Privacy Policy

Effective date: April 30, 2026 · Snow Leopard Labs LLC

Plain-English summary: Sworn never logs the domains you query. The only data tied to you is a randomly-generated UUID and, optionally, the phone numbers of partners you choose to invite. We don't sell or share anything; we don't run analytics. The DNS queries themselves are encrypted on the wire.

What we collect

Generated automatically by your device

A UUID v4 identifier generated locally on your phone the first time you open the app. The UUID is stored in your device's secure store (Keychain on iOS, app-private SharedPreferences on Android with cloud backups disabled). We use it to associate your category preferences and partner list with you. It is not derived from any personal information about you and is not shared with anyone.
Your category preferences — which categories (pornography, gambling, social media, online shopping, gaming, malware, VPN/Proxy bypass) you've enabled. Stored on our server, keyed only by your UUID.

Information you provide

Partner phone numbers. If you add partners to be notified when you trip a content filter, the phone numbers you enter are stored on our server in plain text, keyed only by your UUID. We use them solely to send the invite, the confirmation, and the alert SMS messages described below.

Information generated by use of the service

A counter of blocked queries per user, per 24-hour rolling window. We count how many of your queries hit a category you've enabled, so we can send your partner a "X blocks in the last day" digest. We do not store the domains themselves.
Operational logs. The resolver writes a single rate-limited log line per blocked query (one line per user per minute, max) to systemd's journal. The log line names the domain but is not retained beyond the journal's default rotation (typically a few days). It is used only for debugging.

What we explicitly do not collect

No analytics, telemetry, or crash-reporting SDKs (Firebase, Crashlytics, Sentry, Mixpanel, Amplitude, etc.) in either app.
No persistent log of your DNS queries beyond the operational journal described above.
No advertising identifiers, no IDFA, no AAID.
No location data.
No contact list access. Partner phones are typed manually.

Third parties

Twilio

Sworn uses Twilio to send SMS messages: the partner invite, the confirmation back, and the block alerts. Twilio receives the destination phone number and the message body. Twilio's privacy policy is at twilio.com/legal/privacy.

Upstream DNS resolvers

For queries to domains not in any blocklist (which are the vast majority), Sworn forwards the query to one of three upstream public resolvers — Cloudflare (1.1.1.1), Google (8.8.8.8), or Quad9 (9.9.9.9) — over standard DNS protocols. Those providers see the queried domain, your resolver's IP (not yours), and the response. They do not see the per-user UUID. Each of them publishes its own privacy policy.

Cloud hosting

Sworn's resolver runs on a virtual machine hosted by Hetzner Cloud (Ashburn, VA, USA). Hetzner sees connection metadata (source IP, timestamps) per its standard hosting operations.

Data retention

UUID + categories + partners + per-user counters: retained until you uninstall the app and request deletion.
Operational logs: not actively retained — overwritten by systemd's journal in days.
SMS messages: per Twilio's retention policy.

Deletion

Email dg@snowleopard.dev with the UUID shown in the app's Activate DNS screen ("Hostname (advanced)" → the leftmost label) and we will delete the corresponding row from our database. Or just uninstall the app — after a future cleanup pass we routinely drop accounts that have no confirmed partners and no recent activity.

Children

Sworn is not directed at children under 13 and we do not knowingly collect data from anyone under 13.

Changes

If we change this policy materially, we'll bump the "effective date" above and surface a notice in the apps on next launch.

Contact

dg@snowleopard.dev
Snow Leopard Labs LLC

This is a starting-point document, not legal advice. Replace it with one reviewed by a qualified attorney or generated by a vetted privacy-policy service before relying on it for App Store / Play Store compliance.