Privacy Policy

Last updated: October 2025

1. Introduction

This Privacy Policy ("Policy") describes how Marcadax Studios ("we," "us," or "our") collects, uses, stores, and protects information in connection with your use of the Connaict mobile application ("App") and related website (collectively, the "Services").

By downloading, installing, or using the App, you acknowledge that you have read and understood this Policy and agree to the collection and processing of information as described herein.

Connaict is currently developed and operated by an individual based in the United Kingdom, and, as such, data processing activities are governed by the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the European Union General Data Protection Regulation (EU GDPR) and corresponding U.S. privacy laws (including the California Consumer Privacy Act (CCPA)).

2. Scope of Application

This Policy applies to all users of Connaict's Services worldwide. It covers both (i) data processed locally on your device and stored in your personal Apple iCloud account via CloudKit and SwiftData, and (ii) limited transient data transmitted through third-party application programming interfaces (APIs) used solely for the provision of specific functionalities as detailed below.

3. Data Collection and Processing Activities

3.1 Data Stored on Device and iCloud

All user-generated information, including but not limited to contacts, notes, and facts, is stored exclusively within the App's local data container and synchronized to the user's individual iCloud account using Apple's CloudKit and SwiftData frameworks.

Such data is never transmitted to or accessible by Connaict, its developer, or any external servers under our control. Apple acts as a separate and independent data controller for any processing performed via iCloud under Apple's own privacy policies.

3.2 Limited AI Processing via Supabase Proxies

To enable natural-language features, the App performs transient API requests routed through Supabase-hosted edge functions acting as proxies to the OpenAI API.

The only information transmitted through these requests consists of:

  • a raw string representing a textual "fact" entered or derived by the user, and
  • the first name of the contact to whom that fact relates.

No personally identifying information about the user or their contacts (such as full names, phone numbers, or email addresses) is transmitted.

These data are processed momentarily to generate a language-model response and are not retained by Connaict, Supabase, or OpenAI beyond the duration necessary to complete the request.

3.3 Voice Input and Transcription

When the user records voice input to create new "facts," transcription occurs on device using Apple's speech recognition frameworks. The resulting text transcript is subsequently transmitted, as described above, via the Supabase proxy to the OpenAI API solely for semantic interpretation and summarization. The audio recording itself is not uploaded, shared, or stored externally.

3.4 Import from Apple Contacts

If the user grants permission, the App may access the user's Apple Contacts database for the limited purpose of importing selected information (e.g., first name, last name, phone number, email address) relevant to the creation of a contact entry.

Such imported data are stored exclusively within the App's local database and iCloud container and remain private to the user. Connaict does not retain or transmit this data outside the user's environment.

3.5 Absence of Account, Login, or Subscription Data

The App does not currently implement user registration, authentication, or subscription features. Consequently, Connaict does not collect or store identifiers such as usernames, passwords, email addresses, or billing details.

4. Lawful Basis for Processing

Processing of personal data, to the extent that it occurs, is based on one or more of the following legal grounds:

  1. Performance of a contract (Article 6(1)(b) GDPR): Processing necessary to deliver the App's core functionalities.
  2. Consent (Article 6(1)(a) GDPR): The user explicitly grants permission when enabling optional access (e.g., importing contacts or recording audio).
  3. Legitimate interest (Article 6(1)(f) GDPR): Ensuring functionality, preventing misuse, and improving the App's reliability.

5. Data Retention

Connaict does not maintain any central data repository. All data resides within the user's device and iCloud storage until the user deletes it manually or uninstalls the App.

Data transmitted to external APIs (Supabase/OpenAI) are ephemeral and are automatically purged after processing the relevant request.

6. Data Security

We implement technical and organizational measures consistent with industry standards and Apple's security model to ensure the confidentiality and integrity of user data.

Since all personal information is stored in the user's iCloud account, Apple's end-to-end encryption, authentication, and access-control mechanisms apply.

Nevertheless, no system is infallible, and we disclaim liability for security incidents outside our reasonable control, including breaches arising from third-party service providers.

7. International Data Transfers

Where processing involves transmission of textual inputs to OpenAI servers located outside the United Kingdom or the European Economic Area, such transfers are safeguarded under standard contractual clauses and equivalent safeguards as required by applicable data-protection legislation.

Users acknowledge that such processing is necessary to deliver the App's AI-based features.

8. Cookies and Website Analytics

8.1 Use of Cookies

The Connaict website (www.connaict.app) may use cookies or similar technologies to enhance user experience, analyze traffic, and understand usage trends.

Cookies are small text files stored on your device that assist in recognizing returning visitors and improving website functionality.

At present, the website does not actively deploy any non-essential cookies or analytics trackers. However, in anticipation of future updates, we reserve the right to introduce first-party or third-party cookies (for example, web analytics, session management, or marketing performance tracking).

Before any such cookies are activated, visitors will be presented with a clear cookie consent banner providing the option to accept or reject non-essential cookies in compliance with the UK Privacy and Electronic Communications Regulations (PECR) and the EU ePrivacy Directive.

8.2 Website Analytics (Future Implementation)

In the future, we may employ analytics platforms such as Google Analytics, Plausible, or equivalent privacy-preserving tools to collect anonymized data about website usage (e.g., page visits, duration, referrers).

Such data will be used solely to improve our content, design, and user experience, and will never be linked to identifiable individuals.

If analytics are introduced, users will be notified through an updated Policy and cookie banner, in accordance with applicable data protection laws.

9. Children's Privacy

Connaict is not directed toward children under 16 years of age (or the age of digital consent applicable in the user's jurisdiction).

We do not knowingly collect or process personal information from minors. If we become aware that such data has been inadvertently provided, it will be promptly deleted.

10. User Rights

Subject to applicable law, users may exercise the following rights:

  • Access and Portability: Obtain a copy of personal data stored in iCloud.
  • Rectification and Erasure: Modify or delete any data directly within the App or through iCloud settings.
  • Restriction or Objection: Withdraw consent for optional features (e.g., Contacts access, microphone use).
  • Complaint: File a complaint with the UK Information Commissioner's Office (ICO) or another competent authority.

As Connaict itself does not store or control user data, users should primarily manage their information through their Apple device and iCloud account settings.

11. Future Updates and Analytics

In future releases, Connaict may introduce optional subscription plans, in-app purchases, and non-identifiable analytics to improve performance and user experience.

Any such changes will be accompanied by an updated version of this Policy, specifying the data collected, processing purposes, and lawful bases in detail. Users will be notified of material changes and may choose to discontinue use if they do not agree to the updated terms.

12. Third-Party Services

The App may contain links or references to third-party services, websites, or APIs (including Apple, Supabase, and OpenAI).

We are not responsible for the content, privacy practices, or compliance of such third parties. Users are encouraged to review the privacy statements of those entities.

13. Contact Information

For inquiries, requests, or complaints regarding this Policy or your personal data, please contact:

Data Protection Contact
Marcadax Studios - Marc Fernandez Veiga
London, United Kingdom
Email: connaictapp@gmail.com

14. Policy Amendments

We reserve the right to modify or replace this Policy at any time. Revisions will be indicated by an updated "Last updated" date above and will take effect immediately upon posting. Continued use of the App following such publication constitutes acceptance of the revised terms.