Privacy Policy
Last updated May 20, 2026
1. Introduction
Welcome to AXIFY ("App"). AXIFY is a sports motion analysis application developed and operated by Narelio, a sole proprietorship based in Japan ("Developer," "we," "us," or "our").
We are committed to protecting your privacy and ensuring full transparency about how your information is handled. This Privacy Policy explains what data the App collects, how it is used, and your rights under applicable data protection laws, including:
- General Data Protection Regulation (GDPR) — European Union
- UK General Data Protection Regulation (UK GDPR) — United Kingdom
- California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) — California, USA
- Act on the Protection of Personal Information (APPI / 個人情報保護法) — Japan
By using AXIFY, you acknowledge and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the App.
2. On-Device AI Processing — Your Videos Never Leave Your Device
This is the cornerstone of AXIFY's privacy design.
AXIFY uses Apple's built-in Vision framework to perform human body pose estimation and motion analysis. This processing occurs entirely on your device using Apple's Neural Engine and local hardware. Specifically:
- No videos or photos are uploaded to any external server, cloud service, or third-party AI provider.
- No pose data, skeleton data, or joint measurements are transmitted outside your device.
- No cloud-based AI APIs (e.g., Google Cloud Vision, AWS Rekognition, OpenAI) are used.
- All angle measurements, pose overlays, and analysis results are computed and stored locally on your device.
Your media files remain under your sole control at all times. This is not a policy choice — it is an architectural guarantee built into the App's code.
3. Information We Collect
3.1 Information You Provide Directly
Projects — Project names, tags, and creation dates. Stored on-device (SwiftData) and in iCloud (if enabled).
Videos — Video files imported from your Photo Library or Files app. Stored in the on-device Documents directory and iCloud Documents (if enabled).
Annotations — Drawings, lines, angles, and text overlays you create on videos. Stored on-device (SwiftData) and in iCloud (if enabled).
Preferences — App language, haptic feedback setting, video layout preference, selected sport, and skill level. Stored on-device (UserDefaults).
3.2 Information Collected Automatically
Anonymous Usage Analytics — Anonymized, aggregated product events (e.g., features used, screens viewed). See Section 4.1 for details. Purpose: Product improvement and understanding feature adoption. Legal basis: Legitimate Interest (GDPR Art. 6(1)(f)) / Anonymized data.
Crash & Performance Data — Crash reports, performance traces, app hang detection, and diagnostic data. See Section 4.2 for details. Purpose: Identifying and fixing software defects, ensuring app stability. Legal basis: Legitimate Interest (GDPR Art. 6(1)(f)).
Subscription Status — Whether you are a free or Pro subscriber. Managed by RevenueCat to unlock features. Legal basis: Contract Performance (GDPR Art. 6(1)(b)).
Purchase Events — Transaction records for in-app purchases. Processed by Apple App Store and RevenueCat. Legal basis: Contract Performance (GDPR Art. 6(1)(b)).
Video Metadata — Technical properties of imported videos (resolution, frame rate, duration). Extracted locally for display and analysis purposes only. Not transmitted externally.
3.3 Information We Do NOT Collect
We explicitly do not collect:
- Your name, email address, phone number, or any contact information
- Location data or GPS coordinates
- Health or biometric data
- Advertising identifiers (IDFA) or vendor identifiers (IDFV)
- Browsing history or activity on other apps
- Video content, photos, or any user-created media
- Pose estimation results, skeleton data, or joint angle measurements
- Any data that could directly identify you as an individual
4. Third-Party Services
AXIFY integrates with the following services. Below is an exhaustive and transparent list of every third-party SDK included in the App:
4.1 PostHog — Pseudonymous Product Analytics (EU)
- Purpose: Understanding how features are used so we can improve the App, prioritize development, and run product experiments. PostHog is a product-analytics platform; AXIFY uses only its analytics functions (session replay, autocapture, surveys, and other ambient tracking features are explicitly disabled in the App).
- Data Processing Location: European Union (Frankfurt, Germany) —
eu.i.posthog.com. We do not use PostHog's US Cloud. - What we send to PostHog:
- Event names describing in-App actions (e.g.,
Pose.skeletonEnabled,Export.completed,Paywall.viewed). - Event properties describing the context of an action (e.g., the paywall surface, the export type, a numeric magnitude such as session duration). Event properties never include video frames, photos, annotations, pose-estimation data, or any free-text you have typed into the App.
- Super-properties attached to every event:
isPro(subscription state),sport(your chosen sport),skillLevel(your chosen skill level),onboardingCompleted. These are values you have entered into onboarding or that follow from your subscription status; they are sent to enable cohort analysis and are never combined with any directly identifying information by us. - A custom screen-path identifier whenever you navigate between AXIFY screens (e.g.,
library/project/player). This is sent through PostHog's$screenevent and is not captured automatically by the SDK — AXIFY explicitly disables PostHog's automatic screen-view capture and emits the path itself. - Feature-flag exposures (
$feature_flag_called) whenever an experiment or feature flag is evaluated. This lets us measure the effect of experiments without tracking who you are. - Technical context automatically attached by the PostHog SDK to each event: App version and build number; operating-system name and version; device model category (e.g., "iPhone", "Mac"); platform (iOS/macOS); system locale and timezone.
- Event names describing in-App actions (e.g.,
- Identifier: PostHog assigns AXIFY a pseudonymous persistent identifier — a random UUID generated by the PostHog SDK on first launch of the App and stored locally on your device. This identifier is not derived from, nor linked to, your Apple ID, email address, name, IMEI, IDFA, or IDFV. It is regenerated if you delete and reinstall the App. We use it solely to recognize that a sequence of events came from the same device installation so we can compute retention and funnel metrics.
- RevenueCat linkage: To analyze how subscribers use the App, the same pseudonymous PostHog identifier (the
$posthogUserIdattribute) is associated with your anonymous RevenueCat customer record. This lets subscription events (trial started, renewed, cancelled, etc.) appear alongside in-App events for the same device. Neither identifier is linked to your real-world identity by us. - IP address: PostHog receives your IP address at the network level when the App transmits events. PostHog's servers use the IP to enrich events with approximate geographic information (country/region/city level) and, per PostHog's standard configuration, may retain the IP on the event record. We do not use IP information beyond the country/region level for analytics.
- What we do NOT send to PostHog: Your name, email address, Apple ID, payment information, exact location (GPS), IDFA/IDFV, video frames, photos, annotations, pose-estimation skeletons, joint-angle data, voice notes, on-device search terms, or any user-typed text content.
- Disabled PostHog features (App-side configuration): Session replay, autocapture (taps/clicks), application-lifecycle autocapture (we send these ourselves so they can be measured precisely), automatic screen-view capture, surveys, and element-interaction capture are all turned off in the App's PostHog configuration.
- Your Control: Analytics events from development and TestFlight builds are sent to a separate PostHog sandbox project and never reach our production analytics. You can request deletion of the PostHog records linked to your device's pseudonymous identifier by contacting us (see Section 15) — we will use PostHog's person-deletion API to remove them.
- Privacy Policy: https://posthog.com/privacy
- GDPR Status: Because the PostHog identifier is persistent for the lifetime of the App installation on your device, the data PostHog processes for us is treated as pseudonymous personal data under the GDPR (not anonymous). Our legal basis for this processing is Legitimate Interest (GDPR Art. 6(1)(f)) — understanding product usage to improve the App, balanced against your rights through the privacy safeguards described above (no real-world identifiers, no session recording, IP used only for coarse geography, separate sandbox/production projects, and deletion on request). You may object to this processing at any time (see Section 10).
- Data Processing Agreement (DPA): We maintain a Data Processing Agreement with PostHog Inc. in accordance with GDPR Art. 28.
4.2 Sentry — Crash Monitoring & Performance
- Purpose: Detecting, diagnosing, and fixing crashes, errors, and performance issues to maintain app quality and stability.
- Data Processing Location: European Union (Germany) —
*.ingest.de.sentry.io - Data Collected:
- Crash Reports: Stack traces, error messages, exception types, and thread states at the time of a crash or error.
- Performance Data: Transaction traces and response times for app operations.
- Device Context: Operating system version, device model, available memory, battery state, and CPU architecture.
- App State: Whether the app was in foreground or background, current active feature, subscription tier (free/Pro).
- Breadcrumbs: A sequence of recent user interactions and navigation events leading up to a crash (e.g., "opened player," "started export"). These are functional descriptions, not screen recordings.
- App Hangs: Detection of UI thread freezes exceeding 2 seconds.
- MetricKit Data: Apple-provided diagnostic and performance metrics.
- Anonymous Installation ID: A random identifier generated by Sentry on first launch, used solely to correlate crashes from the same device installation. This ID cannot be linked to your Apple ID, name, or any personal account.
- Session Replay (on error only): When a crash or error occurs, a short visual replay of the app state may be captured. All text and all images are fully masked — the replay shows only the layout structure, not your content.
- Screenshots & View Hierarchy (on crash): A screenshot of the app's UI state and its view structure may be captured at the moment of a crash. These use privacy-safe defaults and do not capture your video content or personal data.
- Data NOT Collected by Sentry: Email addresses, usernames, IP addresses (stripped by
sendDefaultPii = false), video content, photos, annotations, pose data, or any user-created content. - Privacy Measures:
sendDefaultPiiis set tofalse— no personally identifiable information is sent by default.- Email and username fields are explicitly stripped before transmission via a
beforeSendhook. - Session Replay masks all text and all images.
- Data Retention: Sentry retains crash and performance data for 90 days by default. We do not extend this period.
- Legal Basis: Legitimate Interest (GDPR Art. 6(1)(f)) — maintaining software quality and resolving crashes is necessary for providing a reliable service. You may object to this processing by contacting us (see Section 15).
- Privacy Policy: https://sentry.io/privacy/
- Data Processing Agreement (DPA): We maintain a Data Processing Agreement with Functional Software, Inc. (Sentry) in accordance with GDPR Art. 28.
4.3 RevenueCat — Subscription Management
- Purpose: In-app subscription and purchase management.
- Data Processing Location: United States
- Data Shared: Anonymous app user ID (generated by RevenueCat), purchase events, subscription status, entitlement information, and transaction identifiers.
- Data NOT Shared: Videos, photos, annotations, pose data, or any user-created content.
- Legal Basis: Contract Performance (GDPR Art. 6(1)(b)) — processing subscription data is necessary to fulfill the service you purchased.
- Data Retention: RevenueCat retains purchase records in accordance with their privacy policy and applicable legal requirements (including tax and accounting obligations).
- Privacy Policy: https://www.revenuecat.com/privacy
- Data Processing Agreement (DPA): We maintain a Data Processing Agreement with RevenueCat, Inc. in accordance with GDPR Art. 28.
4.4 Apple iCloud (CloudKit)
- Purpose: Optional synchronization of your projects, video metadata, annotations, and video files across your Apple devices.
- Data Synced: Project metadata, video metadata, annotations, and video files (to your personal iCloud account only).
- Control: iCloud sync is controlled entirely by your device's system settings. You can disable it at any time via Settings > [Your Name] > iCloud > AXIFY.
- Privacy Policy: https://www.apple.com/legal/privacy/
4.5 Apple App Store
- Purpose: Payment processing for in-app subscriptions.
- Data: All payment information (credit card, billing address) is handled exclusively by Apple. We never receive or store your payment details.
We do not integrate any advertising networks, social media SDKs, or user tracking services.
5. How We Use Your Information
We use the data described above for the following purposes only:
- Providing Core Functionality — Storing your projects, videos, and annotations so you can analyze sports motion.
- Subscription Management — Verifying your subscription status to enable Pro features.
- iCloud Synchronization — Syncing your content across your Apple devices (if you have enabled iCloud for AXIFY).
- Handoff / Continuity — Allowing you to continue viewing a video on another Apple device using Apple's encrypted Handoff protocol.
- Product Improvement — Understanding how features are used (via PostHog pseudonymous product analytics, EU-hosted) to prioritize development and improve the user experience.
- Stability & Quality — Identifying and fixing crashes, errors, and performance issues (via Sentry) to ensure the App works reliably.
We do not use your data for:
- Advertising or ad targeting
- User profiling or behavioral tracking
- Automated decision-making
- Sale to third parties
- Any purpose beyond those listed above
6. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information to any third party.
Your data may only be shared in the following limited circumstances:
- With PostHog — Pseudonymous product-analytics events, as described in Section 4.1. The data is associated with a random device-generated identifier and does not include your real-world identity.
- With Sentry — Crash reports and performance data, as described in Section 4.2. This data contains no personally identifiable information.
- With RevenueCat — Anonymous purchase and subscription data, as described in Section 4.3.
- With Apple — Via iCloud sync (your personal iCloud account) and App Store payment processing.
- With Other Users — Only if you explicitly choose to share a project using the App's sharing feature (powered by CloudKit). You control who receives shared projects.
- Legal Obligations — If required by law, court order, or governmental regulation, we may disclose information to comply with legal obligations.
7. Cross-Border Data Transfers
As a service operated from Japan, your data may be transferred to and processed in the following jurisdictions:
PostHog — Processing location: Germany (EU, Frankfurt). Transfer mechanism: Japan-EU adequacy decision (GDPR Art. 45). APPI Art. 28 compliance via equivalent protection. Data is pseudonymous (random device-generated identifier; no real-world identifiers).
Sentry — Processing location: Germany (EU). Transfer mechanism: Japan-EU adequacy decision (GDPR Art. 45). APPI Art. 28 compliance via equivalent protection.
RevenueCat — Processing location: United States. Transfer mechanism: Standard Contractual Clauses (SCCs) as provided by RevenueCat. APPI Art. 28 compliance via contractual safeguards.
Apple iCloud — Processing location: User's iCloud region. Transfer mechanism: Managed by Apple under Apple's privacy policy and applicable transfer mechanisms.
For users in the EU/EEA/UK: The European Commission has recognized Japan as providing an adequate level of data protection (Adequacy Decision of January 23, 2019). Data transfers between Japan and the EU/EEA are therefore permitted under GDPR Art. 45.
For users in Japan: Cross-border transfers to the EU (Sentry, PostHog) are conducted under APPI's framework recognizing the EU as a jurisdiction with equivalent data protection standards. Transfers to the US (RevenueCat) are conducted with appropriate contractual safeguards in compliance with APPI Article 28.
8. Data Retention
On-Device Data (projects, videos, annotations, preferences) — Retained until you delete them or uninstall the App. You can delete data within the App or by uninstalling.
iCloud Data — Retained per your iCloud storage settings and Apple's policies. You can delete this data via iCloud settings on your device.
PostHog Analytics — Event data associated with a random device-generated identifier. Retained per PostHog's default retention. Contact us to request deletion of events linked to your device's pseudonymous identifier.
Sentry Crash Data — Retained for 90 days from collection. Contact us to request early deletion.
RevenueCat Subscription Data — Retained per RevenueCat's retention policy and applicable legal requirements. Contact RevenueCat or us to inquire.
Apple App Store Purchase Records — Retained per Apple's policies and tax/legal obligations. Contact Apple for details.
9. Data Security
We implement the following security measures:
- On-Device Storage: All data is stored using Apple's SwiftData framework with iOS/macOS-level encryption (Data Protection).
- Encrypted Transit: All communications with PostHog, Sentry, RevenueCat, and iCloud use TLS (Transport Layer Security) encryption.
- No External Servers: We do not operate our own backend servers that store your data. Your content lives on your device and, optionally, in your personal iCloud account.
- No Credentials Stored: We do not store passwords or authentication credentials. Subscription authentication is handled entirely by Apple.
- Sentry Privacy Defaults: Personally identifiable information is not sent (
sendDefaultPii = false). Session Replay fully masks all text and images. Email and username fields are explicitly stripped before transmission. - PostHog Pseudonymization: Events are associated with a random device-generated identifier rather than any real-world identifier. Session replay, autocapture, surveys, and automatic screen-view capture are all disabled in the App's PostHog configuration. Production and development analytics are isolated in separate PostHog projects.
10. Your Rights Under GDPR (European Economic Area) and UK GDPR (United Kingdom)
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), you have the following rights:
- Access (Art. 15) — You may request a copy of the personal data we hold about you.
- Rectification (Art. 16) — You may request correction of inaccurate personal data.
- Erasure (Art. 17) — You may request deletion of your personal data ("right to be forgotten").
- Restriction (Art. 18) — You may request restriction of processing of your personal data.
- Portability (Art. 20) — You may request your data in a structured, machine-readable format.
- Objection (Art. 21) — You may object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.
- Withdraw Consent (Art. 7) — Where processing is based on consent, you may withdraw consent at any time.
Legal Bases for Processing
Subscription management (RevenueCat) — Legal basis: Contract Performance (Art. 6(1)(b)). Necessary to provide the subscription service you purchased.
Crash monitoring (Sentry) — Legal basis: Legitimate Interest (Art. 6(1)(f)). Necessary to maintain software quality and fix defects. Balanced against your rights — we collect minimal data with privacy safeguards.
Pseudonymous analytics (PostHog) — Legal basis: Legitimate Interest (Art. 6(1)(f)). Necessary to understand product usage so we can improve the App, balanced against your rights through the privacy safeguards described in Section 4.1 (random device-generated identifier, no real-world identifiers, session replay/autocapture/surveys disabled, EU hosting, deletion on request).
iCloud synchronization — Legal basis: Consent (Art. 6(1)(a)). You choose to enable iCloud sync via system settings.
Data Controller
Narelio
A sole proprietorship based in Japan
Email: support@narelio.com
The identity of the operator will be disclosed upon legitimate request in accordance with applicable law.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. For EEA residents, you may contact your local Data Protection Authority. For UK residents, you may contact the Information Commissioner's Office (ICO) at https://ico.org.uk/.
To exercise any of these rights, please contact us using the information in Section 15. We will respond within 30 days (or one calendar month under UK GDPR).
11. Your Rights Under CCPA/CPRA (California, USA)
If you are a California resident, you have the following rights:
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months.
- Right to Delete: You may request deletion of personal information we have collected.
- Right to Correct: You may request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. There is no need to opt out.
- Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by the CPRA.
- Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA/CPRA rights.
Categories of Personal Information Collected:
- Identifiers — Not collected. We do not collect names, email addresses, or account identifiers.
- Commercial Information — Collected (limited). Purchase/subscription records via RevenueCat.
- Internet or Network Activity — Collected (limited). Pseudonymous in-App usage events via PostHog (EU-hosted); crash/performance data via Sentry.
- Geolocation — Not collected.
- Biometric Information — Not collected.
- Sensory Data — Not collected. Videos are processed and stored on-device only.
- Professional/Employment Information — Not collected.
- Education Information — Not collected.
- Inferences — Not collected.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
To exercise your CCPA/CPRA rights, please contact us using the information in Section 15.
12. Your Rights Under APPI (Japan / 個人情報保護法)
If you are located in Japan, your personal information is protected under the Act on the Protection of Personal Information (個人情報の保護に関する法律). You have the right to:
- Request Disclosure (開示請求) of the purpose of use and content of your retained personal data.
- Request Correction (訂正請求) of inaccurate personal data.
- Request Cessation of Use (利用停止請求) if your data is being handled in violation of the APPI.
- Request Cessation of Provision to Third Parties (第三者提供停止請求).
Personal Information Handling Business Operator (個人情報取扱事業者)
Business Name (屋号): Narelio
Contact (連絡先): support@narelio.com
The name and address of the operator will be disclosed without delay upon request from the data subject, in accordance with APPI Article 32.
Purpose of Use (利用目的)
- Providing in-app subscription services and feature access management
- Identifying and fixing software crashes and errors (Sentry)
- Understanding pseudonymous product-usage patterns for improvement (PostHog, EU-hosted)
- Optional iCloud data synchronization across your devices
Cross-Border Transfers (外国にある第三者への提供)
In accordance with APPI Article 28, we disclose the following cross-border data transfers:
Functional Software, Inc. (Sentry) — Country: Germany (EU). Data transferred: Crash reports, performance data. Safeguards: EU jurisdiction with equivalent data protection (EU adequacy recognized under APPI).
RevenueCat, Inc. — Country: United States. Data transferred: Subscription/purchase data. Safeguards: Contractual safeguards (DPA) ensuring equivalent protection under APPI Art. 28.
PostHog Inc. (EU) — Country: Germany (EU, Frankfurt). Data transferred: Pseudonymous product-analytics events as described in Section 4.1. Safeguards: EU jurisdiction with equivalent data-protection standards (EU adequacy recognized under APPI); DPA in place under GDPR Art. 28.
Apple Inc. — Country: User's iCloud region / United States. Data transferred: iCloud data, purchase records. Safeguards: Apple's privacy terms and contractual safeguards.
To exercise your rights, please contact us using the information in Section 15.
13. Children's Privacy
AXIFY is not directed at children under the age of 13 (or 16 in the EEA, or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided personal information through the App, please contact us and we will take steps to delete such information promptly.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will:
- Update the "Last Updated" date at the top of this document.
- For material changes, notify you through an in-app notice or update description on the App Store.
We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes constitutes acceptance of the updated Privacy Policy.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or wish to exercise any of your rights described above, please contact us at:
Narelio Email: support@narelio.com
Website: https://axify.narelio.com
We will respond to all legitimate requests within 30 days. For complex requests, we may extend this period by an additional 60 days, in which case we will notify you.