masterfile
Terms & Privacy
Effective Date: May 13, 2026 · Last Updated: May 19, 2026 · Version 1.2
This document covers both the Privacy Policy (how I handle information about your use of the App) and the Terms of Service (the rules that govern your use of the App). They are presented together for convenience, but each part stands on its own and may be cited separately.
Contents
Part I · Privacy Policy · fourteen sections
Part II · Terms of Service · eighteen sections
Part I
Privacy Policy
This Privacy Policy describes how I, Louis Cada (referred to throughout this document as “the developer,” “I,” “me,” or “my”), handle information when you use the masterfile iOS application (the “App”). masterfile is a single-user productivity app built around five modules — Scratch, Vault, Budget, Notes+, and Kanban — that runs entirely on your device. I have designed the App so that the content you create inside it stays on your device. I never receive, store, or have access to the notes, vault entries, budget data, kanban boards, or attachments you create.
However, I do collect a small amount of anonymized, aggregated information about how the App performs and which features are used, so I can fix problems and improve the App over time. The details of what I collect (and what I deliberately do not collect) are in Sections 2 and 3 below.
Everything you write, save, or store inside masterfile stays on your device. I do not run servers that hold your content. I do not have an account system — there is nothing to sign up for and nothing to sign in to. I do not show advertising, and I do not sell information about you to anyone.
I do collect anonymized usage and performance metrics through Apple’s built-in analytics (App Store Connect Analytics and MetricKit), through a privacy-focused third-party service (TelemetryDeck), and through any feedback you send me directly. These tell me things like “how many people opened the editor today” or “the app crashed for 0.2 % of users on iOS 18.4” — not who you are or what you wrote.
When in-app purchases are enabled, those transactions are handled by Apple through StoreKit. I never see your payment information.
I do not collect, store, or have access to:
· Your name, email address, phone number, or any other identifier — unless you choose to send it to me when contacting support.
· Any account credentials, passwords, card numbers, PINs, CVVs, or recovery questions you store in Vault.
· The text of any note, scratch document, checklist, or bookmark.
· Any financial information, including account balances, transactions, transfers, budget categories, or currency settings.
· Any Kanban board, column, or card data.
· Any attachment you add to a note, including photos, videos, audio recordings, scanned documents, and PDFs.
· Advertising identifiers (IDFA), your contacts, your calendar, or your precise location.
There is no advertising SDK and no third-party tracking SDK in the App. The contents of your notes and vault never leave your device through the App.
To make the App better — to find crashes, measure performance, understand which features people actually use, and decide what to build next — I receive anonymized, aggregated metrics from four sources. None of these sources include the contents of your notes, vault, budget, kanban, or attachments. None of them identify you as a person.
Apple provides developers with aggregated, anonymized analytics through App Store Connect. This includes app store impressions, installs, sessions, retention, active devices, the country your device reports, your language, and your iOS version. The data is reported only in aggregate — I cannot see any single user’s behavior, and I do not receive any device identifier I could use to contact you. This service is provided by Apple, not by me, and is governed by Apple’s privacy policy.
You can opt out at any time by going to iOS Settings → Privacy & Security → Analytics & Improvements and turning off “Share With App Developers.” When this is off, no App Store Connect Analytics data is sent from your device to me.
MetricKit is an Apple framework that gathers performance and stability metrics on your device and delivers them to me as a single anonymized daily payload. Examples include app launch time, CPU and memory use, energy consumption, animation hitch rate, hang reports, and crash diagnostics. The data is generated and aggregated on your device by iOS before it is sent, and it contains no content, no personal identifiers, and nothing that ties one daily payload to another from the same device.
MetricKit is controlled by the same iOS setting as App Store Connect Analytics: Settings → Privacy & Security → Analytics & Improvements → Share With App Developers.
TelemetryDeck is a privacy-focused, independent analytics service that I use to receive anonymized usage signals about which features of the App are being used. When you perform certain in-app actions — such as opening the editor, creating a folder, or successfully unlocking the Vault — the App sends a small event to TelemetryDeck containing the name of the action, an anonymized device identifier hashed by TelemetryDeck on receipt, and very minimal context (such as the iOS version). The contents of your notes, your vault, your budget, or any attachment are never sent.
TelemetryDeck is based in Switzerland, is GDPR-compliant, does not store IP addresses, and does not use the data for advertising or profiling. Their public privacy policy is available at https://telemetrydeck.com/privacy/. Because TelemetryDeck is a separate service, their privacy policy applies in addition to mine for the data they receive on my behalf.
If you prefer not to have these anonymized usage events sent, please contact me using the address in Section 14 and I will explain how to opt out. (A future version of the App may include an in-app toggle to disable analytics entirely.)
If you contact me by email, on social media, or through any other channel you choose, I receive whatever information you choose to share — typically your email address or handle, and the contents of your message. I use this information only to respond to your inquiry and to fix problems you report. I keep support correspondence only as long as needed to resolve the issue and any follow-up.
All content you create inside the App is written to your device’s local file system, inside the App’s sandboxed Documents directory. Specifically:
· Vault metadata is stored in account_credentials.json (labels, usernames, custom-field labels and values, card networks, expiry dates, and timestamps).
· Notes+ data is stored in notes_plus.json (notes, folders, tags, links, and attachment metadata).
· Budget data is stored in budget_data.json (accounts, categories, expenses, adjustments, and transfers).
· Kanban data is stored in kanban_data.json (boards, columns, cards, and their content).
· Attachment binaries are stored in the notes_attachments subfolder, one folder per note, encrypted at rest.
· Small preferences (Scratch text, currency code, the welcome-screen seen flag, emoji-picker recents) are stored in iOS UserDefaults.
Every JSON file is written using iOS’s atomic-write API with NSFileProtectionComplete, which means the file is encrypted at rest by iOS while your device is locked.
Vault stores its sensitive secrets separately. Passwords, card numbers, CVVs, and PINs are written to the iOS Keychain rather than to the JSON file. The Keychain entries use the kSecAttrAccessibleWhenUnlockedThisDeviceOnly access class, which means:
· They are encrypted by the operating system.
· They can only be read while your device is unlocked.
· They are excluded from iCloud Keychain sync — they never leave your device.
· They are removed when you uninstall the App.
When you delete the App from your device, all of the App’s local data (the JSON files, the attachment binaries, the Keychain entries, and the UserDefaults preferences) is removed by the operating system. There is nothing on my side to delete because nothing is on my side.
The App requests the following iOS permissions only when you actively use a feature that needs them. None of these permissions cause the contents of your notes or vault to leave your device.
Used to unlock Vault, to confirm locking a sensitive note, and to open a locked note. The biometric check is performed by the operating system. The App never sees your face data, your fingerprint data, or any biometric template. The App receives only a yes-or-no result from iOS.
Used by the Scan Document feature in Notes+ to capture a printed document and save it as a PDF attachment to a note. The captured image is processed entirely on your device by Apple’s VisionKit document scanner and saved into your note’s local attachment folder. The image is not transmitted to me or to any third party.
Used when you attach a photo or a video from your library to a note. The picked file is copied into your note’s local attachment folder. The App does not access photos you do not explicitly pick, and the file is not transmitted off-device.
Used when you record a voice memo as an attachment to a note. The recording is saved as a local audio file inside your note’s attachment folder. It is not transmitted off-device.
You can revoke any of these permissions at any time in iOS Settings → masterfile.
masterfile relies on Apple’s operating system services, including:
· iOS file system (for local storage and at-rest encryption).
· iOS Keychain (for Vault secrets).
· LocalAuthentication framework (for Face ID / Touch ID).
· VisionKit (for the Scan Document feature).
· PHPicker / UIImagePickerController (for photo and video selection).
· AVFoundation (for voice-memo recording and audio / video playback).
· PDFKit (for viewing attached PDFs).
· StoreKit, when in-app purchases are enabled (see Section 7).
· App Store Connect Analytics and MetricKit, described in Section 3.
Apple’s privacy practices for these services are governed by Apple’s privacy policy.
TelemetryDeck (operated by Telemetrydeck UG, based in Switzerland) is the only non-Apple service I use. It is described in detail in Section 3.3. Their privacy policy is at https://telemetrydeck.com/privacy/.
When masterfile offers paid features, those purchases are processed through Apple’s StoreKit. The payment transaction takes place between you and Apple. I do not collect, see, or store your credit card information, your Apple ID, your billing address, or any other payment detail. I receive only the unlock entitlement from Apple, which I record locally on your device so that you do not have to pay again.
masterfile does not integrate with any third-party advertising network, attribution provider, push-notification service, or cloud backend. The App does not use embedded web views to load external content. The App does not maintain a server of its own.
Under normal operation, the App may make outbound network requests in the following situations:
· Sending anonymized analytics events to TelemetryDeck (per Section 3.3).
· Sending the MetricKit daily payload through Apple’s framework (per Section 3.2).
· Tapping an external web URL inside a note — the link opens in Safari, which then makes the request. The App does not proxy or log the URL.
· Apple system operations that you triggered, such as restoring a previous in-app purchase or downloading product metadata for the paywall.
· The iOS “Rate the App” prompt, handled by StoreKit.
I do not perform background fetches, background uploads, push notifications, silent network calls, or any “phone-home” activity beyond what is described above.
masterfile is a general-audience productivity app. It is not directed at children under 13 (or under the relevant age of digital consent in your jurisdiction, which may be higher). I do not knowingly collect personal information from children. The App stores no personal information of any kind on my side; the aggregated analytics described in Section 3 cannot be used to identify a child or any other user. To remove the App’s data from a device, uninstall the App.
Because the App stores your content only on your device, there is no international transfer of your content caused by your use of the App. Anonymized analytics may be transmitted to servers operated by Apple (typically in the United States and Europe) and by TelemetryDeck (typically in Switzerland and Germany). These transfers are governed by the privacy policies of those providers and by the standard contractual clauses or other safeguards they put in place. Any data movement that may occur because of Apple services you triggered (such as an App Store purchase or an iCloud Device Backup) is governed by Apple’s privacy policy and your Apple ID region settings.
If you enable iCloud Backup or back up your iPhone or iPad to a computer, your device backup will include the App’s local files and attachments as part of the standard iOS device backup. That backup is held by Apple (for iCloud) or by you (for local computer backups). I do not have access to those backups. Vault secrets stored in the iOS Keychain are excluded from iCloud Backup by their access class (ThisDeviceOnly) and will not be included in an iCloud Device Backup.
I do not retain the contents of your notes, vault, budget, or kanban, because I never receive them. Your content lives only on your device. You control its retention:
· Notes and folders you trash inside Notes+ are kept in Trash for thirty (30) days and then permanently deleted by the App’s automatic sweep on launch and on app foreground.
· Boards you trash inside Kanban are kept for thirty (30) days under the same sweep.
· You can permanently delete anything sooner from the relevant Trash sheet.
· Uninstalling the App removes every file, every Keychain entry, and every preference associated with the App. There is no remote copy.
Anonymized analytics events sent to TelemetryDeck and Apple are retained by those providers according to their own retention policies, which you can review at the URLs in Section 6. Any support correspondence you send me is retained only as long as needed to resolve the issue and any follow-up.
I have designed masterfile around the principle that the safest data is data that never leaves your device. To that end:
· All on-disk JSON files are written with iOS’s NSFileProtectionComplete attribute, which encrypts them at rest while the device is locked.
· Vault secrets are stored exclusively in the iOS Keychain with the ThisDeviceOnly access class.
· Locked notes require a fresh Face ID / Touch ID prompt each time you open them; the unlock is never cached for the session.
· The Vault re-locks itself automatically when you switch to a different tab and when the App returns from the background.
No security measure is perfect. You are responsible for the security of your device itself — keep iOS up to date, use a strong device passcode, and enable biometric protection.
You can exercise full control over the App’s data directly on your device:
· Access: open the App.
· Correct: edit the relevant note, entry, account, or board.
· Delete: trash the item, or uninstall the App to remove everything.
· Opt out of Apple analytics: iOS Settings → Privacy & Security → Analytics & Improvements → Share With App Developers (toggle off).
· Opt out of TelemetryDeck: contact me using Section 14. (A future App version may add an in-app toggle.)
If you are in a jurisdiction (such as the European Economic Area, the United Kingdom, or California) whose privacy laws provide additional rights — to access, correct, port, delete, or restrict processing — those rights still apply to any information I or my analytics providers hold about you. The information I hold is limited to what is described in Section 3 and Section 14. Please contact me to exercise any such right; I will respond within a reasonable time and as required by applicable law.
If you have questions about this Privacy Policy or about how masterfile handles data, please contact me at:
Email: louiscada@gmail.com
Part II
Terms of Service
These Terms of Service (the “Terms”) govern your access to and use of the masterfile iOS application (the “App”). The App is made and provided by Louis Cada (referred to in this document as “the developer,” “I,” “me,” or “my”). By downloading, installing, or using the App, you agree to be bound by these Terms. If you do not agree to these Terms, please do not use the App.
Please read these Terms together with the Privacy Policy in Part I above, which is incorporated by reference.
You must be at least 13 years old (or the applicable age of digital consent in your jurisdiction, which may be higher) to use the App. By using the App, you represent that you meet this requirement. If you are using the App on behalf of an organization, you represent that you have the authority to bind that organization to these Terms.
Subject to your compliance with these Terms, I grant you a personal, non-exclusive, non-transferable, non-sublicensable, revocable license to download the App from the Apple App Store and use it on Apple-branded devices that you own or control, as permitted by Apple’s App Store Terms of Service and the Apple Media Services Terms and Conditions.
This license does not grant you the right to:
· Copy, modify, distribute, sell, lease, sublicense, or transfer the App.
· Reverse-engineer, decompile, or disassemble the App, except to the extent expressly permitted by law.
· Remove, alter, or obscure any proprietary notice in the App.
· Use the App for any unlawful purpose, or in a way that could damage, disable, or impair the App or anyone else’s use of it.
· Use the App to develop a competing product.
· Use any automated means to interact with the App.
The App is single-user and local-only. Everything you create in the App (your notes, folders, tags, attachments, vault entries, budget data, kanban boards and cards, scratch text, color labels, and any other content collectively, “Your Content”) is stored on your device. I do not host, receive, or have access to Your Content. The anonymized analytics described in Part I, Section 3 are limited to usage and performance metrics; they do not include Your Content.
You retain all rights you have in Your Content. Because I do not receive Your Content, I make no claim of ownership over it. I do not grant myself any license to use, display, modify, or distribute Your Content — not within the App, and not anywhere else.
You are solely responsible for Your Content. You must ensure that Your Content does not violate any law and does not infringe anyone else’s rights.
Because Your Content is stored only on your device, you are responsible for backing it up. The available options are:
· Enable iCloud Backup in iOS Settings (this will include the App’s files in the device backup, though Vault secrets held in the Keychain are excluded by their access class).
· Back up your device to a computer using Finder or iTunes.
I am not able to recover lost data on your behalf. If you delete the App from your device without first backing it up, the App’s data — including Vault secrets stored in the iOS Keychain — may be permanently lost.
Vault stores credentials, card numbers, PINs, and other sensitive material locally on your device, using the iOS Keychain for the most sensitive fields. I have designed Vault around the same patterns Apple and major password managers use, but you should understand the following:
· I cannot reset, recover, or transfer your Vault contents.
· If you forget the device passcode that protects your iOS Keychain entries, the entries may become unreadable; this is a property of iOS, not of the App.
· If your device is lost, stolen, or wiped without a backup, your Vault contents may be permanently lost.
· Vault is one layer of protection. You remain responsible for keeping your device secure with a strong passcode and an up-to-date version of iOS, and for using a unique device passcode that you do not share.
· The biometric prompt is provided by iOS and reports only a pass-or-fail result; I do not see or store biometric data.
Custom fields you add to a Vault entry are stored in plain JSON on your device alongside the entry’s metadata, even when marked “Secure.” The “Secure” flag controls only the show/hide toggle in the UI — not the storage class. If a value is so sensitive that it requires hardware-protected storage, create a separate Vault entry of kind “Key” for it, where the primary secret is stored in the iOS Keychain.
You agree not to use the App to:
· Violate any applicable law, regulation, or court order.
· Store, transmit, or generate content that is unlawful, infringing, defamatory, fraudulent, threatening, harassing, hateful, sexually exploitative of minors, or that contains malware.
· Attempt to interfere with, circumvent, or disable any security or anti-tampering feature of the App or of iOS.
· Use the App in a way that could expose other people’s personal information without their consent.
I cannot police Your Content because I cannot see it. The App is provided to you for your private use, and you assume the legal and ethical responsibility for what you choose to store inside it.
Some features of the App may be made available only through a one-time in-app purchase (the “Unlock”), processed by Apple through StoreKit. If you make an in-app purchase:
· The purchase is between you and Apple. Apple’s payment terms apply.
· The price displayed inside the App is the price set in App Store Connect for your region. Apple converts prices into your local currency automatically.
· I record the Unlock entitlement on your device after purchase, so that you do not have to pay again. The entitlement is stored locally; I do not maintain a server record of who has purchased.
· Restoring an Unlock you previously purchased is handled by Apple’s “Restore Purchases” flow.
· Refund requests for in-app purchases are handled by Apple. You can request a refund through Apple at https://reportaproblem.apple.com.
· Promotional pricing such as a launch special is offered for a limited window and may be withdrawn at any time without notice.
If the in-app purchase has not yet been wired in your version of the App, the Unlock UI may be present but inactive. In that case, no charge will occur, and Vault, Notes+, Budget, Kanban, and Scratch remain usable within their free-tier limits.
You acknowledge that these Terms are entered into between you and me, and not with Apple. Apple is not responsible for the App or its contents. To the extent these Terms differ from the Apple App Store Terms of Service, the Apple App Store Terms control the parties’ relationship with Apple. If the App fails to conform to any applicable warranty, you may notify Apple, and Apple may refund the purchase price (if any) to you; to the maximum extent permitted by applicable law, Apple has no other warranty obligation whatsoever with respect to the App.
You and I acknowledge that Apple and its subsidiaries are third-party beneficiaries of these Terms and that, upon your acceptance, Apple has the right (and is deemed to have accepted the right) to enforce these Terms against you as a third-party beneficiary.
I may release updates to the App from time to time through the App Store. Updates may add features, change features, remove features, and fix bugs. Some updates may require a minimum iOS version. I am not obligated to maintain support for older versions of iOS indefinitely.
The App, including its name, logo, illustrations, copy, design, source code, and visual style, is owned by me and is protected by copyright, trademark, and other laws. Except for the limited license granted in Section 2, these Terms do not grant you any right, title, or interest in the App.
THE APP IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT ANY WARRANTY OF ANY KIND, EXPRESS, IMPLIED, OR STATUTORY. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, I DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, NON-INFRINGEMENT, QUIET ENJOYMENT, AND TITLE, AS WELL AS ANY WARRANTIES ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE.
I do not warrant that the App will be uninterrupted, error-free, or free from viruses or other harmful components. I do not warrant that any data you store in the App will be preserved against accidental loss caused by you, by your device, by iOS, by another app on your device, or by hardware failure. You assume all risk for your use of the App.
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL I OR MY SUPPLIERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF DATA, LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF GOODWILL, OR LOSS OF USE, ARISING OUT OF OR RELATING TO YOUR USE OF, OR INABILITY TO USE, THE APP — EVEN IF I HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
MY TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATING TO THESE TERMS OR THE APP, WHETHER IN CONTRACT, TORT, OR OTHERWISE, WILL NOT EXCEED THE GREATER OF (A) THE AMOUNT YOU PAID FOR THE APP IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) FIVE U.S. DOLLARS (USD $5.00).
Some jurisdictions do not allow the exclusion of certain warranties or limitations of certain damages. In those jurisdictions, the disclaimers and limitations above apply only to the extent permitted by law.
You agree to defend, indemnify, and hold me harmless from and against any third-party claim, liability, damage, loss, and expense (including reasonable attorneys’ fees) arising out of or relating to (a) your use of the App, (b) Your Content, or (c) your breach of these Terms or violation of any law or third-party right. I reserve the right to assume the exclusive defense and control of any matter otherwise subject to indemnification by you.
You may stop using the App at any time. To terminate these Terms with respect to your use, delete the App from your device. I may suspend or terminate your access to the App at any time, with or without notice, for any reason, including if I reasonably believe you have violated these Terms or applicable law. Sections 3, 4, 5, 10, 11, 12, 13, 14, 16, 17, and 18 will survive any termination of these Terms.
I may revise these Terms from time to time. When I do, I will update the “Last Updated” date in the masthead and post the new version at the URL where these Terms are hosted. Material changes will be reasonably highlighted (for example, with an in-app notice). Your continued use of the App after the new Terms take effect constitutes your acceptance of them. If you do not agree to the revised Terms, you must stop using the App and delete it from your device.
These Terms are governed by and construed in accordance with the laws of the Republic of the Philippines, without regard to its conflict-of-laws principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply to these Terms. Any dispute arising out of or relating to these Terms or the App will be brought exclusively in the courts located in Quezon City, Philippines, and you and I consent to personal jurisdiction and venue there.
Nothing in this Section will deprive you of any mandatory protection under the law of the country in which you reside that cannot lawfully be excluded by contract.
These Terms, together with the Privacy Policy in Part I, constitute the entire agreement between you and me regarding the App and supersede all prior and contemporaneous understandings on the subject.
If any provision of these Terms is held to be unenforceable, that provision will be modified to reflect the parties’ intention as closely as possible, and the remaining provisions will remain in full force and effect.
My failure to enforce any right or provision of these Terms will not be considered a waiver of that right or provision.
You may not assign or transfer these Terms or any rights under them without my prior written consent. I may assign these Terms freely. Any prohibited assignment will be void.
These Terms do not create any third-party beneficiary rights, except as expressly stated in Section 8 with respect to Apple.
I will not be liable for any failure or delay in performing my obligations under these Terms when caused by events beyond my reasonable control, including acts of God, pandemic, government action, war, civil unrest, labor disputes, power outages, internet outages, or failures of third-party services.
I may provide notices to you within the App or at any contact method you have provided. You may contact me using the information in Section 18.
If you have questions about these Terms, please contact me at:
Email: louiscada@gmail.com
Or on Instagram: @louiscada