Privacy Policy
Last updated · June 2026
The short version: your check-ins live on your phone, we collect as little as possible, and we never sell your data. The longer version is below.
Your experiment data is stored on your device, and synced to your own Dropbox or Google Drive only if you turn cloud sync on.
We don't sell your data or share it with advertisers. Ever.
You can export everything, or delete everything, at any time - no questions asked.
What we collect
Esito works without an account. Everything you log inside the app - experiments, daily check-ins, notes and the metrics you track - is your content, and it stays your content. Because the app is offline-first, we collect as little as possible on our side: basic, non-identifying diagnostics (app version, device type and crash reports, via Sentry) so we can keep the app stable, and a small set of campaign-attribution events (via Firebase Analytics and Google Ads) so we know which ad brought us active users. Neither contains your experiment data.
Where your data lives
By default, your check-ins and verdicts stay on your phone. If you enable cloud sync, an encrypted copy is stored in your own Dropbox or Google Drive - in a folder dedicated to Esito - so it can move between your devices. You authorise this directly with Dropbox or Google through OAuth; we never see your password and we never read the contents of those files. Features like theme extraction from your notes are processed on-device - your raw notes are never sent to our servers. You can revoke sync access at any time from your Dropbox or Google account settings.
How we use it
We use your data to run the app: to store your experiments, compute your verdicts, and sync across your devices. Diagnostics help us find and fix bugs. Campaign-attribution measures which promotion brought active users - ad personalisation is off, there is no cross-app tracking, and we build no advertising profiles. We do not use your personal check-in data to train models, and we never show ads inside the app.
Health connections
If you connect Apple Health or Google Fit, Esito reads only the specific metrics you approve, and uses them solely to fill in your experiments. You can revoke access at any time from your phone's settings, and we never write data back without your action. Esito is a personal tracking tool, not medical advice - it doesn't diagnose, treat or make health claims.
Benchmarks & anonymized data
Pro's benchmark feature compares your results against aggregated, anonymized data from other users. Any data used for benchmarks is stripped of identifying information and only ever shown in aggregate - never tied back to an individual. Benchmarks are opt-in and off until you turn them on.
Third-party services
We keep the list of external services short and name it in full: Dropbox / Google Drive for optional cloud sync (files live in your account); Apple Health / Google Fit for the metrics you choose to import; RevenueCat to manage the Pro subscription (it receives only an anonymous ID and your subscription status); Sentry for crash reports; Firebase Analytics + Google Ads for campaign attribution; and the Apple App Store / Google Play for distribution and payments. We integrate no social-media SDKs, advertising networks or behavioural-analytics tools.
Keeping your data safe
App data is stored in the app's sandbox on your device, out of reach of other apps. You can lock Esito with Face ID, Touch ID or a PIN. Cloud-sync tokens are kept in the operating system's secure storage (Keychain on iOS, Keystore on Android). Because your experiment data stays on your device or in your own cloud account, there is no central database of it to breach. The security of your data also depends on your device - we recommend a strong screen lock and two-factor authentication on your cloud accounts.
Your rights & choices
You can export all of your data as CSV or JSON at any time - export is never paywalled. You can delete individual experiments, or wipe your data entirely. To remove a cloud copy, delete the Esito folder from your Dropbox or Google Drive (uninstalling the app does not delete cloud files automatically). If you'd like us to action a request on our side, email [email protected] and we'll handle it.
Children
Esito is not intended for people under the age of 16, and we do not knowingly collect data from minors. If you are a parent or guardian and believe a minor has used the app, contact us and we'll take the necessary steps.
Changes to this policy
If we make a meaningful change to how we handle your data, we'll update this page and note it in the app. The “last updated” date above always reflects the current version.
Questions
Anything unclear, or a privacy request? Write to [email protected] - see the contact page for more.