Privacy Policy
Last updated: May 2026
This Privacy Policy explains how Spyzero ("we", "us", or "our") handles information when you use the Spyzero mobile application (the "App"). Spyzero is built as a local, on-device tool — there is no Spyzero server processing your scans.
By using Spyzero, you agree to the practices described below.
1. What Spyzero Does
Spyzero is a counter-surveillance utility for iOS. It provides three tools:
- Scanner — discovers devices on the local Wi-Fi network using Bonjour mDNS, active TCP probes, and Bluetooth.
- Camera — uses the rear camera to display a live preview with a reticle overlay to help spot lens reflections.
- Magnetic — reads the device magnetometer to flag local magnetic-field anomalies.
2. Information We Collect
Spyzero is built to minimize data collection. We do not require an account, and the App does not transmit your scan results to us.
a. On-Device Sensor Data
- Camera feed: processed in real time on your device for the live preview only. No frames are recorded, saved, or transmitted.
- Magnetometer samples: read at ~10 Hz, used only to render the in-app readout. Samples are not persisted or transmitted.
- Local-network observations: hostnames, IPs, MAC addresses, open ports, and Bluetooth advertisements visible to your device. These remain on your device.
b. Preferences Stored Locally
Settings — such as magnetic baseline, threshold preferences, and UI choices — are stored locally on your device using iOS user defaults. They are not transmitted to us.
c. Support Correspondence
If you contact us by email, we retain that correspondence to respond to your inquiry.
d. Automatically Collected Data
- Crash and performance diagnostics may be collected via Apple's standard reporting if you have opted in at the iOS level. These reports go to Apple, and to us only in aggregated form via App Store Connect.
- App Store metrics (downloads, regions, anonymized engagement) provided by Apple. We cannot identify individual users from these.
e. Analytics and Install Attribution
Spyzero uses third-party services to understand how the App is used and to measure the effectiveness of marketing campaigns. These services receive only app-usage and event data — for example, which screens you open, which tools you launch, and anonymized device and app metadata such as iOS version, device model, app version, and locale.
If you allow tracking when prompted by iOS via the App Tracking Transparency (ATT) framework, the iOS Identifier for Advertisers (IDFA) is shared with our attribution provider to measure which marketing campaign led to your install. If you decline the ATT prompt, the IDFA is not shared and attribution falls back to non-identifying signals.
What is never shared with these services: your scan results, camera frames, magnetometer readings, and lists of devices discovered on your local network. This data is processed on-device and is never sent to our analytics or attribution providers, to us, or to any other server.
3. What We Do Not Do
- No account system. We do not maintain a Spyzero account. There is nothing to sign in to.
- No uploading of sensitive scan data. We do not upload your scan results, camera frames, magnetometer readings, or device lists to any server — not to us, not to our analytics or attribution providers, and not to anyone else. This data stays on your device.
- We do not sell or rent your personal data.
- We do not include third-party advertising SDKs in the App, and we do not display ads.
4. Permissions Spyzero Requests
- Camera — required for the Camera tool's live preview. Used only while the tool is active.
- Motion & Fitness — required to access the magnetometer for the Magnetic tool.
- Local Network — required for the Scanner to enumerate devices on the Wi-Fi you are connected to.
- Bluetooth — optional. Used to surface nearby BLE-advertising devices in the Scanner.
Each permission can be revoked at any time in iOS Settings. The corresponding feature will stop working until the permission is restored.
5. Data Storage and Security
Because Spyzero processes data on-device, the security of that data follows your device's standard protections (passcode, biometric unlock, full-device encryption).
Should we introduce optional cloud-backed features in the future (for example, syncing scan history between your own devices), any such transfer would be encrypted in transit and at rest, and disclosed in an updated version of this policy.
6. Third-Party Services
Spyzero relies on third-party services in the following categories for operational reasons:
- Subscription and purchase management — to provision, validate, and manage in-app subscriptions and purchases.
- Anonymized product analytics — to understand how features of the App are used in aggregate so we can improve them.
- Aggregated event analytics and install attribution — to measure the effectiveness of marketing and to attribute installs to the campaign that led to them. Where you allow tracking via the iOS ATT prompt, the IDFA is shared with this provider for attribution purposes.
- Payment processing — handled by the Apple App Store; we do not receive or store your payment details.
- Apple-provided crash reporting — if enabled at the OS level.
These services are governed by their own privacy policies. As described in Section 2(e), none of these services receive your scan results, camera frames, magnetometer readings, or device lists.
7. Data Retention
- On-device data: retained until you uninstall the App or clear it from iOS Settings. We have no control over this data and cannot access it.
- Support correspondence: retained for up to 24 months from your last contact, then deleted, unless a longer retention period is required by law.
- Apple-provided aggregate App Store metrics: retained for the period Apple makes them available; we cannot identify individuals from them.
- Analytics and attribution data: retained by our third-party analytics and install-attribution providers in accordance with their own retention policies. We do not control the retention period set by these providers.
8. Managing and Deleting Your Data
Spyzero has no in-app account-deletion flow because Spyzero has no accounts to delete. Uninstalling the App removes all data associated with you on your device. Specifically:
- Delete all local data: uninstall Spyzero from iOS, or use Settings → General → iPhone Storage → Spyzero → Delete App.
- Revoke permissions: iOS Settings → Spyzero.
- Delete support correspondence: email hello@spyzero.app and we will delete any messages on file within 30 days.
9. Children's Privacy
Spyzero is intended for users aged 13 and above. We do not knowingly collect personal data from children under 13. If we learn that we have inadvertently collected such data, we will delete it promptly. Parents or guardians who believe their child under 13 has provided us with personal data should contact us at hello@spyzero.app.
10. International Users
Spyzero is designed to operate locally on your device regardless of jurisdiction. To the extent we process any limited data (such as support email), we do so in compliance with applicable data-protection laws, including the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA).
a. For users in the EU, UK, and EEA (GDPR / UK GDPR)
The legal bases on which we process your limited personal data are:
- Legitimate interests — to respond to support requests, to operate the App, and to measure aggregated product usage so we can improve it.
- Performance of a contract — to deliver the App's functionality to you, including subscription and purchase management.
- Consent — where you have given it. This includes granting an iOS permission (such as Camera or Local Network) and allowing tracking via the iOS App Tracking Transparency prompt, which is the legal basis for sharing the IDFA with our install-attribution provider.
You may withdraw consent at any time by revoking the relevant iOS permission or by changing your Tracking choice in iOS Settings → Privacy & Security → Tracking.
You may lodge a complaint with your local supervisory authority. We do not appoint a Data Protection Officer because we do not process personal data at the scale that requires one.
b. For California residents (CCPA / CPRA)
We have not sold personal information as that term is defined under the CCPA/CPRA. However, when you allow tracking via the iOS App Tracking Transparency (ATT) prompt, we share the iOS Identifier for Advertisers (IDFA) and related app-event data with our install-attribution provider. Under the CPRA, that disclosure can constitute "sharing" of personal information for cross-context behavioral advertising purposes.
How to opt out: decline the ATT prompt when it appears, or change your choice at any time in iOS Settings → Privacy & Security → Tracking (and within Spyzero's entry there). When tracking is not allowed, the IDFA is not shared and our attribution provider relies only on non-identifying signals.
We do not use or disclose sensitive personal information for purposes that would require a separate opt-out right under the CPRA.
You have the right to know what personal information we hold about you, to request deletion, to request correction, to opt out of sharing as described above, and not to be discriminated against for exercising these rights. To exercise any right, email hello@spyzero.app from the address you wish to verify.
11. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access any personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten")
- Object to or restrict certain processing
- Withdraw consent at any time, without affecting prior processing
- Request a portable copy of any data we hold about you
- Lodge a complaint with a supervisory authority
To exercise these rights, contact us at hello@spyzero.app. We will respond within 30 days (or any shorter period required by your local law). We will not discriminate against you for exercising any of these rights.
12. Updates to This Policy
We may update this Privacy Policy to reflect changes in our practices or for legal reasons. The "Last updated" date at the top of this page will always reflect the current version. Material changes will be communicated via the App or the App Store listing. Continued use of Spyzero after changes constitutes acceptance of the updated policy.
13. Contact
For any privacy questions or data requests, contact us at: