Privacy · Version 1.1 · June 18, 2026

Privacy Policy

Effective date: May 19, 2026
Last updated: June 18, 2026
Version: 1.1

1. Who we are

Dark Talent ("Dark Talent", "we", "us", "our") is a privacy-first AI focus system for founders, builders, and high-agency professionals, distributed as a native iOS and macOS application.

Dark Talent is operated by Marino Sabijan. Contact privacy@darktalent.app with any question about this policy, or hello@darktalent.app for support.

2. The short version

Dark Talent is built so that almost nothing sensitive leaves your device. We use limited, user-controllable product analytics and attribution to understand onboarding, paywall, App Store campaign, and subscription funnels. We do not sell, share, or rent your data. We do not request ATT permission, and we do not access IDFA. Website ad conversion measurement is off unless you accept analytics and attribution on darktalent.app.

The only data we ever receive on our infrastructure is:

1. Subscription receipts, verified server-side with Apple's StoreKit JWS so we can confirm your paid tier. No personal information from your App Store account is attached.
2. AI Coach API calls for features that require cloud inference. Redacted prompts go through the Dark Talent Coach API to OpenAI; the response is streamed back. We do not retain copies on our servers.
3. Engagement preferences you explicitly enable, such as push tokens, email verification state, topic preferences, quiet hours, and delivery metadata for notifications or email you choose.
4. Growth measurement events, such as app opened, paywall viewed, purchase completed, offer redeemed, campaign landing, and App Store CTA clicked. Payloads are bounded and go only to PostHog, Singular, Apple attribution/campaign systems, and consent-gated X Ads website conversion tracking when enabled. They never include journal body, AI content, contacts, integration payloads, Crisis Mode, or free text.

Everything else — your journal entries, state checks, focus sessions, signals, targets, and AI memory — is stored on your device, in your own iCloud account, or in encrypted storage to which only you hold the key.

3. What this policy covers

This policy covers the Dark Talent iOS app, macOS app, their bundled extensions (Widgets, Live Activities, App Intents, Share Extension, and any future watchOS companion), and the darktalent.app website.

It does not cover Apple's processing of your subscription, third-party services you choose to connect via integrations, or OpenAI's processing of AI requests routed through the Coach API. Those are governed by their own policies.

4. Data we do not collect

Dark Talent is deliberately designed to avoid collecting:

• No advertising identifiers or IDFA.
• No ATT prompt.
• No app-level cross-app tracking. Website ad conversion measurement is consent-gated on darktalent.app.
• No browser fingerprinting.
• No social-graph data.
• No journal body, Coach prompt, Coach response, contacts, integration payload, Crisis Mode signal, or free text in analytics or attribution payloads.
• No contact list, photo library, or microphone access except where you explicitly invoke a feature that needs it. Voice journaling uses on-device Apple Speech transcription; audio is not transmitted off-device.
• No location data.
• No telemetry from Crisis Mode.
• No name, password, or account creation. Dark Talent does not require you to make an account with us. Email is collected only if you explicitly enter it for opt-in email features.

5. Data we process

On-device

Stored locally inside the app sandbox: user preferences, Target, Key Results, State Checks, Lock-In sessions, distractions, signals, Weekly Debriefs, and integration connection metadata. Pressure Log entries and Coach Memory use AES-GCM-256 field-level encryption, with journal key material held in Keychain and protected by Secure Enclave when available. Integration OAuth tokens live in Keychain.

In your iCloud (CloudKit private DB)

When iCloud sync is enabled, Dark Talent mirrors eligible records into your own Apple CloudKit private database. The data lives in your iCloud account, under your Apple ID. Dark Talent cannot read the contents of your private CloudKit database. You can disable CloudKit sync at any time. Pressure Log sync is local-only by default unless you opt in.

On our infrastructure

Three narrow categories of data ever reach servers we operate or contract.

Subscription receipt validation. The Cloud Run Coach API receives the App Store transaction ID, product ID, transaction timestamp, expiry timestamp, and an anonymized App Account Token when available. It does not receive your name, email, payment card details, device identifiers, or any personal information from your App Store account.

AI Coach API requests, via OpenAI. When you use AI Coach features that require cloud inference, Dark Talent constructs a prompt on your device, passes it through a local redaction step, and sends it to the Dark Talent Coach API, which forwards it to OpenAI. Responses stream back and are stored locally on your device. We do not store the contents of AI requests or responses on our infrastructure.

Opt-in engagement delivery. If you enable push or enter an email address, the Cloud Run engagement API receives only the data needed to honor those choices: a random installation ID, APNs token, email address, topic preferences, quiet hours and timezone, coarse product interaction events, and delivery or webhook metadata. Email is sent through Resend after explicit opt-in and verification. Remote push is sent through Apple Push Notification service.

Growth analytics and attribution. If enabled, PostHog receives explicit product and web funnel events. Singular receives iOS attribution and subscription revenue-safe events. Apple receives campaign, AdServices/SKAN/AdAttributionKit-style attribution, and App Store offer-code redemption state. On darktalent.app, the X Ads website pixel loads only after you accept analytics and attribution; it receives site visit and App Store CTA conversion events for X campaign reporting and optimization, plus a generated conversion ID for dedupe. We do not send email addresses, phone numbers, journal content, AI content, contacts, integration payloads, Crisis Mode state, or free text to X Ads. You can disable product analytics or attribution measurement in Settings → Privacy & Analytics and reset the random analytics ID.

6. App Privacy labels

The App Store privacy labels for v1 map to the data above:

• Email Address — used only for opt-in email features and linked to you because it is your email address.
• Purchase History — App Store subscription product and transaction state used for app functionality.
• Device ID — APNs token and random installation ID used for notification delivery, not linked to your identity.
• Product Interaction — coarse interaction events such as State Check saved, Lock-In started or completed, paywall viewed, purchase completed, offer redeemed, locked feature tapped, or export requested, used for app functionality and analytics, not linked to your identity.
• Other User Content — redacted Coach request content only when you use cloud AI features, used for app functionality and not linked to your identity by us.

7. Subscription and payment

Subscriptions are purchased and managed through Apple's In-App Purchase system. Apple processes your payment. We never see your card details, billing address, or Apple ID email. You can manage or cancel subscriptions at any time via Settings → Apple ID → Subscriptions on your device.

8. AI Coach data handling

The AI Coach is the most sensitive data path in the app. We treat it that way.

Before any prompt is sent to a cloud AI provider, it passes through an on-device redactor that strips email addresses, phone numbers, identifiable URLs, person names, API tokens, and credential patterns. Integration-derived raw payloads are replaced with normalized summaries.

The Coach can propose long-lived memory entries describing observed patterns in how you work. These live in the encrypted journal store on your device. You can view, edit, approve, archive, or delete every memory entry. You can also disable remote AI entirely in Settings → Privacy & AI.

9. MCP integrations

Dark Talent can connect to Apple Calendar, Notion, GitHub, Linear, Slack, and Gmail. Integrations are off by default. Connecting one requires you to complete an OAuth flow with the third party. OAuth tokens are stored in Keychain with device-only access; they are not synced to iCloud and not stored on our servers. The default permission level is read context only. Disconnecting an integration revokes the token and purges it from Keychain.

10. Notifications and native surfaces

Dark Talent supports local notifications and opt-in remote push. We do not ask for notification permission on first launch. You can manage notification topics, email topics, quiet hours, and device state in Settings → Attention.

Remote push uses a random installation ID and an APNs device token. The Cloud Run engagement API does not need your name, Apple ID, contacts, location, journal, state checks, or Lock-In content to send a notification. Local notifications remain the fallback when remote push is unavailable.

11. Crisis Mode

If the on-device safety classifier flags an entry as indicating possible self-harm or harm to others, Dark Talent shows a Crisis Mode screen with hardcoded helpline resources. The classification runs entirely on your device. The flagged content is not sent to OpenAI or any other cloud provider. We do not log, record, transmit, or count crisis events. Crisis Mode is a referral, not professional advice or emergency care.

12. Your rights and controls

You can exercise the following directly inside Dark Talent (Settings → Privacy): view what data is stored, export all data, delete a single entry, delete all journal entries, delete Coach Memory, delete all data, disconnect any integration, turn off remote AI, toggle iCloud sync, toggle Pressure Log iCloud Sync, and enable Face ID / Touch ID app lock.

If you are in the EEA, UK, or Switzerland, you have rights under the GDPR / UK GDPR to access, rectify, erase, restrict, port, and object to processing of your personal data. If you are a California resident, you have equivalent rights under the CCPA / CPRA. Because almost all personal data lives on your device or in your iCloud, you can exercise most of these rights through the in-app controls above. For data on our infrastructure (subscription receipts and opt-in engagement records), write to the privacy contact.

13. Data retention

On-device and iCloud data is retained until you delete it, sign out of iCloud, or uninstall the app. Subscription receipts on our infrastructure are retained for the duration of your subscription plus 13 months, then deleted or irreversibly de-identified. Engagement verification and unsubscribe tokens are retained until used or expired; delivery and webhook metadata is retained only for short operational windows for retries, dedupe, and debugging. OpenAI API retention controls apply to cloud AI requests; default abuse-monitoring logs may be retained for up to 30 days unless zero data retention or another eligible retention setting is enabled.

14. Security

HTTPS / TLS for all network calls. iOS and macOS sandboxing. Keychain with device-only access for OAuth tokens. AES-GCM-256 encryption for journal bodies, with key material protected by Secure Enclave when available. Face ID / Touch ID app lock. Third-party analytics and attribution SDKs are configured for explicit events only and are not allowed to receive journal body, Coach prompt or response content, contacts, integration payloads, Crisis Mode state, or free text. To report a vulnerability, write to the security contact.

15. Changes to this policy

We will revise this policy when we add features that change how data is handled. Material changes will be notified in-app before they take effect. Non-material changes (clarifications, typo fixes) take effect on the date noted at the top of this document.

16. Contact

For any question, request, or complaint about privacy, write to privacy@darktalent.app.