Legal

Privacy Policy

Effective May 12, 2026 · Last updated May 21, 2026

This Privacy Policy explains how eddies ("we", "us", "our") collects, uses, and protects information when you use the eddies iPhone app and visit eddies.business (collectively, the "Service"). eddies is designed to be privacy-first: your invoices, clients, and business data stay on your device.

eddies is operated by Weelco Inc., 1623 Central Ave Ste 201, Cheyenne, WY 82001, United States ("eddies"). For the purposes of the EU General Data Protection Regulation, the UK GDPR, and similar laws, Weelco Inc. is the data controller for personal information processed in connection with the Service. If you have questions, contact us at support@eddies.business.

1. TL;DR

• Your invoices, clients, and catalog items are stored locally on your device and, if you are signed in to iCloud, synced privately across your own Apple devices. We do not operate any servers that store your business data and we do not receive a copy.
• We do not require an account, email, or password to use the Service.
• Subscriptions are processed entirely by Apple through the App Store; we never see your payment details, billing address, or full transaction history.
• We process a limited amount of aggregated, anonymized usage and stability data to operate and improve the Service. This information is not tied to your identity, your invoice content, or any client information.
• We do not sell or share your personal information for advertising, profiling, or any cross-context behavioral purpose.

2. Data we collect

2.1 Information you provide

When you use eddies, you may enter information such as your business name, address, bank details, logo, signature, client names, contact info, line items, and invoice amounts. All of this is stored locally on your device using Apple's Core Data framework. We do not transmit this information to our servers, because we do not operate servers that store it.

2.2 Subscription information

When you purchase a subscription, Apple processes the transaction through the App Store. Apple shares with us only the information necessary to verify your subscription status (an anonymous transaction identifier and entitlement). We never receive your name, email, address, credit card details, or any other payment information.

2.3 Support communications

If you contact us at support@eddies.business, we receive your email address, the contents of your message, and any attachments. We use this only to respond to your request and keep these messages for as long as needed to provide support.

2.4 Website usage data

When you visit eddies.business, our hosting provider may log standard request metadata (IP address, user agent, timestamp, page accessed). This is used for security, abuse prevention, and aggregate traffic metrics.

The website uses two privacy-first, cookie-less measurement services operated by Vercel (our hosting provider, identified in Section 5):

• Vercel Web Analytics records aggregate page views, referrers, country-level location derived from your IP, browser and operating-system family, and device type. Daily-unique-visitor counts are derived from a hash that rotates every 24 hours and cannot reconstruct your identity.
• Vercel Speed Insights records anonymous performance measurements from your browser (Core Web Vitals such as Largest Contentful Paint, Interaction to Next Paint, Cumulative Layout Shift, First Contentful Paint, and Time to First Byte), together with non-identifying context (page URL, country, browser, device type, connection type) so we can detect and fix slow pages.

Neither service sets cookies, writes to browser local storage, uses fingerprinting, persists your IP address, or builds a persistent profile of you. All requests are made to the same origin (eddies.business) and never to a third-party domain in your browser.

Beyond Vercel Web Analytics and Speed Insights, the website does not load any other analytics, advertising, or marketing scripts. Because no consent-bearing storage (cookies, local storage, IndexedDB) is used, no cookie-consent banner is required under the ePrivacy Directive (Article 5(3)) or comparable laws. Our legal basis for this processing is described in Section 8.

2.5 Aggregate usage and stability data

To operate, secure, and improve the Service, we process a limited amount of aggregated, anonymized data through third-party processors (identified in Section 5). The categories are intentionally narrow:

• An anonymous device-scoped identifier generated on first launch. This identifier is not linked to your name, email, business name, client list, or invoice content.
• Aggregate event signals indicating that certain actions occurred in the Service (such as completing onboarding or creating an invoice). We log that an action occurred, never what the underlying content contains.
• Stability diagnostics when the app crashes — typically technical information about the failure and the state of the device at the time. We do not include invoice, client, or catalog data in these reports.
• Anti-abuse signals based on Apple device-attestation, used to protect our infrastructure from automated abuse.

The analytics layer also records a limited, intentionally coarse set of anonymous user properties, attached to the anonymous identifier above so we can interpret event counts:

• subscription_status — "premium" or "free".
• app_version — for example "1.0".
• invoice_count_bracket — a non-identifying band: 0, 1–5, 6–20, 21–50, or 50+. The underlying count and the invoice content itself are never transmitted.
• device_model — for example "iPhone14,5".
• ios_version — for example "iOS 17.4".

None of these properties contain or derive from your invoice content, client list, business profile fields, or any other personal data you enter into the app.

Apple may additionally collect anonymized iOS-level diagnostics if you opted in at the operating-system level; you can disable that at any time in Settings → Privacy & Security → Analytics & Improvements.

2.6 Subscription verification

To confirm that a subscription is active, the Service securely caches a small entitlement record (an active/inactive flag, an expiry date, and an Apple-issued transaction reference) using Apple's on-device secure storage, scoped to that device only. This information is processed solely between your device and Apple; we do not receive a copy and we do not see your payment details.

3. Data we don't collect

To be specific about what we do not collect or process:

• We do not require an account, email address, or password to use the Service.
• We do not access your contacts, photos, camera, microphone, calendar, or location.
• We do not collect advertising identifiers (such as IDFA).
• We do not integrate advertising SDKs and we do not engage in cross-app or cross-site tracking.
• We do not read, transmit, or retain the content of your invoices, clients, line items, or catalog. The aggregate signals described in Section 2.5 record only that an action occurred — never the substance of what was created, sent, or stored.
• We do not build personal profiles of users for advertising, ranking, or other behavioral purposes.

4. How we use information

We use the limited information described in Section 2 for the following purposes:

• Provide the Service — verify your subscription is active.
• Customer support — respond to your questions.
• Improve the app — review aggregate App Store Connect analytics and Apple-provided crash reports.
• Security and legal compliance — detect abuse and respond to lawful requests.

We do not use your information for advertising, profiling, or sale to third parties.

5. Service providers and recipients

To deliver the Service, we engage a limited number of reputable service providers acting as processors under our instructions. Where required by applicable data-protection law (including GDPR Articles 13 and 14, and the CCPA), we identify them below. Each is bound by contract and by its own published privacy commitments.

• Apple Inc. — provides app distribution and subscription billing through the App Store, secure on-device storage and cross-device synchronization through iCloud (where you have signed in), and operating-system level anonymized diagnostics where you have opted in. Synchronization of your invoice and client data occurs between your own Apple devices via your personal iCloud account; we do not receive a copy at any point. See apple.com/legal/privacy.
• Google LLC — provides anonymized analytics, crash reporting, and anti-abuse attestation services (Firebase Analytics, Firebase Crashlytics, and Firebase App Check) that process only the categories described in Section 2.5. No invoice content, client information, or other personal data you enter into the app is transmitted to Google. See firebase.google.com/support/privacy.
• Vercel Inc. — serves the static eddies.business website on its edge network and provides Vercel Web Analytics and Vercel Speed Insights (both cookie-less and same-origin) as described in Section 2.4. Standard request logs (IP address, user agent, timestamp) are retained for up to 30 days for security and abuse-prevention purposes. See vercel.com/legal/privacy-policy.
• Email provider — processes correspondence sent to support@eddies.business.

We do not share information with any other party except where required by applicable law or legal process (see Section 8).

6. Data storage and security

Information you create in the app (invoices, clients, catalog items, signature, and logo) is stored locally on your device using Apple's secure on-device storage and is encrypted at rest by the operating system.

Cross-device synchronization. If you are signed in to iCloud on your device, the app may automatically synchronize this information across your own Apple devices through Apple's iCloud infrastructure. This synchronization takes place between your devices and your personal iCloud account; it does not pass through any server operated by us, and we do not receive a copy. You may manage or disable this synchronization at any time in your device's iCloud settings.

Apple's separate iCloud Backup feature, if enabled by you, may additionally include the app's local data inside your encrypted iCloud Backup. This is controlled by you at the operating-system level, not by us.

If you uninstall the app and have neither an iCloud Backup nor iCloud synchronization enabled, the local data is permanently deleted from your device.

7. Retention

• Subscription status: retained while your subscription is active, plus the period required by Apple's App Store and applicable tax law.
• Support emails: retained for as long as needed to provide support, typically up to 24 months.
• Web request logs: retained by our hosting provider for up to 30 days.
• Your on-device data: retained on your iPhone until you delete it or uninstall the app.

8. Legal basis for processing (EU/EEA/UK users)

For users in the European Economic Area, the United Kingdom, and Switzerland, we process anonymous analytics and stability diagnostics on the basis of our legitimate interest under Article 6(1)(f) of the GDPR — specifically, to understand how our product is used, to detect and fix crashes, and to improve the app for all users. We have balanced this interest against your rights and freedoms and concluded that the processing involves only pseudonymous identifiers and aggregate signals, no content of your invoices or your clients is ever transmitted, and the data cannot reasonably be used to single out an individual outside our analytics system.

You have the right to object to this processing at any time (GDPR Article 21). You can exercise this right immediately from within the app: open Settings → Privacy and turn off Share Anonymous Usage Data. The change takes effect immediately for all future events and is mirrored to Firebase, which stops collection on this device. You can also delete all data the app has stored about you, including resetting the anonymous identifier used for analytics, via Settings → Delete All Data.

Crashlytics stability diagnostics continue to operate independently of the analytics toggle because they are necessary to keep the app working correctly for you. If you wish to object to crash reporting as well, please contact support@eddies.business.

9. Your rights

Depending on where you live, you may have rights under data protection laws including the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, the California Consumer Privacy Act (CCPA/CPRA), and similar US state laws (VCDPA, CPA, CTDPA, etc.). These rights generally include:

• The right to know what personal information we hold about you.
• The right to request access, correction, or deletion of that information.
• The right to data portability.
• The right to opt out of "sale" or "sharing" — we do not sell or share personal information for cross-context behavioral advertising.
• The right to non-discrimination for exercising your rights.
• The right to lodge a complaint with your local data protection authority.

Because we store almost no personal information about you on our servers, requests for access or deletion will typically result in a response confirming we hold only your subscription transaction ID (controlled by Apple) and any support emails you have sent. To exercise these rights, email support@eddies.business. We will respond within 30 days (45 days for CCPA requests).

To delete your on-device data, simply uninstall the eddies app from your iPhone.

Global Privacy Control (GPC). We do not engage in any "sale" or "sharing" of personal information for cross-context behavioral advertising. Where you transmit a Global Privacy Control signal from your browser, we treat it as a valid opt-out request — though, because we do not sell or share personal information for advertising in the first place, no change in our processing is required.

California "Shine the Light" (Cal. Civ. Code § 1798.83). We do not share personal information with third parties for their own direct marketing purposes. California residents who would like to request more information about our compliance with this section may contact us at support@eddies.business.

10. Children's privacy

eddies is intended for use by professionals aged 18 and over and is not directed at children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@eddies.business and we will take appropriate action.

11. International users

eddies is operated from the United States. If you use eddies from outside the United States, you understand that your information (which is minimal, as described above) may be processed in the United States. We rely on Apple's App Store infrastructure for international distribution; Apple's data transfer mechanisms apply.

For users in the European Economic Area, the United Kingdom, or Switzerland: where a transfer of personal data to the United States or to another third country requires a transfer mechanism under applicable data protection law, we rely on the European Commission's Standard Contractual Clauses (and, for transfers from the United Kingdom, the UK International Data Transfer Addendum) or another mechanism recognized under applicable law. Our processors (including Apple and Google) maintain their own transfer mechanisms for any personal data they process on our behalf.

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the app or via the App Store description. Continued use of the Service after a change indicates acceptance of the revised policy.

13. Contact

If you have questions or concerns about this Privacy Policy or our practices, contact us at:

eddies
Email: support@eddies.business
Address: Weelco Inc., 1623 Central Ave Ste 201, Cheyenne, WY 82001, United States

For EU/UK users: under GDPR/UK GDPR, you have the right to lodge a complaint with your local data protection authority.

← Back to home