SafeOpen Privacy Policy

The short version

SafeOpen is a free QR scanner and link inspector. Most of the app runs entirely on your device. Two features (AI Summary and Open Safely) call Katafract servers and consume scan credits. This page tells you exactly what each of those calls sends, where it goes, and how long it stays. We don’t hide anything in marketing language.

Free, on-device features (no data sent)

The following operate entirely on your device. They make no network requests and Katafract receives nothing from them:

• QR code and barcode scanning
• Link decoding (URL, Wi-Fi, contact, calendar event, SMS, email, geo, crypto, script, plain text)
• Risk scoring (raw IP detection, punycode lookalike detection, shortened-link detection, unusual port, suspicious tracking parameters, executable script flags, obfuscated content flags, and more)
• Tracking-parameter stripping (UTM, fbclid, gclid, msclkid, and 35+ other identifiers)
• Local scan history, stored only in your device’s app storage. It is never synced to iCloud, never uploaded, and is deleted when you delete the app or tap Clear History.
• Camera frames are processed in memory and never written to disk or transmitted.

Features that send data to Katafract

Two features cost 1 scan credit each and require backend processing.

AI Summary

When you tap AI Summary on a result, the URL you submitted is sent to Katafract’s servers. Our servers fetch the destination page using a Katafract relay node so the destination never sees your IP, then we send the page’s text content to OpenAI’s API to generate a plain-English summary of what the link contains. The summary comes back to your device.

• What we receive: the URL you submitted, your anonymous device ID (see below), the timestamp, and a region hint if your client supplied one. We do not log your IP address against the inspection request.
• What OpenAI receives: the text of the fetched page only. No personal information, no device ID, no IP. OpenAI processes this under their API terms.
• How long we keep it: URLs you submit are written to an audit table for abuse prevention and automatically deleted after 30 days by a scheduled job. The audit row is not linked to your Apple ID or any other identity.

Open Safely

When you tap Open Safely, Katafract opens a short-lived browsing session that fetches the URL from one of our relay nodes and streams the rendered page back to you in an isolated, non-persistent in-app browser. The destination website sees the relay’s IP address, not yours.

• Source IP shown to the destination: your session is assigned a disposable /128 IPv6 address picked at random from the relay node’s /64 prefix. The destination sees only that single address, never your device’s real IP. The address is released back to the pool after 10 minutes (or when you close the browser, whichever comes first) and is not reused for at least 24 hours. Disposable IPv6 is currently active on every Katafract relay region (eu-west, eu-north, us-east, us-west, ap-southeast, ap-northeast, ap-south).
• What we receive: the URL, your anonymous device ID, the relay node serving you, the session ID, and the session expiry. Same 30-day audit window as AI Summary.
• What is not stored: the page content, cookies, local storage, IndexedDB, or any other artifact of the in-app browser session. The session is destroyed at the 10-minute mark or when you close the browser, whichever comes first.

Anonymous device ID

SafeOpen generates a random UUID on first launch and stores it in your device’s Keychain under com.katafract.safeopen / device_id. We use this ID for one purpose: tracking your scan-credit balance on our backend so you can spend credits across app launches without an account. It is not linked to your Apple ID, name, email, or any other personal identifier. You can reset it by deleting and reinstalling the app, but doing so resets your credit balance to a fresh 10 welcome credits.

Scan credits and purchases

Every install starts with 10 free scan credits. We add 10 more free credits every 30 days. If you need more, you can purchase consumable credit packs in the app: Starter ($0.99 for 100), Standard ($2.99 for 500), or Power ($9.99 for 2,500). Credits never expire and there is no subscription.

All purchases are processed by Apple via StoreKit. Katafract does not receive your Apple ID, payment method, billing address, name, or any financial information. After a successful purchase, your iOS app sends Apple’s signed transaction ID to our servers; we verify it directly with Apple’s App Store Server API and then credit your anonymous device ID with the purchased credits. Each transaction can only be redeemed once.

Camera permission

SafeOpen requests camera access for one purpose: scanning QR codes in real time. It does not access your photo library, save images, or use the camera for anything else. You may deny camera permission and use the paste workflow instead.

Third-party services we touch

• Apple StoreKit: handles all credit pack purchases. Subject to Apple’s Privacy Policy.
• OpenAI: generates the AI Summary text from the page content we fetch. Page content only, no personal information. Subject to OpenAI’s Privacy Policy.

SafeOpen contains no advertising SDKs, no analytics frameworks, and no crash-reporting services. We do not sell or share data with anyone for any purpose, including advertising or measurement.

Apple Privacy Nutrition Label

SafeOpen’s App Store Privacy declarations:

• Identifiers (Device ID): collected, not linked to user, not used for tracking. Used for app functionality (credit balance).
• User Content (Other User Content, the URL you submit to AI Summary or Open Safely): collected, not linked to user, not used for tracking. Used for app functionality.
• Purchases: handled entirely by Apple StoreKit. Katafract does not collect financial or transaction history beyond the opaque transaction ID used to grant credits.

Children

SafeOpen is rated 4+ on the App Store and not directed at children under 13. We do not knowingly collect any personal information from children. If you believe a child has used the app and provided personal information, contact us at the address below and we will delete it.

Your data, your control

You can:

• Clear your local scan history at any time from Account → Clear History.
• Delete your anonymous device ID and credit balance by deleting the app. We have no way to delete the audit row earlier than the automatic 30-day window because the row is not linked to your identity, but it is automatically expunged at that mark.
• Email privacy@katafract.com with any privacy question and we will respond within one business day.

Changes to this policy

Material changes will be announced at katafract.com and reflected in an updated effective date above. Continued use after a change constitutes acceptance.

Contact

Privacy questions: privacy@katafract.com

General contact: hello@katafract.com

Katafract LLC, United States