> ## Documentation Index > Fetch the complete documentation index at: https://docs.synheart.ai/llms.txt > Use this file to discover all available pages before exploring further. # Behavior SDK privacy audit > Privacy properties of the Synheart Behavior SDK — what is and is not collected **Audit date**: 2026-05-05 **SDK versions audited**: Flutter 0.2.1 · Kotlin 0.4.1 · Swift 0.3.0 **Auditor**: Static code review + manual inspection **Status**: ⚠️ Static review passed; dynamic verification (network / storage / runtime PII inspection) is pending and tracked in the "Recommended testing" section below. ## Executive summary This privacy audit confirms that the Synheart Behavioral SDK adheres to its privacy-first design principles. **The SDK collects ZERO personally identifiable information (PII), ZERO text content, and ZERO screen coordinates.** All collected data consists solely of timing-based behavioral metrics. ### Audit Findings | Category | Status | Details | | ---------------------- | ------ | -------------------------------------------------------------------------------------------------------- | | **PII Collection** | ✅ PASS | No PII collected | | **Text Content** | ✅ PASS | No text content captured | | **Screen Coordinates** | ✅ PASS | No location data collected | | **Biometric Data** | ✅ PASS | No biometric data | | **Device Identifiers** | ✅ PASS | Session IDs only (ephemeral) | | **Network Activity** | ✅ PASS | No network requests | | **Storage** | ✅ PASS | In-memory only, no persistence | | **Permissions** | ✅ PASS | No mandatory permissions for core capture; optional permissions for notification / call observation only | *** ## Detailed Audit ### 1. Data Collection Analysis #### 1.1 Tap Gesture Collection **Files Audited:** * `lib/src/behavior_gesture_detector.dart` * `android/src/main/java/ai/synheart/behavior/GestureCollector.kt` * `ios/Classes/GestureCollector.swift` **What is Collected:** * ✅ Tap duration (time between tap down and tap up in milliseconds) * ✅ Long press detection (taps longer than 500ms) * ✅ Tap timing patterns **What is NOT Collected:** * ❌ No tap coordinates (X, Y positions) * ❌ No text content * ❌ No field names or identifiers * ❌ No clipboard *content* (only counts of copy / paste / cut events) * ❌ No keystroke content (typing events carry timing metrics only — speed, cadence, gap ratio, backspace count — never the characters typed) **Privacy Verification:** **Flutter (behavior\_gesture\_detector.dart):** ```dart theme={null} // Tap events only include duration and long-press flag BehaviorEvent.tap( sessionId: sessionId, tapDurationMs: durationMs, longPress: isLongPress, ) // No coordinates, no content, only timing ``` ✅ **CONFIRMED**: No text content, coordinates, or keystroke data is captured or stored. *** #### 1.2 Scroll Dynamics Collection **Files Audited:** * `android/src/main/java/ai/synheart/behavior/GestureCollector.kt` * `ios/Classes/GestureCollector.swift` **What is Collected:** * ✅ Scroll velocity (pixels per second) * ✅ Scroll acceleration (change in velocity) * ✅ Scroll jitter (variance in velocity) * ✅ Scroll stop events (timing only) **What is NOT Collected:** * ❌ No scroll position coordinates * ❌ No screen content * ❌ No viewport size * ❌ No URL or content identifiers **Privacy Verification:** **Android (GestureCollector.kt:113-155):** ```kotlin theme={null} // Line 130: Only velocity magnitude is calculated val velocity = abs(dy - lastScrollY) / timeDelta.toDouble() * 1000.0 // No X/Y coordinates stored, only velocity magnitude ``` **iOS (GestureCollector.swift:141-176):** ```swift theme={null} // Line 149: Only offset delta, not absolute position let offsetDelta = abs(scrollView.contentOffset.y - lastScrollOffset) let velocity = Double(offsetDelta) / timeDelta * 1000.0 // No coordinate data retained ``` ✅ **CONFIRMED**: No screen coordinates or content information collected. *** #### 1.3 Gesture Activity Collection **Files Audited:** * `android/src/main/java/ai/synheart/behavior/GestureCollector.kt` * `ios/Classes/GestureCollector.swift` **What is Collected:** * ✅ Tap rate (taps per second) * ✅ Long press count * ✅ Drag velocity (magnitude only) * ✅ Gesture timing **What is NOT Collected:** * ❌ No tap coordinates (X, Y positions) * ❌ No touch pressure data * ❌ No finger size/shape * ❌ No UI element identifiers **Privacy Verification:** **Android (GestureCollector.kt:47-81):** ```kotlin theme={null} // Line 59-66: Only timing tracked val duration = System.currentTimeMillis() - dragStartTime if (duration > 500) { longPressCount++ // Count only, no location emitLongPressRate() } else if (duration < 200) { tapCount++ // Count only, no coordinates } ``` **iOS (GestureCollector.swift:91-105):** ```swift theme={null} // Line 94-98: Only timestamp recorded let now = Date().timeIntervalSince1970 * 1000 tapTimestamps.append(now) // Time only, NO coordinates ``` ✅ **CONFIRMED**: No coordinate data or biometric information collected. *** #### 1.4 App Lifecycle & Attention Signals **Files Audited:** * `android/src/main/java/ai/synheart/behavior/AttentionSignalCollector.kt` * `ios/Classes/AttentionSignalCollector.swift` **What is Collected:** * ✅ Foreground/background state transitions * ✅ Foreground duration (time in milliseconds) * ✅ App switch count * ✅ Idle gap detection (timing only) **What is NOT Collected:** * ❌ No app names or identifiers * ❌ No package names of other apps * ❌ No notification content * ❌ No system state information **Privacy Verification:** **Android (AttentionSignalCollector.kt:54-74):** ```kotlin theme={null} // Line 64-73: Only direction and timing recorded emitAppSwitch(direction: "foreground", duration: backgroundDuration) // No app identifiers, just state change timing ``` **iOS (AttentionSignalCollector.swift:85-108):** ```swift theme={null} // Line 98-105: Only state and duration emitAppSwitch(direction: "foreground", duration: backgroundDuration) // No external app information captured ``` ✅ **CONFIRMED**: No third-party app information or system state details collected. *** ### 2. Data Storage & Transmission #### 2.1 In-Memory Storage Only **Files Audited:** * All collector classes (`GestureCollector`, `AttentionSignalCollector`, etc.) **Findings:** * ✅ All data stored in memory only (Lists, Maps, Arrays) * ✅ No file system writes * ✅ No database storage * ✅ No SharedPreferences/UserDefaults usage * ✅ No cloud synchronization **Code Examples:** **Flutter:** ```dart theme={null} // Events stored in memory only, no persistence final List _events = []; // Events are automatically cleaned up when session ends ``` ✅ **CONFIRMED**: No persistent storage, all data is ephemeral. *** #### 2.2 Network Transmission **Files Audited:** * All SDK files **Findings:** * ✅ No network API calls * ✅ No HTTP/HTTPS requests * ✅ No socket connections * ✅ No external service dependencies * ✅ All processing is local **Verification:** ```bash theme={null} # Search for network-related imports/classes grep -r "HttpURLConnection\|URLSession\|Retrofit\|Alamofire" android/ ios/ # Result: No matches found ``` ✅ **CONFIRMED**: Zero network activity, fully local processing. *** ### 3. Platform Permissions Analysis #### 3.1 Android Permissions **File Audited:** `android/src/main/AndroidManifest.xml` **Declared Permissions:** None **Implicit Permissions Used:** * None (Activity lifecycle callbacks are standard, no permission needed) **Not Required:** * ❌ INTERNET * ❌ READ\_EXTERNAL\_STORAGE * ❌ WRITE\_EXTERNAL\_STORAGE * ❌ ACCESS\_FINE\_LOCATION * ❌ CAMERA * ❌ RECORD\_AUDIO * ❌ READ\_CONTACTS ✅ **CONFIRMED**: No mandatory permissions for core gesture capture. The SDK ships with optional integrations for notification observation (`POST_NOTIFICATIONS` / `BIND_NOTIFICATION_LISTENER_SERVICE` on Android, `UNUserNotificationCenter` on iOS) and call observation (`READ_PHONE_STATE` on Android, `CXCallObserver` on iOS) — the host app declares these only if it enables those signals. *** #### 3.2 iOS Permissions **File Audited:** `ios/Classes/Info.plist` (would be in host app) **Required Permissions:** None **Not Required:** * ❌ NSLocationWhenInUseUsageDescription * ❌ NSCameraUsageDescription * ❌ NSMicrophoneUsageDescription * ❌ NSContactsUsageDescription * ❌ NSPhotoLibraryUsageDescription ✅ **CONFIRMED**: No privacy-sensitive permissions required. *** ### 4. Session Identifier Analysis **Files Audited:** * `lib/src/synheart_behavior.dart` * `android/src/main/java/ai/synheart/behavior/BehaviorSDK.kt` * `ios/Classes/BehaviorSDK.swift` **Session ID Format:** ```dart theme={null} // lib/src/synheart_behavior.dart:84 final sessionIdToUse = sessionId ?? '${_config.sessionIdPrefix ?? 'SESS'}-${DateTime.now().millisecondsSinceEpoch}'; ``` **Characteristics:** * ✅ Ephemeral (generated per session) * ✅ Time-based, not device-based * ✅ No device identifiers (IMEI, MAC address, etc.) * ✅ Not linked to user identity * ✅ Can be customized by developer **Privacy Assessment:** * Session IDs are **NOT** persistent device identifiers * They **CANNOT** be used to track users across sessions * They are **LOCAL** to the app instance ✅ **CONFIRMED**: Session IDs are privacy-safe. *** ### 5. Third-Party Dependencies **Files Audited:** `pubspec.yaml`, Android `build.gradle`, iOS `Podfile` **Flutter Dependencies:** ```yaml theme={null} dependencies: flutter: sdk: flutter ``` **Native Dependencies:** * Android: None (only standard Android SDK) * iOS: None (only standard iOS frameworks) ✅ **CONFIRMED**: No third-party tracking libraries or analytics SDKs. *** ### 6. Compliance Assessment #### 6.1 GDPR Compliance (EU) | Requirement | Status | Notes | | ---------------------- | ------ | --------------------------------------- | | **Lawful Basis** | ✅ PASS | Legitimate interest (app functionality) | | **Data Minimization** | ✅ PASS | Only timing metrics collected | | **Purpose Limitation** | ✅ PASS | Data used only for behavioral analysis | | **Storage Limitation** | ✅ PASS | In-memory only, automatic cleanup | | **Right to Erasure** | ✅ PASS | Data cleared on session end/app close | | **Data Portability** | ✅ PASS | Data available via getCurrentStats() | | **Privacy by Design** | ✅ PASS | Privacy-first architecture | **GDPR alignment**: the SDK design is consistent with the principles above. This is a self-assessment, not a third-party audit; legal sufficiency for your specific deployment depends on how you wire consent in your host app. *** #### 6.2 CCPA principles (California) | Principle | Design alignment | | ------------------------ | ----------------------------------------------------- | | **Personal information** | None collected by the SDK | | **Sale of data** | SDK does not transmit or sell data | | **Right to know** | This page documents what is collected | | **Right to delete** | Data is in-memory and cleared on session end | | **Opt-out** | Each signal type can be disabled via `BehaviorConfig` | *** #### 6.3 COPPA principles (children's privacy) The SDK collects no PII and emits no child-specific data. Whether COPPA applies depends on how the host app uses the SDK and the user population it serves; consult counsel for your specific deployment. *** #### 6.4 iOS App Tracking Transparency (ATT) The SDK does not perform cross-app or cross-website tracking, does not collect device identifiers, and does not share data with ad-network brokers. Whether your host app needs to present an ATT prompt depends on the rest of the app's behavior, not on this SDK alone. *** #### 6.5 Android Privacy Sandbox The SDK does not use advertising IDs, does not perform cross-app tracking, processes data locally, and does not share data with third parties. Privacy Sandbox restrictions therefore do not apply to the SDK's collection paths. *** ### 7. Privacy Risks & Mitigation #### Identified Risks | Risk | Severity | Mitigation | Status | | ----------------------------- | -------- | ----------------------------------------- | ----------- | | **Behavioral fingerprinting** | LOW | No cross-session tracking, ephemeral IDs | ✅ Mitigated | | **Memory inspection** | LOW | In-memory data cleared on session end | ✅ Mitigated | | **Event replay attacks** | LOW | No authentication, events are timestamped | ✅ Mitigated | **Overall Risk Level:** 🟢 **LOW** *** ### 8. Recommendations #### Immediate Actions 1. ✅ **Update Privacy Policy**: Document SDK data collection clearly 2. ✅ **User Transparency**: Inform users about behavioral signal collection 3. ✅ **Consent Mechanism**: Provide opt-in/opt-out configuration 4. ⚠️ **Privacy Documentation**: Include in app store descriptions #### Best Practices for Implementation ```dart theme={null} // Provide user control final config = BehaviorConfig( enableInputSignals: userAcceptsGestures, // User consent for tap/scroll/swipe enableAttentionSignals: userAcceptsLifecycle, // User consent enableMotionLite: false, // Disabled by default ); final behavior = await SynheartBehavior.initialize(config: config); ``` #### Privacy Notice Template ```text theme={null} Our app uses behavioral analytics to improve your experience. We collect: - Tap timing patterns (not tap locations) - Scroll patterns (not screen coordinates) - App usage patterns (not other apps) We DO NOT collect: ❌ Text you type ❌ Tap locations ❌ Personal information ❌ Device identifiers ❌ Keystroke content All data is processed locally on your device and never leaves your device. ``` *** ### 9. Security Considerations #### Data in Transit ✅ **N/A** - No network transmission #### Data at Rest ✅ **In-memory only** - No persistent storage #### Data Access Control ✅ **App-local** - Data accessible only to host app #### Encryption ⚠️ **Not required** - No sensitive data, in-memory only *** ### 10. Testing & Validation #### Tests performed * ✅ **Code inspection** — all collection paths in `lib/`, the iOS `MotionSignalCollector.swift`, and the Android `BehaviorSDK.kt` were reviewed manually for PII / text / screen content collection. #### Pending dynamic verification The static review covers what the code *says* it does. The following runtime checks are intended to confirm what the binaries actually do in production builds; they have not been completed yet: * Runtime memory inspection to verify no PII reaches in-process buffers. * Network capture (Wireshark / Charles Proxy) to verify zero outbound activity from the SDK module. * Device storage inspection after SDK use to verify no persistent storage is created. #### Recommended testing 1. **Network Monitoring**: Use Wireshark to confirm zero network activity 2. **Storage Inspection**: Check device storage after SDK use 3. **Memory Dumps**: Analyze memory to confirm no text content 4. **Permissions Test**: Verify no runtime permission requests *** ## Summary Per the static review: 1. **No PII** — no personally identifiable information is captured. 2. **No content** — no text, images, microphone audio, or screen content. 3. **Local processing** — all computation happens on-device; the SDK makes no outbound network calls. 4. **Ephemeral storage** — data lives in process memory and is cleared on session end. 5. **No special permissions** — basic gesture / interaction signals require no Android or iOS runtime permissions; notification and call observation are opt-in and gated by the host's permission prompts. 6. **Designed around GDPR / CCPA / COPPA principles** — see §6. This is a static review, not a third-party certification. Dynamic verification (network capture, memory inspection, storage inspection) is listed as pending work in §10. Whether your specific deployment satisfies a particular regulation depends on how you wire consent in the host app. * ✅ Children's apps (COPPA-compliant) *** ## Appendix: Privacy Checklist * [x] No text content captured * [x] No keystroke *content* (typing events carry timing metrics only — speed, cadence, gap ratio, backspace count — never characters) * [x] No screen coordinates collected * [x] No biometric data * [x] No location data * [x] No camera/microphone access * [x] No contacts access * [x] No file system access * [x] No network requests * [x] No persistent storage * [x] No device identifiers * [x] No advertising IDs * [x] No cross-app tracking * [x] Ephemeral session IDs only * [x] In-memory data only * [x] Automatic data cleanup * [x] User control via configuration * [x] GDPR compliant * [x] CCPA compliant * [x] COPPA compliant * [x] ATT not required * [x] Privacy Sandbox compatible *** **Report Version**: 1.0 **Last Updated**: 2026-05-05 **Next Audit**: Recommended after major version changes