RollSight — Privacy Policy
Last updated: 2026-04-30
Applies to: version 1.0 and later
1. Who We Are
RollSight ("the App") is an offline, standalone roll-call and unit administration tool developed by an independent developer.
The App is not affiliated with any government or military authority.
2. What We Collect
2.1 Data You Create
- Unit information (unit names, structure, member names, roles)
- Roll-call task records (attendance status, timestamps, notes)
- Seat map configurations
- The PIN code you set (stored as a hash on your device)
All of this data is stored 100% locally on your device (SQLite), never transmitted to any server.
2.2 Anonymous Data via SDKs
- Crash reports (via Sentry): when the app crashes, the stack trace, device model, and OS version are logged. No user identifiers (name, email, IP, device ID linked to you).
- Performance data (via Sentry): anonymous startup time and frame timing, used for optimization.
Crash and performance data are used solely for bug fixing and performance improvement.
2.3 What We Do Not Collect
- Accounts (the App has no user account system)
- Location
- Contacts / Address Book
- Health / Fitness data
- Marketing tracking data
- Advertising identifiers (IDFA)
- Any personally identifiable information (PII)
3. Cross-Device Data Transfer (Peer-to-Peer QR)
The App provides "device binding" and "QR-based unit/attendance data sync." All cross-device transfers are:
- Peer-to-peer: data passes directly between two devices via QR code, never through any server
- No cloud relay: we operate no cloud infrastructure
- Integrity protection: QR sync uses signature verification, replay protection, and device binding to reduce accidental acceptance or tampering risk; QR sync focuses on source verification and payload integrity
- You can disable device binding at any time in Settings
4. Subscriptions & Payment
The App offers BASIC and FULL subscriptions via Apple In-App Purchase (settled through RevenueCat):
- Payment is processed by Apple App Store; the App never sees your credit card information
- RevenueCat is used solely to track entitlement status via anonymous receipt tokens; no personal data
- After subscription expiry or cancellation, all your local data is preserved (only feature gates re-activate)
5. Data Storage and Protection
- All local data is stored within the iOS app sandbox in SQLite
- PIN is stored as a one-way hash and cannot be recovered
- With Face ID enabled, the PIN is protected by iOS Keychain Secure Enclave
- User-exported backup files are encrypted with a key derived from the PIN; if the PIN is lost, the developer cannot decrypt the backup for you
- You may delete all local data at any time within the App (uninstalling the App also fully deletes it)
6. Your Rights
- You may query, copy, modify, and delete all locally stored data at any time directly within the App
- You may disable Sentry crash reporting (Settings → Privacy → Disable Diagnostics)
- Uninstalling the App constitutes exercising your right to deletion
7. Children's Data
The App is rated 4+ and does not actively collect data from minors.
8. Third-Party Services
| Service | Purpose | Data Type |
|---|---|---|
| Apple App Store / IAP | Subscription payment | Collected by Apple per Apple Privacy Policy |
| RevenueCat | Subscription entitlement management | Anonymous receipt tokens, RevenueCat Privacy Policy |
| Sentry | Crash & performance diagnostics | Crash stack traces (no PII), Sentry Privacy Policy |
9. Policy Changes
If material changes are made to this policy, an in-app notice will inform you and this page will be updated. Minor edits are reflected by updating the date above.
10. Contact
- Privacy questions: cerry0524@gmail.com
- GitHub Issues: https://github.com/Cerry0524/RollSight/issues