Privacy Policy

Last updated: 2026-05-07

Scope

This policy covers nullpark.ca and the iOS apps published by Nullpark under the ca.nullpark.* bundle prefix:

• Boundary
• Authenticator
• AppCleaner
• OnDeviceNotes

The website

nullpark.ca is a static site. We do not run analytics, set cookies, collect form submissions, or track visitors. There are no user accounts and no sessions.

The site is hosted on Cloudflare Pages. Cloudflare may log standard request metadata (IP address, user agent, request URL) at the network edge for security and abuse-prevention purposes; that traffic is governed by Cloudflare's own privacy practices, not ours.

The apps: overall posture

All four apps share the same baseline:

• On-device by design. Processing happens on your phone.
• Offline-first. Each app is intended to function without an internet connection.
• No personal data collection. Per Apple's App Store privacy disclosure framework, every category on every product page is "Data Not Collected", with one documented exception below (Authenticator's optional breach check).
• Excluded from "no network" claims: traffic initiated by Apple's own frameworks (StoreKit for in-app purchases, the App Store for downloads and updates, and platform-level logging). Those are governed by Apple's privacy policy, not ours.

Per-app network posture

Boundary

Zero outbound network calls in production code. All redaction (PII, secrets, metadata stripping) runs entirely on-device. Data Not Collected.

Authenticator

Zero outbound network calls in production code, with one opt-in exception:

• Breach check (opt-in, off by default). When a user enables breach checking, the app sends a single request to api.pwnedpasswords.com using the HIBP k-anonymity range API. Only the first 5 hexadecimal characters of the SHA-1 hash of the relevant value are transmitted. The full secret never leaves the device, and the request is unauthenticated.

Data Not Collected.

AppCleaner

Zero outbound network calls in production code. All scanning (stale permissions, unused subscriptions, duplicate photos) runs entirely on-device. Data Not Collected.

OnDeviceNotes

Zero outbound network calls in production code. Audio recording, transcription (WhisperKit), and summarization happen entirely on your phone. Audio, transcripts, and summaries are never transmitted off-device. Data Not Collected.

Future changes: on-device LLM models

Some apps may, in a future release, perform a one-time download of a large language model file from a content delivery network so that LLM inference can run on-device, offline, afterwards. This is a model-weights fetch, not user data submission, but it is still a network call, and it would change the network posture described above.

If and when that ships, this policy will be updated before the feature is enabled, and the change will be reflected by the "last updated" date at the top of this page.

Children's privacy

Nullpark apps are not directed at children under 13, and we do not knowingly collect any data from them, or, per the policy above, from anyone.

Changes to this policy

We may update this policy as the apps evolve. Material changes will be reflected by an updated "last updated" date at the top of this page. There is no separate notification mechanism, so we recommend checking this page when a Nullpark app or this site is updated.

Contact

Privacy questions or requests: privacy@nullpark.ca.