1. Overview
CrossDraw ("we", "the app") is an interactive educational simulator for hockey players and coaches. We treat your data with the same precision we expect on the ice — minimal, transparent, and on your terms.
This policy explains exactly what is sent off the device, why, and what stays local.
2. What stays on your device
The vast majority of CrossDraw runs entirely on-device. The following are stored locally in UserDefaults and never transmitted:
- Your training stats (Level, XP, per-module accuracy)
- Your settings (haptics on/off, sound on/off, dominant-hand preference)
- Your onboarding completion flag
You can wipe this data at any time from Profile → Reset.
3. What is sent off-device
To keep the app up to date and to deliver opt-in push notifications, CrossDraw uses two third-party services:
3.1 OneSignal (push notifications)
If — and only if — you accept the iOS notification permission prompt, OneSignal stores a push token associated with an anonymous identifier (your device's IDFV). This lets us send onboarding tips and important update reminders. We do not use OneSignal for marketing tracking, advertising IDs, or behavioural analytics. You can revoke permission any time in iOS Settings.
- Data sent: anonymous IDFV, push token, app version, OS version.
- Provider policy: onesignal.com/privacy_policy.
3.2 Update sync (CrossDraw worker)
On launch the app POSTs the following fields to https://crossdraw.site/api/sync so we can tell you when a new version is available:
device_push_token— the OneSignal subscription ID, or your IDFV if push is denied. Used as a stable opaque key.bundle_identifier— the App Store bundle ID (so a single endpoint can serve multiple apps).app_version— your installed build number.
The sync endpoint logs only standard CDN access lines (timestamp, IP, user-agent). No personal data is collected from you beyond what is listed above.
4. What we do not collect
- No name, email or account — there is no sign-up.
- No location, contacts, photos, microphone or camera access.
- No IDFA / advertising identifier. We do not call
ATTrackingManager. - No analytics SDKs (no Firebase, no Mixpanel, no Amplitude, no Sentry, etc.).
For App Store privacy questionnaire purposes, our tracking declaration is "No".
5. Children
CrossDraw is suitable for ages 4+. We do not knowingly collect any personal data from children. If a parent or guardian believes that data was collected in error, contact us and we will delete it promptly.
6. Your rights
Because we do not store any personal information about you on our servers, there is nothing for us to delete or export on request. You can:
- Wipe local data via Profile → Reset in the app.
- Delete CrossDraw to remove all local data immediately.
- Revoke push notifications via iOS Settings → Notifications → CrossDraw.
7. WebView updates
If our sync endpoint signals that your installed build is critically out of date, CrossDraw will open an in-app WebView pointed at the update endpoint. The WebView uses the standard WKWebView data store, scoped to the app sandbox. Cookies and local storage from that WebView do not leak into Safari or other apps.
8. Changes to this policy
If we materially change this policy we will update the "Last updated" date at the top and ship a new app version. The current policy is always available at crossdraw.site/privacy.
9. Contact
Questions about privacy? Email privacy@crossdraw.site. We respond within 24 hours, Monday-Friday.