Privacy Policy

Introduction

Widgeto5 is developed and operated by Ryan Bijoy (“we”, “our”, “us”). We are committed to protecting your privacy. This Privacy Policy explains how we handle information when you use the Widgeto5 iOS application (“the App”).

Data Collection

We do not collect, store, or transmit your personal data to any servers owned or operated by us. Widgeto5 does not have its own backend servers. All data processing happens locally on your device. We do not build user profiles, track your behavior, or collect analytics of any kind.

On-Device Storage

All app data is stored locally on your device using the following secure mechanisms provided by Apple:

• Keychain: OAuth tokens, API keys, and sensitive credentials are stored in the iOS Keychain, which is encrypted by the operating system.
• UserDefaults & App Group: Widget configurations, user preferences, and non-sensitive settings are stored in UserDefaults shared between the app and its widget extension.
• FileManager: Cached photos and temporary data are stored in the app’s sandboxed container with file-level protection.

iCloud Sync

If you have iCloud enabled on your device, the App may sync certain non-sensitive preferences (such as widget configurations, selected stocks, weather locations, and appearance settings) across your Apple devices using iCloud Key-Value Storage. Custom widget background images that you add may be synced through an iCloud Drive container associated with the App (iCloud.com.widgeto5.app). All iCloud data is managed entirely by Apple’s iCloud infrastructure and is subject to Apple’s Privacy Policy. You can disable iCloud sync for the App in your device’s Settings.

Background Refresh

The App uses iOS background execution (background fetch) to periodically refresh widget data so that widgets on your Home Screen and Lock Screen stay reasonably up to date. Background refreshes use only the same third-party APIs described above and do not transmit any additional information. You can disable Background App Refresh for the App in your device’s Settings > General > Background App Refresh.

Local Notifications

With your permission, the App schedules local notifications on your device — for example, daily quote reminders at times you choose. These notifications are generated and delivered entirely on-device by iOS; no notification content is sent to any server operated by us or by a third party. The App does not use remote push notifications. You can disable notifications at any time in your device’s Settings > Notifications > Widgeto5.

Third-Party Services

The App connects to external third-party APIs solely to fetch data that you explicitly request for your widgets. We do not send your personal information to these services beyond what is required for authentication and data retrieval. Each service is optional — you choose which ones to connect.

The third-party services the App may connect to include:

• Google Calendar — to display upcoming meetings and events, including event titles, times, attendees, and conference links. Privacy Policy
• GitHub — to display repository statistics (stars, issues, pull requests). Privacy Policy
• Stripe — to display payment and revenue dashboard data. Privacy Policy
• Anthropic — to display API usage and cost statistics via the Anthropic Admin API using an Admin API key that you provide. The App does not send user-generated content, widget data, HealthKit data, photos, or any personal data to Anthropic or any other third-party AI model or service. The Anthropic integration is limited to reading organizational billing and usage reports. Privacy Policy
• Yahoo Finance — to fetch stock market quotes and chart data. No account or API key is used. Privacy Policy
• CoinGecko — to fetch cryptocurrency prices and market data. Privacy Policy
• Apple App Store Connect — to display your app sales, downloads, and analytics using an API key that you provide.
• YouTube — to display channel analytics and subscriber data. Privacy Policy

Authentication with these services uses industry-standard OAuth 2.0 (with PKCE where supported) or API keys that you provide. All network requests are made over encrypted HTTPS connections. When you connect a third-party service, that service acts as an independent data controller of the data you access through it, and your use of that service is governed by the service’s own terms and privacy policy.

Google API Services User Data

Widgeto5’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we only access Google user data (such as your Google Calendar events or YouTube channel analytics) with your explicit consent through Google OAuth, and we use that data solely to display it in the widgets and in-app views you have enabled. We do not use Google user data to develop, improve, or train generalized or non-personalized AI or machine-learning models. We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features that are prominent in the App’s user interface, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users. We do not use Google user data for advertising purposes and we do not allow humans to read this data unless we have your affirmative consent, it is necessary for security purposes, to comply with applicable law, or the data is aggregated and used for internal operations in accordance with applicable privacy requirements.

YouTube API Services

Widgeto5 uses YouTube API Services to display your channel analytics and subscriber data in widgets. By connecting your YouTube account, you agree to be bound by the YouTube Terms of Service and acknowledge the Google Privacy Policy. Widgeto5’s use and transfer of information received from YouTube APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. YouTube data accessed through the App is used solely to display it in the widgets you have enabled, is not shared with third parties, and is not used to train AI or machine-learning models.

You can revoke Widgeto5’s access to your YouTube account at any time by visiting the Google security settings page or by disconnecting YouTube from within the App.

Revoking Access to Connected Services

You can revoke Widgeto5’s access to your Google, YouTube, GitHub, or any other connected account at any time. For Google and YouTube, visit https://myaccount.google.com/permissions. For other services, use their respective account permission pages. You can also disconnect any service from within the Widgeto5 app settings, which will immediately delete the associated OAuth tokens from your device’s Keychain.

HealthKit Data

With your explicit permission, the App accesses Apple HealthKit data in read-only mode to display health and fitness widgets. This may include step count, active calories, heart rate, walking/running distance, sleep analysis, and date of birth. This data is accessed directly from HealthKit on your device and is never transmitted off your device, never stored on external servers, and never shared with any third party. HealthKit data is not used for advertising or marketing purposes. You can revoke HealthKit access at any time in your device’s Settings > Privacy & Security > Health.

Location Data

The App requests location access (“When In Use”) solely to display weather information relevant to your current location via Apple WeatherKit. Your location is sent to Apple’s weather service to retrieve forecasts. You can choose to manually set a city instead, in which case no location data is accessed. You can manage location permissions in your device’s Settings > Privacy & Security > Location Services.

Photo Library

If you use photo widgets, the App accesses your Photo Library to let you select images. Selected photos are resized, cached locally within the App’s sandboxed container, and are never uploaded to external servers or shared with third parties. You can manage photo access in your device’s Settings > Privacy & Security > Photos.

Subscriptions & Purchases

Widgeto5 offers optional auto-renewable subscriptions and a non-consumable one-time purchase (together, “Widgeto5 Pro”) managed entirely through Apple’s App Store and StoreKit. We do not directly collect or process any payment information. Apple provides the App with signed transaction data (such as product identifier, purchase date, and expiration date where applicable) that the App uses solely on-device to verify your Pro entitlement. All subscription and payment handling is managed by Apple and subject to Apple’s Privacy Policy.

No Tracking or Analytics

We do not use any analytics SDKs, tracking pixels, advertising frameworks, or crash reporting services. The App does not track you across other apps or websites. As declared in our App Privacy manifest, NSPrivacyTracking is set to false and no tracking domains are configured.

No Third-Party SDKs

The App is built entirely with native Apple frameworks (SwiftUI, WidgetKit, HealthKit, MusicKit, WeatherKit, StoreKit, etc.). No third-party SDKs or libraries are embedded in the App.

Data Sharing

We do not sell, rent, share, or transfer your personal data to any third parties for any purpose. The only data that leaves your device is what is sent to the third-party APIs you choose to connect, solely to fetch the data you requested.

Data Retention & Deletion

Since we do not collect data on any servers, there is no data for us to retain or delete. All data is stored locally on your device and/or in your personal iCloud account. You can delete your data at any time by:

• Disconnecting individual service accounts within the App (this immediately deletes associated tokens from Keychain).
• Deleting the App from your device (this removes all locally stored data).
• Managing iCloud storage in your device’s Settings to remove synced preferences.

Your Rights (GDPR, UK GDPR, CCPA, and Similar Laws)

Depending on where you live, you may have rights under data protection laws such as the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and similar laws. These rights may include the right to access, correct, delete, or port your personal data, and to object to or restrict certain processing.

Because the App does not collect, store, or transmit your personal data to any servers operated by us, there is typically no personal data held by us for you to access, correct, port, or delete. You can exercise control over your data directly on your device:

• Disconnect any third-party service from within the App to revoke its tokens and remove its credentials from your device’s Keychain.
• Revoke Health, Location, Photos, or Notifications permissions at any time in your device’s Settings.
• Delete the App from your device to remove all locally stored data.
• Manage or delete iCloud data associated with the App in your device’s Settings > [Your Name] > iCloud.
• For data held by a third-party service you have connected (Google, GitHub, Stripe, and so on), please exercise your rights directly with that service as the controller of that data.

We do not sell or “share” personal information as those terms are defined under the CCPA. If you would like to contact us about your rights, you can email us at the address listed below. You also have the right to lodge a complaint with your local data protection authority.

Children’s Privacy

The App is rated 4+ and is suitable for all ages. We do not knowingly collect personal data from children under 13 (or the applicable age in your jurisdiction). Since the App does not collect personal data from any user, no special data handling for children is required. If you believe a child has provided personal information through a third-party service connected to the App, please contact us.

Security

We take reasonable measures to protect your information by leveraging iOS platform security features including Keychain encryption, HTTPS/TLS for all network communications, OAuth 2.0 with PKCE for authentication, and file-level protection for cached data.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this page periodically. Your continued use of the App after any changes constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at ryanbijoy2727@gmail.com.