Rod Software

Spelling Buddy Privacy Policy

Last updated: February 11, 2026

Rod Software LLC ("we", "us", "our") operates the Spelling Buddy app. This Privacy Policy explains what data we collect, how we use it, and your choices.

Contact: legal@rodsoftware.com

1. Scope

This policy applies to the Spelling Buddy iOS app and related backend services used to provide app features.

2. Data We Collect

2.1 Account and Identity Data

  • Apple user identifier (credential.user) from Sign in with Apple.
  • Apple Sign in identity token (JWT) used for authentication and request verification.
  • App account token used to associate purchases and entitlement state.

2.2 Subscription and Entitlement Data

  • Subscription status and expiration/renewal-related state.
  • Transaction identifiers in protected form (including latest transaction ID references and OTID-derived records) for entitlement verification and anti-abuse.
  • Usage counters and review-access entitlement state where applicable.

2.3 User Content Data

Words and attributes you create or confirm in the app:

  • word
  • definition
  • sentence
  • origin
  • difficulty
  • upload/create timestamps

2.4 Technical and Diagnostic Data

  • Basic request/response and error diagnostics needed for reliability and abuse prevention.
  • Device/app state needed to render subscription/access state in-app.

3. How We Collect Data

We collect data from:

  • You directly (manual word entry, app actions, settings choices).
  • Apple (Sign in with Apple and StoreKit purchase events).
  • Our backend APIs used for authentication, word enrichment, and entitlement checks.

4. How We Use Data

We use data to:

  • Authenticate your account.
  • Provide premium entitlement and restore access.
  • Process words and return definitions/sentences/origin/difficulty.
  • Prevent abuse and enforce fair usage.
  • Provide customer support and troubleshoot issues.

4.1 Identifier Use for Internal Operations

  • Apple user identifier:
    • Stored locally in iOS Keychain.
    • Stored on backend to map account records, validate account identity, and locate accounts for support.
  • Apple Sign in identity token (JWT):
    • Stored locally in iOS Keychain for authenticated app sessions.
    • Sent to backend for identity verification and authenticated API requests.
    • Used by backend for verification and fraud prevention controls, and not retained as a long-term account profile field.
  • App account token:
    • Generated and stored by backend to associate StoreKit subscription events and entitlement state with the correct app account.
    • Stored locally in iOS Keychain to ensure purchases and restores apply to the correct account in app.
  • Subscription transaction linkage data:
    • Backend uses transaction identifiers and OTID-derived records to validate entitlement ownership, prevent mismatch abuse, and support restore/account integrity operations.
    • App stores a local idempotency marker (lastFulfilledTransactionID) to avoid duplicate fulfillment submissions.

We use these identifiers only for core internal operations, including authentication, security, entitlement, fraud prevention, account integrity, and support.

5. App Permissions

The app requests:

  • Camera access: capture photos of word lists for OCR upload flows.
  • Photo library access: select screenshots/photos for OCR upload flows.

6. Retention and Deletion

  • If you delete an account without an active subscription, we delete associated account data immediately (subject to short technical propagation delays).
  • If you delete an account with subscription history, we retain only minimal anti-abuse and entitlement-integrity records for up to the earlier of (a) the current entitlement expiry date, or (b) 1 month after deletion, then purge:
    • OTID hash
    • latest transaction ID reference
    • entitlement expiry marker
    • remaining usage counters
  • Local app data is removed when account deletion succeeds in-app, and local auth/subscription tokens and idempotency markers are cleared on sign-out/deletion.

7. Children

Spelling Buddy may be used by all ages with parent or guardian consent and supervision where required.

Our account model is based on Sign in with Apple and internal account identifiers used for core app operation. We do not use these identifiers for advertising profiles, cross-app tracking, or data brokerage.

8. Data Sharing

We do not sell personal data.

We do not share personal data with advertisers or data brokers.

We do not use cross-app tracking for advertising.

We may share limited data with service providers strictly to operate core functionality (for example, Apple services for authentication and subscriptions, and infrastructure providers hosting backend services).

9. Security

We use reasonable technical safeguards, including encrypted transport and secure local token storage (for example, iOS Keychain for auth token material).

No method of transmission or storage is perfectly secure, but we work to reduce risk and limit data exposure.

10. Your Rights and Requests

You can request access, correction, or deletion of your data by contacting support@rodsoftware.com.

We target a response window of up to 30 days.

11. International and US Scope

This policy is written for a US-focused release with baseline privacy rights and controls.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material updates will be reflected by a new "Last updated" date and, where appropriate, in-app notice.

Back to Spelling Buddy Back to Products