Hey Labs

Privacy Policy

Last updated: May 4, 2026

In short: Your clips stay on your devices. CopySafe never uploads your clipboard content. We use a small number of privacy-respecting services to handle crashes, anonymous product analytics, and the in-app paywall — none of them ever see what you copy, and none are used for cross-app advertising. You can turn off all analytics in Settings → Privacy → Analytics.

What CopySafe Does

CopySafe is a clipboard manager for iPhone, iPad, and Mac. It saves the things you copy — text, links, images, files — into a local history on your device so you can find them again later. Your clip history lives on your device. It is not uploaded to our servers — we don't run any.

Data We Collect

CopySafe is designed to collect as little as possible. The short list:

  • Identifiers (anonymous): a device ID and a user ID, both generated locally and not linked to any personally identifiable information. We do not use these for cross-app tracking. No ATT prompt is shown.
  • Usage data: product interaction events (taps, screens viewed, paywall events) and other usage signals (onboarding progress, milestones). No clip content ever appears in these events.
  • Diagnostics: crash reports and basic performance data, so we can fix bugs.
  • Purchases: subscription / purchase status (active, cancelled, expired) so the app knows whether to unlock Pro features. Payment details are handled entirely by Apple (StoreKit) on iOS / iPadOS, and by Paddle on macOS — we never see your card.

These categories match exactly what we declare in App Store Connect under App Privacy.

What We Do NOT Collect

  • Your clip content. Text, images, files, and anything else you copy never leave your devices except for direct, encrypted LAN sync between your own paired devices (see below).
  • Email, name, phone number, or postal address.
  • Photos, contacts, microphone, or precise location.
  • Health, financial, or biometric data.
  • Anything used to track you across other apps or websites — we do not show an ATT prompt because we don't do that kind of tracking.

Clipboard Access

CopySafe reads your clipboard to save items to your local history. This happens:

  • When you use the CopySafe keyboard
  • When you open the app
  • When Background Mode (PiP) is enabled
  • When you use the Quick Capture shortcut
  • When you share content via the Share Extension
  • On Mac, when CopySafe is running in the menu bar

Clipboard data is stored exclusively on your device in an encrypted App Group container. It is never uploaded to our servers — we don't have any.

Cross-Device Sync (LAN-Only)

CopySafe can sync your clip history between your own iPhone, iPad, and Mac when they are on the same local network. This sync uses Bonjour for discovery and an encrypted peer-to-peer channel between devices you have paired. Clips are never routed through any server we operate — they go directly from one of your devices to another, on your network.

Pairing keys are stored in the system Keychain on iOS / iPadOS and via DPAPI on Windows builds. They are not shared with us or any third party.

iCloud Key-Value Store

CopySafe uses Apple's iCloud Key-Value Store for two narrow purposes:

  • Sync of small app settings (e.g. preferences, toggles) across your own devices.
  • Sync of the anonymous RevenueCat user ID, so a Pro purchase made on one of your devices is recognized on your other devices.

Your clip content is not stored in iCloud KVS. Clip sync is LAN-only (above).

Third-Party Services

These are the third-party services CopySafe connects to. None of them ever receive your clip content.

Sentry — crash & performance reporting

  • Vendor: Functional Software, Inc. (Sentry), San Francisco, USA.
  • Purpose: report crashes and performance issues so we can fix them.
  • Data shared: stack traces, OS version, app version, anonymous device ID. No clip content. No email.
  • Privacy: sentry.io/privacy.

Amplitude — product analytics & A/B testing

  • Vendor: Amplitude, Inc., San Francisco, USA.
  • Purpose: anonymous product analytics and A/B testing of in-app experiences (e.g. onboarding variants).
  • Data shared: anonymous device ID, anonymous user ID (a non-PII identifier generated by RevenueCat), event names, event properties (e.g. clip category, paywall placement name, onboarding step). No clip content. No email. No names.
  • Not used for cross-app advertising tracking.
  • Privacy: amplitude.com/privacy.

Superwall — paywall rendering & A/B testing

  • Vendor: Superwall Inc., San Francisco, USA.
  • Purpose: remote configuration and rendering of in-app paywalls, A/B testing of paywall designs.
  • Data shared: anonymous device / user identifiers, paywall view and interaction events, product identifiers, transaction outcomes (purchase / cancel / trial).
  • Not used for cross-app advertising tracking.
  • Privacy: superwall.com/privacy.

RevenueCat — subscription management

  • Vendor: RevenueCat, Inc., USA.
  • Purpose: validate App Store / Paddle receipts and sync Pro entitlement across your own devices.
  • Data shared: anonymous user ID, transaction receipts (from Apple / Paddle), entitlement state.
  • Privacy: revenuecat.com/privacy.

Paddle — Mac DMG payments

  • Vendor: Paddle.com Market Limited, UK (Merchant of Record for the Mac DMG version).
  • Purpose: process payments and tax compliance for the Mac DMG version of CopySafe.
  • Data shared: only what you provide at checkout (email, billing details). We don't see your card. Paddle is the merchant of record.
  • Privacy: paddle.com/legal/privacy.

Apple StoreKit & CloudKit

  • StoreKit handles all in-app purchases on iOS / iPadOS / Mac App Store. We never see your payment details.
  • CloudKit is used only via the iCloud Key-Value Store described above (settings + RevenueCat user ID). It is not used to sync clip content.

Analytics Opt-Out

You can disable all analytics and crash reporting at any time:

Settings → Privacy → Analytics (in the CopySafe app).

Turning this off stops Amplitude and Sentry from sending any data. Your subscription state still syncs (otherwise Pro features wouldn't work across your devices), but no product-analytics or crash events are sent.

Keyboard Extension & Full Access

CopySafe's iOS keyboard requires "Allow Full Access" to read the clipboard. This is an iOS requirement — without it, the keyboard cannot access copied text. Full Access does not give CopySafe access to your keystrokes, passwords, or any other input. It only enables clipboard reading.

Sensitive Data

CopySafe automatically detects verification codes (OTP) and password-like strings. These are marked as sensitive and auto-deleted after a configurable time period (default: 5 minutes). Detection happens locally on your device.

Data Storage & Encryption

  • Clip history is stored locally using Apple's SwiftData framework on iOS / iPadOS / Mac.
  • Data lives in a shared App Group container accessible only by CopySafe and its extensions.
  • Stored data (database and files) is encrypted at rest using iOS Data Protection (NSFileProtectionCompleteUntilFirstUserAuthentication).
  • LAN sync between your own devices uses an encrypted peer-to-peer channel.
  • You can delete all clip data at any time: Settings → Clear All History.
  • Uninstalling the app removes all locally stored data permanently.

Your Rights (GDPR / CCPA)

You have the right to:

  • Access a copy of any data we hold about you.
  • Delete your data — for clip history, this happens immediately and locally via Settings → Clear All History; for analytics, email us and we will delete the anonymous identifier.
  • Opt out of analytics at any time (Settings → Privacy → Analytics).
  • Object to or restrict processing.

To exercise any of these rights, email contact@heylabs.co. CCPA: we do not sell your personal information.

Children's Privacy

CopySafe is rated 4+. We do not knowingly collect personal information from children, and the app is not directed at children. If you believe a child has provided us with personal information, contact us and we will delete it.

Changes to This Policy

We may update this policy from time to time. Significant changes will be reflected on this page with an updated "Last updated" date.

Contact

Questions about this policy? Email us at contact@heylabs.co.