# Privacy Policy — Paperclip Relay for iOS

**Last updated: 19 June 2026**

This Privacy Policy explains how **WILDSOFT LTD** ("WILDSOFT", "we", "us") handles
information in connection with the **Paperclip Relay** mobile application for iOS
(the "App"). It is written in plain language so you can understand exactly what the
App does and does not do with data.

- **Publisher:** WILDSOFT LTD
- **Website:** https://wildsoft.io
- **Privacy contact:** legal@wildsoft.io

---

## At a glance

- Paperclip Relay is a **client app for a Paperclip AI server that you (or your
  organisation) run yourselves.** WILDSOFT does **not** operate a server behind the
  App and does **not** receive the agents, tasks, approvals, costs, or other content
  you view in it.
- The App talks to **one destination only: the Paperclip server address you enter.**
  It does not send your data to WILDSOFT or to any third party.
- The App contains **no analytics, no advertising, no crash-reporting, and no
  third-party tracking SDKs.** It uses only Apple's own frameworks.
- The only things stored on your device are your **access token** (in the iOS
  Keychain) and a few **settings** (server address, selected company, Face ID
  preference). Content fetched from your server is held in memory and discarded when
  you close the App.
- **Face ID / Touch ID** is used only to lock the App on your device. Your biometric
  data never leaves your iPhone and is never seen by the App or WILDSOFT.
- **Purchases and subscriptions** are processed by **Apple**, not by WILDSOFT.
- We do **not** sell or share your personal information.

---

## 1. Who this policy covers and what it applies to

This policy applies to the Paperclip Relay iOS App distributed through the Apple App
Store. It does **not** cover:

- The **Paperclip AI server** you connect to. That server is operated by you or your
  organisation. The data inside it (agents, issues, budgets, comments, activity, and
  so on) is controlled by whoever runs that server, under their own policies. For
  data held on that server, **you or your organisation are the data controller**, and
  WILDSOFT is neither the controller nor a processor of it — we never receive it.
- The Paperclip platform itself, the Paperclip Relay marketing website, or any
  third-party websites the App may link to.

## 2. How the App is built (and why that matters for your privacy)

Paperclip Relay has **no backend of its own.** Every screen reads and writes directly
through the documented `/api` interface of the Paperclip server address you provide.
There is no WILDSOFT server, no separate data store, and no "shadow" copy of your
data. As a result, the operational data you work with in the App flows only between
your device and your own server.

## 3. Information stored on your device

The App stores the following locally on your iPhone:

| What | Where it is stored | Why | When it is removed |
| --- | --- | --- | --- |
| **Access token** for your Paperclip server (an opaque bearer token, e.g. `pcp_board_…`) | iOS **Keychain**, marked accessible only on this device while unlocked (`kSecAttrAccessibleWhenUnlockedThisDeviceOnly`) | So you stay signed in to your server between launches | When you sign out, or when you delete the App |
| **Server address** you last connected to | App settings (UserDefaults) | To pre-fill the connection screen | When you change it, or delete the App |
| **Selected company** identifier | App settings (UserDefaults) | To remember which of your companies you were viewing | When you change it, or delete the App |
| **Face ID / app-lock preference** (on/off) | App settings (UserDefaults) | To remember whether you asked the App to lock | When you change it, or delete the App |
| **In-app rating reminders** — a small count and timestamps | App settings (UserDefaults) | So the standard Apple "rate this app" prompt is not shown too often | When you delete the App |

Content fetched from your server (dashboards, agents, issues, approvals, costs,
routines, activity, company logos) is held **in memory only** while you use the App
and is **not written to disk or cached**. It is discarded when the App closes.

The App does **not** use a local database (no Core Data / SwiftData) to retain your
server's content.

## 4. Information WILDSOFT collects

For the core functionality of the App, **WILDSOFT collects no personal information
about you.** We do not have servers that receive your activity, and the App contains
no analytics or telemetry.

The limited exceptions, which are handled by **Apple** rather than by us, are:

- **App Store distribution and purchases.** When you download the App or buy a
  subscription, Apple processes that transaction. Apple may share with us, through
  **App Store Connect**, aggregated and limited reports (such as download counts,
  subscriber numbers, transaction identifiers, product names, and territory/financial
  summaries). We do **not** receive your name, address, or payment-card details. See
  Section 8.
- **Crash and usage diagnostics from Apple.** If you have enabled "Share With App
  Developers" in iOS Settings, Apple may provide us with **aggregated, anonymised**
  diagnostic reports. This is controlled entirely by your iOS settings and by Apple,
  not by the App.

We do not combine, enrich, or sell any of this information.

## 5. Information we do NOT collect or use

To be explicit, the App does **not**:

- send your agents, tasks, approvals, comments, budgets, or any server content to
  WILDSOFT or any third party;
- include any third-party analytics, advertising, attribution, or crash-reporting
  SDK (for example: Firebase, Google Analytics, Crashlytics, Sentry, Amplitude,
  Segment, Meta, or any ad network);
- collect or use an advertising identifier (IDFA), and it does not show the App
  Tracking Transparency prompt because it performs no cross-app tracking;
- request access to your **camera, microphone, photos, contacts, location,
  calendars, health data, or motion sensors**;
- register for or send **push notifications**;
- log your credentials or server content to any diagnostic or analytics system.

## 6. How information is used

The information described in Section 3 is used only to make the App work:

- to keep you signed in to **your** Paperclip server (the access token);
- to reconnect to the right server and company when you reopen the App (server
  address and selected company);
- to lock the App with Face ID / Touch ID if you turn that on (the preference flag);
- to space out Apple's optional "rate this app" prompt (the local timestamps).

We do not use any of this for profiling, advertising, or marketing.

## 7. You and your Paperclip server (the data inside the App)

The substantive data you see in Paperclip Relay — agent rosters and status, issues
and comments, approvals, spend and budgets, activity logs, routines, and company
details — lives on **your** Paperclip server. The App is a window onto that server,
using the permissions already assigned to your board-user account.

Because that data never reaches WILDSOFT:

- requests to **view, create, comment on, approve, or update** records are sent
  straight from your device to your server;
- responsibility for the lawful collection, storage, retention, and deletion of that
  data rests with **you or your organisation** as the operator of the server;
- to access, export, correct, or delete that data, or to close your board-user
  account, you should use your Paperclip server (or contact whoever administers it),
  not WILDSOFT.

## 8. Apple App Store, in-app purchases and subscriptions

Paperclip Relay offers paid features through an **auto-renewing subscription**
(monthly and yearly options) purchased via Apple's in-app purchase system.

- **Apple is the merchant of record.** Your purchase, billing, and payment details
  are handled by Apple under [Apple's Privacy Policy](https://www.apple.com/legal/privacy/)
  and the App Store terms. WILDSOFT does not see or store your payment information.
- On your device, the App uses Apple's **StoreKit** to check whether you currently
  hold an active subscription. This check returns only a subscription status; it does
  not transmit personal data to WILDSOFT, and the App does not validate your
  subscription against any WILDSOFT server.
- WILDSOFT receives the limited, largely aggregated transaction and subscriber
  reports that Apple makes available to developers (see Section 4).
- To manage or cancel a subscription, use **Settings → your Apple Account →
  Subscriptions** on your device. Cancellation is handled by Apple.

## 9. Face ID and Touch ID

If you enable the optional app lock, Paperclip Relay uses Apple's
**LocalAuthentication** framework to require Face ID, Touch ID, or your device
passcode before the App can be opened.

- Your **biometric data never leaves your device.** It is processed by Apple's Secure
  Enclave; the App only receives a yes/no result of whether authentication succeeded.
- WILDSOFT never receives any biometric information.
- The relevant iOS permission text is provided via `NSFaceIDUsageDescription`.

## 10. Device permissions

The App requests only **one** iOS permission: **Face ID** (for the optional app
lock described above). It requests no other permissions.

## 11. Data sharing and third parties

We do not sell, rent, or share your personal information. The App has no advertising
or data-broker relationships.

The only parties involved in the App's operation are:

- **Your Paperclip server** — the destination you choose; controlled by you or your
  organisation.
- **Apple** — for App Store distribution, in-app purchases/subscriptions, and (if you
  opt in via iOS Settings) aggregated diagnostics. Apple acts under its own privacy
  policy.

We may disclose information **only if required by law**, for example to comply with a
valid legal request, but note that we hold almost no information about you to
disclose (see Sections 3–5).

## 12. International data transfers

WILDSOFT does not receive your operational data, so there is no transfer of that data
to us across borders. Connections from the App go directly to the server address you
configure, which may be located wherever you or your organisation host it.

App Store and subscription information is processed by Apple, which operates globally;
those transfers are governed by Apple's policies.

## 13. Data retention

- **On your device:** the access token and settings remain until you sign out, change
  them, or delete the App. Fetched server content is kept only in memory and is
  discarded when the App closes.
- **With WILDSOFT:** we retain no operational data about your use of the App. App
  Store and subscription reports provided by Apple are retained by us only as long as
  needed for accounting, tax, and business records, in line with applicable law.
- **On your Paperclip server:** retention is determined by you or your organisation.

## 14. Security

- The access token is stored in the **iOS Keychain**, restricted to your unlocked
  device.
- Connections to remote servers are protected by **TLS (HTTPS)**, enforced by Apple's
  App Transport Security. Plain, unencrypted connections are permitted **only** to
  local development addresses (such as `localhost`, `127.0.0.1`, or private
  `192.168.x.x` / `.local` hosts) that you choose to point the App at on your own
  network.
- The optional Face ID / Touch ID lock adds a further barrier to opening the App.
- No method of storage or transmission is completely secure; we cannot guarantee
  absolute security, but the App is designed to keep credentials on your device and
  out of any third party's hands.

## 15. Your privacy rights

Depending on where you live, you may have rights over personal data, including the
rights to **access, correct, delete, restrict, port, or object** to processing, and
(in the EU/UK) to lodge a complaint with a supervisory authority, or (in California
under the CCPA/CPRA) to know, delete, correct, and opt out of "sale"/"sharing".

Because WILDSOFT holds essentially no personal data about you through the App:

- For the **content on your Paperclip server**, exercise your rights through your
  server or its administrator, who is the controller of that data.
- For **App Store / subscription** data, contact **Apple**, which controls it.
- For anything WILDSOFT does hold (for example, if you email us), or to ask questions
  about this policy, contact us at **legal@wildsoft.io**. We will respond within the
  time required by applicable law.

We do not discriminate against you for exercising any privacy right.

## 16. Children's privacy

Paperclip Relay is a professional tool for operators of Paperclip AI companies and is
**not directed to children**. It is rated 4+ on the App Store and is suitable for users
aged 4 and over. We do not knowingly collect personal information from children. If you
believe a child has provided information through the App, contact us at
legal@wildsoft.io.

## 17. Changes to this policy

We may update this policy as the App changes. When we make a material change, we will
update the "Last updated" date above and, where appropriate, provide notice in the
App or on https://wildsoft.io. Your continued use of the App after an update means you
accept the revised policy.

## 18. Contact us

If you have questions about this Privacy Policy or about privacy in Paperclip Relay:

- **WILDSOFT LTD**
- Email: **legal@wildsoft.io**
- Website: **https://wildsoft.io**