Privacy Policy

Summary

Aliases is a self-hosted-first app. The developer does not run any cloud service for it. The data you see in the app lives on your own server and on your device. The developer cannot see your aliases.

1. Data we process

1.1 Data stored on your device

• The list of email aliases and their destinations, fetched from your server.
• A pending-changes queue for actions made while offline.
• App preferences (your chosen server URL, sync state).
• A client certificate (.p12) imported by you, used to authenticate to your server.

All of the above stays on your device. The app does not upload any of it anywhere except to the server URL you configured.

1.2 Data sent to your server

• Requests to list, create, and toggle aliases.
• Standard HTTPS / mTLS handshake metadata (your client certificate identifies you).

The privacy of this server is governed by whoever operates it (in most cases, you). The app does not retain copies of these requests beyond what is needed to retry failed offline operations.

1.3 Data the developer can see

None, except for:

• Crash reports and performance data collected by Apple TestFlight or the App Store when you opt in to share diagnostics with developers. These are anonymized by Apple and do not contain your alias data.
• Emails you send to the support address. Those are stored in the developer's regular email mailbox.

2. Data we do not process

• No analytics SDK.
• No advertising SDK.
• No tracking across apps or websites (no IDFA usage).
• No third-party data brokers.
• No cloud storage operated by the developer.

3. Third parties

The only third party involved in app delivery is Apple, via TestFlight or the App Store. Apple's own privacy policy applies to that distribution channel: apple.com/legal/privacy.

The app does not call out to any third-party API or SDK.

4. Children

The app is not directed at children under 13. It does not collect any data that could identify a child.

5. Your rights (GDPR, CCPA, and similar)

Because all your data either lives on your device or on your own server, you can exercise access, rectification, and deletion rights directly:

• Access: open the app or your server's database.
• Rectification: edit the alias inside the app.
• Erasure: uninstall the app and remove the data from your server.
• Portability: the data is already on infrastructure you control.

For the limited categories the developer does receive (support emails, crash logs), you may contact the address below and request deletion.

6. Security

• All network traffic uses HTTPS with mutual TLS (mTLS).
• The client certificate is stored in the iOS keychain when imported at runtime.
• The app uses SwiftData on-device storage, which iOS encrypts with the device passcode.

7. Changes to this policy

Updates will be reflected in the "Last updated" date at the top of this page. Material changes will be highlighted in the TestFlight "What to Test" notes of the affected build.

8. Contact

Privacy questions: aliases-98a67@ledez.net

Data controller: Nicolas Ledez, France.