Tonebook

Privacy Policy

Tonebook for iOS

Effective: April 27, 2026 · Last updated: April 27, 2026

In one paragraph

Tonebook is designed to be a private AI personal-color coach. We do not perform facial recognition, do not store biometric identifiers, and do not use your photos for model training by default. Photos are used only to generate your color report and are deleted from our servers after processing in live-AI mode (default sim mode never uploads them at all). You can delete your saved data anytime in Settings.

What we collect

Data	When	Purpose
Selfie photo (you upload)	When you tap "Analyze my style"	Generate your AnalysisResult. In default mock mode the photo never leaves your device. In live-AI mode, the photo is sent to our Supabase edge function which calls OpenAI's vision API — the photo is processed in transit and not retained server-side.
Onboarding answers	During first-run	Personalize your report copy. Stored locally in your device's UserDefaults.
Saved reports	Each generated analysis	Stored locally in your device's Application Support directory as Codable JSON. Never uploaded.
Anonymous product analytics	Throughout app use	Aggregate metrics (e.g., paywall_viewed, report_viewed) via PostHog. Opt-out anytime in Settings → Send anonymous analytics.
Crash reports	When the app crashes	Sent to Sentry to fix bugs. No PII. Opt-out applies.
App Store purchase receipts	When you buy	Verified by Apple's StoreKit + RevenueCat for entitlement gating. Standard Apple-mediated flow.

What we DON'T do

Facial recognition — we sample average skin-region color, not identity-discriminative features
Biometric identifiers — no face embeddings, no fingerprints, no Face ID storage
Training on your photos — by default, your selfie is never used to train any model. If we ever offer an opt-in research program, it will be explicit and opt-in.
Sell your data — we do not sell, rent, or share personal data with third parties for advertising
Track you across other apps or websites — App Tracking Transparency permission is not requested because we do not track

Third-party services

Service	Data sent	Purpose
Apple StoreKit / App Store	Purchase receipts	Subscription billing
RevenueCat	Anonymous user ID + entitlement state	Subscription dashboard + cross-device entitlement sync
OpenAI (via our Supabase Edge Function, live-AI mode only)	Compressed selfie + onboarding profile JSON	Generate AnalysisResult. Subject to OpenAI's API data policy: not used for training.
Supabase	API requests	Edge Function hosting
PostHog	Anonymous event names + session ID	Product analytics. Opt-out in Settings.
Sentry	Crash stack traces	Crash debugging. Opt-out applies.

Your rights

Delete my data — Settings → Delete my saved report and photo wipes consent state, onboarding profile, all saved reports, and entitlement cache
Opt out of analytics — Settings → Send anonymous analytics (off)
Switch to mock mode — Settings → Use live AI (off) keeps every analysis on-device
Cancel subscription — Settings → Manage subscription opens the iOS subscription manager
Restore purchases — Settings → Restore purchases re-syncs your entitlements

For users in jurisdictions with formal data-rights frameworks (CCPA, GDPR, PIPEDA, etc.), the in-app delete-my-data flow performs a complete erasure equivalent to a Right-to-Erasure request.

Data retention

On-device data (photos, saved reports, profile) — kept until you delete it
Live-AI photo transit — the photo is held in memory during the OpenAI request only; we do not log or persist it server-side
Analytics — retained per PostHog standard retention (12 months) unless you opt out
Crash reports — retained per Sentry standard retention (90 days)

Children

Tonebook is intended for adults 18 and older. The app's first-run consent flow requires explicit confirmation that you are 18+. We do not knowingly collect data from minors.

Changes to this policy

We will update the "Last updated" date and post the new version at this URL. Material changes will be surfaced in-app on the next launch.

Contact

Email: hello@tonebook.app

← All legal documents