Privacy Policy
Last Updated: February 16, 2026
Overview
Drydown ("the App") is a fragrance collection management application. We are committed to protecting your privacy. This policy explains what data the App collects, how it's used, and your choices.
Key Points:
- We do not have user accounts — there is no sign-up or login
- Your collection data stays on your device with optional cloud backup
- We do not sell or share your personal data
- AI features send fragrance-related queries (never personal information) to third-party services
- A lightweight proxy service we operate handles AI requests for users without their own API keys
Data Collection and Storage
Data Stored Locally on Your Device
The App stores the following data locally on your device:
- Fragrance Collection: Brand names, fragrance names, notes, concentrations, bottle sizes, fill levels, purchase dates, prices, and photos you add
- Wear Journal: Dates, times, ratings, notes, and occasions for each wear entry
- Wishlist Items: Fragrances you're interested in purchasing, including prices, retailer information, and notes
- Layering Combinations: Saved fragrance pairings with ratings and notes
- Achievements: Progress toward collection and wearing milestones
- App Preferences: Theme settings, font preferences, notification settings
- AI Usage Counters: Monthly and daily counters of AI feature usage, stored locally for enforcing fair-use limits. These are never sent to external services.
Cloud Sync & Backup
The App offers optional cloud sync to keep your data across devices. On iOS, this uses your private iCloud container via Apple's CloudKit. On Android, you can back up to Google Drive. In both cases:
- Only you can access this data
- The cloud provider manages the infrastructure
- We (the developers) have no access to your synced data
- You can disable sync in your device settings
Secure Storage
API keys for third-party AI services (if you choose to configure them) are stored in your device's secure credential storage (Keychain on iOS, EncryptedSharedPreferences on Android).
Device Identifier
The App generates a random device identifier (UUID) stored in your device's Keychain. This identifier:
- Is used solely for rate-limiting AI requests through our proxy service
- Is not linked to your Apple ID, name, email, or any personal information
- Cannot be used to identify you as a person
- Is never shared with third parties
Third-Party Services
Drydown AI Proxy Service
For users who do not provide their own API keys, AI-powered features are routed through a proxy service we operate at api.drydown.app (hosted on Cloudflare Workers). This proxy:
- Receives your fragrance-related queries, photos (for identification only), and your device identifier
- Forwards requests to the AI provider (currently OpenRouter) and returns responses
- Does not store your queries, photos, or responses — it only forwards and returns them in real time
- Uses your device identifier for rate-limiting to prevent abuse
- Is authenticated using HMAC signatures to prevent unauthorized access
If you provide your own API key (BYOK), the App communicates directly with the AI provider and the proxy is not involved.
On-Device AI
The App can use on-device machine learning for basic recommendations. This processing happens entirely on your device with no data sent externally.
Google Gemini (Optional — BYOK)
If you configure a Gemini API key, the App sends fragrance-related queries directly to Google's servers for enhanced AI features including:
- Fragrance identification from photos
- Personalized recommendations
- Layering suggestions
- Collection gap analysis
What is sent: Fragrance names, notes, your query text, and photos (for identification only)
What is NOT sent: Your personal information, location data, or full collection history
Google's privacy policy applies to their processing: policies.google.com/privacy
OpenAI (Optional — BYOK)
If you configure an OpenAI API key, similar fragrance-related data is sent directly to OpenAI's servers for AI processing.
OpenAI's privacy policy applies: openai.com/privacy
Important: When using your own API keys (BYOK), we never see your API keys or the data you send to these services. Your keys are stored only in your device's secure storage.
Weather Data (Open-Meteo)
To provide weather-based fragrance recommendations, the App sends your device's location coordinates to the Open-Meteo weather API (api.open-meteo.com). Open-Meteo:
- Receives your latitude and longitude to return current weather conditions
- Does not require an API key or user account
- Does not track individual users
Open-Meteo's terms of service: open-meteo.com/en/terms
Your location is used only to fetch weather data and is not stored by the App beyond the current session. Weather responses are cached on your device for 30 minutes. You can disable location access in your device settings, and the App will continue to function without weather-based features.
Image Search (DuckDuckGo)
When you search for fragrance product photos within the App, it queries DuckDuckGo's image search API with:
- The fragrance brand name and fragrance name
- Generic search terms (e.g., "fragrance perfume bottle")
DuckDuckGo may log this query per their privacy policy: duckduckgo.com/privacy
Downloaded images are cached locally on your device. No personal information is included in the search query.
Newsletter (Website Only)
If you subscribe to the Drydown newsletter on our website, we collect your email address. Newsletter delivery is handled by Buttondown, a third-party email service. Your email address:
- Is used solely to send product updates and announcements
- Is stored by Buttondown on their servers
- Is never shared with other third parties
- Can be unsubscribed at any time via a link in each email
Buttondown's privacy policy applies: buttondown.com/legal/privacy
On-Device Features
On-Device Search Indexing
Your fragrance collection is indexed for quick search access (Spotlight on iOS, App Search on Android). The index includes fragrance names, brands, notes, seasons, and thumbnail images. This index:
- Is stored entirely on your device
- Is managed by the operating system and never sent to external services
- Can be managed in your device's search settings
Widgets
If you use Drydown widgets on your Home Screen or Lock Screen, the App displays:
- Your current wearing streak and collection statistics
- AI-generated daily fragrance recommendations
- Quick-log shortcuts for favorite fragrances
Widget data is stored in a shared local container on your device and is never sent to external services.
Notifications
Reminders and recommendations are generated and scheduled entirely on your device using native notification APIs. Notification content may reference fragrance names from your collection, streak counts, weather conditions, or collection milestones. No notification data is sent to external services.
Sharing
You can share your Scent DNA profile (a personalized fragrance personality visualization) or export your collection data via your device's native share sheet. Shared content is sent only to the app or service you select (Messages, Mail, social media, etc.) and is never sent to Drydown servers.
Device Permissions
| Permission | Purpose | Required? |
|---|---|---|
| Camera | Photograph fragrance bottles for AI identification | Optional |
| Photo Library | Select existing photos of fragrances | Optional |
| Location | Get local weather for recommendations | Optional |
| Notifications | Remind you to log wears, alert forgotten fragrances | Optional |
You can deny any permission and still use core App features. Permissions can be changed anytime in your device settings.
In-App Purchases and Subscriptions
Drydown offers optional Pro subscriptions processed entirely through your platform's app store (Apple App Store on iOS, Google Play on Android). The store provider:
- Handles all payment processing and transaction verification
- Manages all financial data
- Never shares your payment details with Drydown
The App only receives confirmation of your subscription status to determine feature access. We do not collect, store, or have access to your payment information.
Promotional codes are validated locally on your device and do not involve any server communication.
Data You Control
Export Your Data
You can export your complete collection at any time:
- CSV Export: Spreadsheet-compatible format
- JSON Export: Full data backup
Delete Your Data
- Delete individual fragrances, wear entries, or wishlist items within the App
- Delete all App data via Settings > Delete All Data
- Uninstalling the App removes all local data
- To remove cloud data: manage your iCloud storage (iOS) or Google Drive backup (Android) in your device settings
Children's Privacy
The App is not directed at children under 13. We do not knowingly collect data from children.
Analytics and Tracking
The App does not include:
- Third-party analytics SDKs
- Crash reporting services
- Advertising frameworks
- Cross-app or cross-site tracking
- Fingerprinting
We do not track you across other companies' apps or websites.
Data Security
- Local data is protected by your device's security (passcode, Face ID, Touch ID)
- Cloud sync data is encrypted in transit and at rest by the platform provider
- API keys are stored in your device's secure credential storage with hardware-backed encryption
- Proxy communication uses HTTPS encryption and HMAC authentication
- The proxy service does not persist any user data
Changes to This Policy
We may update this policy to reflect App changes. The "Last Updated" date will be revised. Continued use of the App constitutes acceptance of the updated policy.
Contact
If you have questions about this privacy policy or the App's data practices:
Email: [email protected]
Website: drydown.app/privacy