Docs · data & privacy

What FolioKit collects — and what it never will

The whole list, both columns. If something isn't in the left column, the SDK doesn't send it.

Collected

  • Event name, screen name, timestamp only the events your app explicitly tracks — there is no autocapture
  • Event properties you choose to attach you control the contents; the integration rules forbid PII in properties
  • One anonymous user ID per app a random UUID, shared with RevenueCat as the app_user_id
  • Session ID and session length
  • App version, OS version, device model e.g. 2.4.0 · iOS 26.1 · iPhone17,1
  • Country from the device's region setting or derived at ingest — the IP address itself is not stored
  • Purchase events from RevenueCat trials, renewals, refunds — via webhook, attached to the same anonymous ID
  • Apple Search Ads attribution token result via Apple's AdServices framework; campaign-level, no ATT involved

Never collected

  • Names, emails, phone numbers, contacts the SDK has no API that accepts them
  • IDFA — no ATT prompt, ever
  • Device fingerprints or cross-app device graphs each app's ID is its own; your users are never tracked across apps
  • IP addresses at rest
  • Precise location
  • Anything typed, photographed, or displayed no session replay, no screen recording, no heatmaps
  • User-level data from ad networks paid-social measurement is aggregate SKAdNetwork only
  • Pasteboard, photos, files, health data — anything outside the list on the left

Where the data lives

In a Postgres database (Supabase) in the EU — Paris. It stays there: your events are yours, exportable on request, deleted on request, and never sold or shared. FolioKit has no advertising business and no data partners — the only consumer of your data is your own dashboard and your Monday brief.

Your users vs you

Two different relationships, worth separating:

The landing-page snippet

The optional web snippet for your marketing pages follows the same rules: an anonymous random ID in localStorage, page views, App Store clicks, and campaign parameters. No cookies, no fingerprinting, no personal data.

Early-access honesty

No SOC 2, no signed DPAs, no compliance paperwork yet — FolioKit is an early-access product run by one developer. If your situation requires those documents today, we're not ready for you yet, and we'd rather say so than have you find out later. Questions about any of this: contact@foliokit.io goes straight to the founder.

FolioKit joins behavior and revenue on one anonymous user record — nothing above, and nothing more.

Get early access