Privacy Policy
TL;DR. JobPax is local-first. Your jobs, clients, photos, estimates, invoices, and signatures stay on your device. We do not run a backend, we do not have accounts, we do not collect or sell your data.
The only data that ever leaves your device is what you share through the OS share sheet, plus two strictly opt-in feeds — crash reporting and anonymous analytics — both off by default in Settings → About.
What we collect
Data stored on your device only
JobPax stores the following on your device, in app-private storage that no other app and no remote system can read:
- Business profile (name, contact, logo, brand colour, signature).
- Clients, properties, jobs, photos, checklists, estimates, invoices, payments, reports, reminders.
- Photos taken with the in-app camera or imported from your photo library, including markup you draw on them.
- Theme preference, last-opened route, draft job state.
This data is never transmitted off your device by JobPax itself. The only ways data leaves your device are:
- You explicitly export it — via the share sheet (PDF, photo, backup zip, CSV). The destination is up to you.
- Optional crash reporting and analytics, if you turn them on — see below.
- In-app purchase processing through Apple, Google, and RevenueCat — see below.
Crash reporting (Sentry, off by default)
If you turn this on, JobPax sends crash reports to Sentry when the app encounters an unhandled error. Each report contains:
- The crash stack trace (function names, line numbers).
- Device model, OS version, app version.
- A short breadcrumb log of the last few in-app actions ("opened Jobs tab", "tapped Save"), with values stripped.
We configure Sentry's SDK to scrub email addresses, phone numbers, addresses, names, network payloads, photo URIs, and SQL query parameters before transmission. We do not attach session video, screenshots, or device identifiers.
Anonymous analytics (PostHog, off by default)
If you turn this on, JobPax sends event names to PostHog ("opened report builder", "exported PDF", "hit free-tier limit") so we can understand which features are used. Each event includes the event name, an anonymous device-scoped identifier, coarse locale, and app version. We do not send client names, job titles, addresses, photos, financial data, or any identifier we could use to contact you.
You can turn either or both off at any time in Settings → About, and you can request deletion of collected analytics data by emailing the address at the bottom of this page with your device identifier (visible in Settings → About → Diagnostic info).
Subscription processing (RevenueCat)
The optional JobPax Pro tier runs through Apple in-app purchases, with receipt validation handled by RevenueCat. When you purchase or restore a plan, RevenueCat receives an anonymous app-generated identifier, the store receipt, and your store country, and returns an entitlement flag (Pro: yes/no, expiry) which we cache on your device. We never see your payment details, card number, or Apple ID. If you never purchase, no purchase data exists.
What we do not collect
JobPax does not:
- Require an account or email address to use.
- Have a backend server holding your data.
- Track your location in the background.
- Read your contacts, calendar, or other apps' data.
- Show ads, embed third-party trackers, or share data with advertisers.
- Sell, trade, or rent any data to anyone, ever.
- Use AI models on your photos or text remotely. (We run on-device image manipulation for thumbnails and PDFs — that stays local.)
Permissions
| Permission | Why | Required? |
|---|---|---|
| Camera | Capturing job-proof photos. | Optional — you can import from your library instead. |
| Photo library (read/write) | Importing existing photos and saving exported reports. | Optional. |
| Notifications (local only) | Job-soon, invoice-due, monthly backup nudge. All scheduled on your device. | Optional. |
| Location, "while in use" | Stamping GPS coordinates onto photo metadata when EXIF doesn't already contain it. | Optional, off by default. |
| Biometrics (Face ID / Touch ID / fingerprint) | Optional app lock. | Optional. |
Children's privacy
JobPax is intended for adult professionals. Because there is no account and no server, we cannot identify users by age, but we do not knowingly target or design the app for anyone under 13 (US) / 16 (EU).
Your data, your control
- Export. Settings → Backup → "Export backup" produces a zip containing every job, client, photo, and signature.
- Delete. Uninstalling the app removes all in-app data. Settings → About → "Erase all data" hard-deletes everything but keeps the app installed.
- Move. Install JobPax on a new device, restore from your backup zip, done.
If you opted into crash reporting or analytics, contact us to request deletion of any data tied to your anonymous device identifier.
Changes to this policy
If we add a feature that changes how data is handled, we will update this page and surface a one-time in-app notice the next time you open the app. We will not enable any new transmission of data without explicit consent.
Contact
Questions, deletion requests, or concerns: Support page.