Documentation Index
Fetch the complete documentation index at: https://docs.synheart.ai/llms.txt
Use this file to discover all available pages before exploring further.
Audit date: 2026-05-05
SDK versions audited: Flutter 0.2.1 · Kotlin 0.4.1 · Swift 0.3.0
Auditor: Static code review + manual inspection
Status: ⚠️ Static review passed; dynamic verification (network /
storage / runtime PII inspection) is pending and tracked in the
“Recommended testing” section below.
Executive summary
This privacy audit confirms that the Synheart Behavioral SDK adheres to its privacy-first design principles. The SDK collects ZERO personally identifiable information (PII), ZERO text content, and ZERO screen coordinates. All collected data consists solely of timing-based behavioral metrics.
Audit Findings
| Category | Status | Details |
|---|
| PII Collection | ✅ PASS | No PII collected |
| Text Content | ✅ PASS | No text content captured |
| Screen Coordinates | ✅ PASS | No location data collected |
| Biometric Data | ✅ PASS | No biometric data |
| Device Identifiers | ✅ PASS | Session IDs only (ephemeral) |
| Network Activity | ✅ PASS | No network requests |
| Storage | ✅ PASS | In-memory only, no persistence |
| Permissions | ✅ PASS | No mandatory permissions for core capture; optional permissions for notification / call observation only |
Detailed Audit
1. Data Collection Analysis
1.1 Tap Gesture Collection
Files Audited:
lib/src/behavior_gesture_detector.dartandroid/src/main/java/ai/synheart/behavior/GestureCollector.ktios/Classes/GestureCollector.swift
What is Collected:
- ✅ Tap duration (time between tap down and tap up in milliseconds)
- ✅ Long press detection (taps longer than 500ms)
- ✅ Tap timing patterns
What is NOT Collected:
- ❌ No tap coordinates (X, Y positions)
- ❌ No text content
- ❌ No field names or identifiers
- ❌ No clipboard content (only counts of copy / paste / cut events)
- ❌ No keystroke content (typing events carry timing metrics only — speed, cadence, gap ratio, backspace count — never the characters typed)
Privacy Verification:
Flutter (behavior_gesture_detector.dart):
// Tap events only include duration and long-press flag
BehaviorEvent.tap(
sessionId: sessionId,
tapDurationMs: durationMs,
longPress: isLongPress,
)
// No coordinates, no content, only timing
Files Audited:
android/src/main/java/ai/synheart/behavior/GestureCollector.ktios/Classes/GestureCollector.swift
What is Collected:
- ✅ Scroll velocity (pixels per second)
- ✅ Scroll acceleration (change in velocity)
- ✅ Scroll jitter (variance in velocity)
- ✅ Scroll stop events (timing only)
What is NOT Collected:
- ❌ No scroll position coordinates
- ❌ No screen content
- ❌ No viewport size
- ❌ No URL or content identifiers
Privacy Verification:
Android (GestureCollector.kt:113-155):
// Line 130: Only velocity magnitude is calculated
val velocity = abs(dy - lastScrollY) / timeDelta.toDouble() * 1000.0
// No X/Y coordinates stored, only velocity magnitude
// Line 149: Only offset delta, not absolute position
let offsetDelta = abs(scrollView.contentOffset.y - lastScrollOffset)
let velocity = Double(offsetDelta) / timeDelta * 1000.0
// No coordinate data retained
1.3 Gesture Activity Collection
Files Audited:
android/src/main/java/ai/synheart/behavior/GestureCollector.ktios/Classes/GestureCollector.swift
What is Collected:
- ✅ Tap rate (taps per second)
- ✅ Long press count
- ✅ Drag velocity (magnitude only)
- ✅ Gesture timing
What is NOT Collected:
- ❌ No tap coordinates (X, Y positions)
- ❌ No touch pressure data
- ❌ No finger size/shape
- ❌ No UI element identifiers
Privacy Verification:
Android (GestureCollector.kt:47-81):
// Line 59-66: Only timing tracked
val duration = System.currentTimeMillis() - dragStartTime
if (duration > 500) {
longPressCount++ // Count only, no location
emitLongPressRate()
} else if (duration < 200) {
tapCount++ // Count only, no coordinates
}
// Line 94-98: Only timestamp recorded
let now = Date().timeIntervalSince1970 * 1000
tapTimestamps.append(now) // Time only, NO coordinates
1.4 App Lifecycle & Attention Signals
Files Audited:
android/src/main/java/ai/synheart/behavior/AttentionSignalCollector.ktios/Classes/AttentionSignalCollector.swift
What is Collected:
- ✅ Foreground/background state transitions
- ✅ Foreground duration (time in milliseconds)
- ✅ App switch count
- ✅ Idle gap detection (timing only)
What is NOT Collected:
- ❌ No app names or identifiers
- ❌ No package names of other apps
- ❌ No notification content
- ❌ No system state information
Privacy Verification:
Android (AttentionSignalCollector.kt:54-74):
// Line 64-73: Only direction and timing recorded
emitAppSwitch(direction: "foreground", duration: backgroundDuration)
// No app identifiers, just state change timing
// Line 98-105: Only state and duration
emitAppSwitch(direction: "foreground", duration: backgroundDuration)
// No external app information captured
2. Data Storage & Transmission
2.1 In-Memory Storage Only
Files Audited:
- All collector classes (
GestureCollector, AttentionSignalCollector, etc.)
Findings:
- ✅ All data stored in memory only (Lists, Maps, Arrays)
- ✅ No file system writes
- ✅ No database storage
- ✅ No SharedPreferences/UserDefaults usage
- ✅ No cloud synchronization
Code Examples:
Flutter:
// Events stored in memory only, no persistence
final List<BehaviorEvent> _events = [];
// Events are automatically cleaned up when session ends
2.2 Network Transmission
Files Audited:
Findings:
- ✅ No network API calls
- ✅ No HTTP/HTTPS requests
- ✅ No socket connections
- ✅ No external service dependencies
- ✅ All processing is local
Verification:
# Search for network-related imports/classes
grep -r "HttpURLConnection\|URLSession\|Retrofit\|Alamofire" android/ ios/
# Result: No matches found
3.1 Android Permissions
File Audited: android/src/main/AndroidManifest.xml
Declared Permissions: None
Implicit Permissions Used:
- None (Activity lifecycle callbacks are standard, no permission needed)
Not Required:
- ❌ INTERNET
- ❌ READ_EXTERNAL_STORAGE
- ❌ WRITE_EXTERNAL_STORAGE
- ❌ ACCESS_FINE_LOCATION
- ❌ CAMERA
- ❌ RECORD_AUDIO
- ❌ READ_CONTACTS
✅ CONFIRMED: No mandatory permissions for core gesture capture. The SDK ships with optional integrations for notification observation (POST_NOTIFICATIONS / BIND_NOTIFICATION_LISTENER_SERVICE on Android, UNUserNotificationCenter on iOS) and call observation (READ_PHONE_STATE on Android, CXCallObserver on iOS) — the host app declares these only if it enables those signals.
3.2 iOS Permissions
File Audited: ios/Classes/Info.plist (would be in host app)
Required Permissions: None
Not Required:
- ❌ NSLocationWhenInUseUsageDescription
- ❌ NSCameraUsageDescription
- ❌ NSMicrophoneUsageDescription
- ❌ NSContactsUsageDescription
- ❌ NSPhotoLibraryUsageDescription
✅ CONFIRMED: No privacy-sensitive permissions required.
4. Session Identifier Analysis
Files Audited:
lib/src/synheart_behavior.dartandroid/src/main/java/ai/synheart/behavior/BehaviorSDK.ktios/Classes/BehaviorSDK.swift
Session ID Format:
// lib/src/synheart_behavior.dart:84
final sessionIdToUse = sessionId ??
'${_config.sessionIdPrefix ?? 'SESS'}-${DateTime.now().millisecondsSinceEpoch}';
- ✅ Ephemeral (generated per session)
- ✅ Time-based, not device-based
- ✅ No device identifiers (IMEI, MAC address, etc.)
- ✅ Not linked to user identity
- ✅ Can be customized by developer
Privacy Assessment:
- Session IDs are NOT persistent device identifiers
- They CANNOT be used to track users across sessions
- They are LOCAL to the app instance
✅ CONFIRMED: Session IDs are privacy-safe.
5. Third-Party Dependencies
Files Audited: pubspec.yaml, Android build.gradle, iOS Podfile
Flutter Dependencies:
dependencies:
flutter:
sdk: flutter
- Android: None (only standard Android SDK)
- iOS: None (only standard iOS frameworks)
✅ CONFIRMED: No third-party tracking libraries or analytics SDKs.
6. Compliance Assessment
6.1 GDPR Compliance (EU)
| Requirement | Status | Notes |
|---|
| Lawful Basis | ✅ PASS | Legitimate interest (app functionality) |
| Data Minimization | ✅ PASS | Only timing metrics collected |
| Purpose Limitation | ✅ PASS | Data used only for behavioral analysis |
| Storage Limitation | ✅ PASS | In-memory only, automatic cleanup |
| Right to Erasure | ✅ PASS | Data cleared on session end/app close |
| Data Portability | ✅ PASS | Data available via getCurrentStats() |
| Privacy by Design | ✅ PASS | Privacy-first architecture |
6.2 CCPA principles (California)
| Principle | Design alignment |
|---|
| Personal information | None collected by the SDK |
| Sale of data | SDK does not transmit or sell data |
| Right to know | This page documents what is collected |
| Right to delete | Data is in-memory and cleared on session end |
| Opt-out | Each signal type can be disabled via BehaviorConfig |
6.3 COPPA principles (children’s privacy)
The SDK collects no PII and emits no child-specific data. Whether
COPPA applies depends on how the host app uses the SDK and the user
population it serves; consult counsel for your specific deployment.
6.4 iOS App Tracking Transparency (ATT)
The SDK does not perform cross-app or cross-website tracking, does
not collect device identifiers, and does not share data with
ad-network brokers. Whether your host app needs to present an ATT
prompt depends on the rest of the app’s behavior, not on this SDK
alone.
6.5 Android Privacy Sandbox
The SDK does not use advertising IDs, does not perform cross-app
tracking, processes data locally, and does not share data with third
parties. Privacy Sandbox restrictions therefore do not apply to the
SDK’s collection paths.
7. Privacy Risks & Mitigation
Identified Risks
| Risk | Severity | Mitigation | Status |
|---|
| Behavioral fingerprinting | LOW | No cross-session tracking, ephemeral IDs | ✅ Mitigated |
| Memory inspection | LOW | In-memory data cleared on session end | ✅ Mitigated |
| Event replay attacks | LOW | No authentication, events are timestamped | ✅ Mitigated |
8. Recommendations
- ✅ Update Privacy Policy: Document SDK data collection clearly
- ✅ User Transparency: Inform users about behavioral signal collection
- ✅ Consent Mechanism: Provide opt-in/opt-out configuration
- ⚠️ Privacy Documentation: Include in app store descriptions
Best Practices for Implementation
// Provide user control
final config = BehaviorConfig(
enableInputSignals: userAcceptsGestures, // User consent for tap/scroll/swipe
enableAttentionSignals: userAcceptsLifecycle, // User consent
enableMotionLite: false, // Disabled by default
);
final behavior = await SynheartBehavior.initialize(config: config);
Privacy Notice Template
Our app uses behavioral analytics to improve your experience. We collect:
- Tap timing patterns (not tap locations)
- Scroll patterns (not screen coordinates)
- App usage patterns (not other apps)
We DO NOT collect:
❌ Text you type
❌ Tap locations
❌ Personal information
❌ Device identifiers
❌ Keystroke content
All data is processed locally on your device and never leaves your device.
9. Security Considerations
Data in Transit
✅ N/A - No network transmission
Data at Rest
✅ In-memory only - No persistent storage
Data Access Control
✅ App-local - Data accessible only to host app
Encryption
⚠️ Not required - No sensitive data, in-memory only
10. Testing & Validation
- ✅ Code inspection — all collection paths in
lib/, the
iOS MotionSignalCollector.swift, and the Android
BehaviorSDK.kt were reviewed manually for PII / text / screen
content collection.
Pending dynamic verification
The static review covers what the code says it does. The following
runtime checks are intended to confirm what the binaries actually do
in production builds; they have not been completed yet:
- Runtime memory inspection to verify no PII reaches in-process
buffers.
- Network capture (Wireshark / Charles Proxy) to verify zero
outbound activity from the SDK module.
- Device storage inspection after SDK use to verify no persistent
storage is created.
Recommended testing
- Network Monitoring: Use Wireshark to confirm zero network activity
- Storage Inspection: Check device storage after SDK use
- Memory Dumps: Analyze memory to confirm no text content
- Permissions Test: Verify no runtime permission requests
Summary
Per the static review:
- No PII — no personally identifiable information is captured.
- No content — no text, images, microphone audio, or screen
content.
- Local processing — all computation happens on-device; the SDK
makes no outbound network calls.
- Ephemeral storage — data lives in process memory and is
cleared on session end.
- No special permissions — basic gesture / interaction signals
require no Android or iOS runtime permissions; notification and
call observation are opt-in and gated by the host’s permission
prompts.
- Designed around GDPR / CCPA / COPPA principles — see §6.
This is a static review, not a third-party certification. Dynamic
verification (network capture, memory inspection, storage inspection)
is listed as pending work in §10. Whether your specific deployment
satisfies a particular regulation depends on how you wire consent in
the host app.
- ✅ Children’s apps (COPPA-compliant)
Appendix: Privacy Checklist
Report Version: 1.0
Last Updated: 2026-05-05
Next Audit: Recommended after major version changes