no behavioural analytics. Nothing is sold or traded.
1. What we handle
The App has no account system. We do not collect your name, email, phone number, or anything that directly identifies you. Only the following data is involved:
2. On-device storage
The App is local-first: your collection, photos and journal are written to a local database on your iPhone (Apple SwiftData), protected by the iOS sandbox and device encryption. These features work with no network connection at all.
3. iCloud sync (Still Scent Pro)
With a Still Scent Pro subscription, your data can sync via Apple CloudKit to the private database of your own iCloud account. That data is yours, held and encrypted by Apple under Apple’s terms. We have no access to it — we cannot see your collection or your journal. Cancelling a subscription does not delete synced data; it simply stops syncing.
4. How AI features handle data
The AI features (photo recognition, the fragrance advisor, layering suggestions, brand radar) require a network connection. Only when you actively trigger them does the following leave your device:
- The bottle photo you take for recognition (downscaled and compressed on device first);
- The text you type in the advisor chat;
- A summary of your collection (e.g. names and scent families, never photos) so that advice fits what you own;
- The random device code, used for allowance counting and abuse prevention.
This is sent over HTTPS to our relay server on Cloudflare Workers, which forwards it to Anthropic’s Claude model API and returns the result to your device. About that path:
- Our relay does not store request content — photos and messages are not written to disk. It may produce short-lived technical logs (timestamp, endpoint, status code, random device code) for rate limiting and troubleshooting, kept for at most 30 days.
- Anthropic processes the data under its commercial API terms and does not train its models on your content. See Anthropic’s privacy policy and Cloudflare’s privacy policy.
- Please don’t type sensitive personal information into the chat.
- If you never use the AI features, nothing is transmitted for AI purposes.
5. Location and weather
The daily pick takes local weather into account. If you grant location permission, the App requests an approximate location (precise location is not needed) and sends the coordinates to the third-party weather service Open-Meteo to retrieve temperature and conditions. Coordinates are not stored by us and are never used for tracking, advertising or analytics. You may decline — everything else in the App works exactly the same, the recommendation simply won’t consider weather.
6. Fragrance library updates
The App ships with a built-in fragrance library and periodically downloads an updated copy (a public static JSON file) from our server. That request carries no personal data. As with any web request, server records may include an IP address and timestamp, used only for traffic and abuse prevention.
7. Subscriptions and payment
Subscriptions are handled by the Apple App Store. We never see your payment details (card, Apple ID and so on). Subscription status is verified on your device through Apple StoreKit. Apple may provide us with aggregate, anonymous sales statistics that contain no personally identifiable information.
8. What we don’t do
- No advertising, no ad tracking, no IDFA.
- No third-party analytics or behavioural tracking SDKs — no Firebase, no Facebook SDK, nothing of that kind.
- We do not sell, rent or trade your data.
- We do not build a marketing profile of you.
- We do not read your contacts, your whole photo library, health data, or anything unrelated to the App. Only the photos you pick are used.
9. Retention
- On-device data: kept until you delete it, or until you delete the App.
- iCloud data: held in your iCloud account; you can remove it any time from iOS Settings.
- AI request content: not retained.
- Server technical logs: at most 30 days.
10. Your rights and deleting data
Because we hold nothing that identifies you, access, correction and deletion are things you carry out on your own device:
- Delete one item: delete the fragrance or journal entry inside the App.
- Delete everything: deleting the App removes all on-device content. If you enabled iCloud sync, you can also remove the App’s data in iOS Settings → your name → iCloud → Manage Account Storage.
- If you are in the EU/UK (GDPR) or California (CCPA/CPRA), you retain the rights of access, rectification, erasure, restriction and objection. Since we hold no identifiable personal data, most requests are satisfied by the steps above; write to us if anything is unclear. We will never discriminate against you for exercising these rights.
11. Children
The App is not directed at children and does not knowingly collect personal data from them. Its App Store rating is 4+, but the subject matter — a personal fragrance collection — is aimed at adults.
12. Security
All outbound connections use HTTPS/TLS. The AI relay authenticates callers with an application key and applies rate limits against abuse. On-device data is protected by the iOS sandbox and device encryption. No system is perfectly secure, but our design principle is simple: data we never collect cannot leak.
13. Changes and contact
If this policy changes materially, we will update the “Last updated” date on this page and note it in the App’s release notes. For any privacy question, request or complaint:
changao.ho@gmail.com
Data controller: Changao Ho (independent developer), Taiwan