Privacy Policy

Effective date: June 5, 2026
Last updated: July 14, 2026

1. Summary

TDY Slayer is built to keep your data on your device. Your trips and receipt images live on your iPhone. Information leaves your phone in only a few limited situations: when the App sends a receipt or document image to the cloud so it can be read by an artificial intelligence (AI) model, when you sign in so the cloud service can recognize your requests, when the App sends limited, anonymous-by-design usage analytics so we can understand how the App is used and improve it, and — if you subscribe — when our subscription service records that your subscription is active.

In plain English:

The rest of this policy explains the details.

2. Who we are

TDY Slayer is published by Southwind Digital LLC ("Southwind Digital," "we," "us"). Contact: [email protected].

3. Information stored on your device

The following information is created, captured, or imported by you and stored locally on your iPhone:

These items are stored on your iPhone. They are not synced to a Southwind Digital server.

4. Information sent to our cloud service

TDY Slayer talks to a Cloudflare Worker we operate for two things: signing you in, and reading your documents.

Signing in (Sign in with Apple)

You sign in with Apple. Apple sends the App a signed token that we pass to our Worker to verify you. From this, the Worker stores a small per-user record in Cloudflare's key-value store containing:

We do not store your name or email address. Apple lets you hide your email, and the App does not request it. Any name shown in your in-App profile is stored only on your device.

Reading documents (OCR)

When you capture, import, or share a receipt or document — or audit a past voucher — the App sends it to the Worker, which uses one or more commercial AI models (currently xAI's Grok and Anthropic's Claude) to read the document and returns the result.

What is sent:

What is not sent:

How long the data is retained on our infrastructure

So that a read can finish even if you close or quit the App, each document you import is briefly stored — encrypted — in Cloudflare's object storage (R2) while it is processed. The document image itself is deleted the instant its read finishes. The extracted result and a small processing record (which trip you were adding to) are held only until your phone retrieves the result. As a backstop, an automatic rule deletes any leftover images, results, and processing records within one day.

We do not keep a copy of your document images after this. The only long-lived record on our infrastructure is the small per-user sign-in record described above — never your receipts or their contents.

Cloudflare and the AI providers each maintain their own operational logs (for example, request counts, error rates, and abuse-prevention signals). Those logs are retained according to each provider's own privacy and security policies — see Section 7 below.

The AI providers' handling of the data

The AI provider processes the document and returns a result. Each provider's privacy policy and API terms describe how it handles data submitted through its API — including retention and whether API inputs are used to improve its models. We recommend reviewing xAI's current legal terms at https://x.ai/legal and Anthropic's at https://www.anthropic.com/legal if you have questions about how they handle the data.

Cloudflare's role

Cloudflare hosts the Worker, terminates the HTTPS connection, stores the small per-user sign-in record and (briefly) the background-batch images described above, and provides standard edge-network protections (DDoS, bot management, etc.). Cloudflare's privacy policy is at https://www.cloudflare.com/privacypolicy/.

Push notifications

If you enable notifications, the App registers your device's Apple Push Notification service (APNs) token with our Worker so we can tell you when a background batch has finished processing. The token is kept in the per-user record described above and is used only to send you these operational notifications. You can turn notifications off in iOS Settings or in the App's Profile at any time.

Usage analytics

The App sends limited usage analytics to PostHog, an analytics service, so we can understand how the App is used and improve it. What is sent: which screens are viewed, which features are used (for example, "a receipt was captured from the camera" or "an export was run"), basic app-lifecycle events, and a small number of aggregate numeric summaries (for example, how many receipts were in an import, or the total dollar amount of expenses the App surfaced for you). These events are associated with the same opaque user identifier as your sign-in.

What is never sent to analytics: receipt images or document contents, merchant names, individual expense line items, dates or locations of your travel, your profile details (name, home address, duty station), or your Apple identity. We do not use session recording, and we do not use analytics for advertising or cross-app tracking. If you would like the analytics records associated with your identifier deleted, email [email protected].

Subscriptions and purchases

TDY Slayer Pro is an optional auto-renewing subscription sold through Apple's In-App Purchase system.

We never see or receive your payment details. Apple processes the payment. Your card number, billing address, and Apple Account credentials are handled entirely by Apple and are never sent to us or to anyone on our behalf.

To know whether your subscription is active — including on a second device, or after you reinstall the App — we use RevenueCat, a subscription-management service. RevenueCat receives:

RevenueCat does not receive your receipt images or document contents, your trips or expenses, your profile (name, home address, duty station), or your payment details.

RevenueCat's privacy policy is at revenuecat.com/privacy.

Refreshing government reference data

The App periodically downloads updated copies of publicly available U.S. Government reference tables (per-diem and currency rates) from our server so your estimates stay current. This request carries no sign-in and no personal information — it is a plain file download, like fetching a public web page.

5. Information you can share through Apple

If you grant the App access to the iPhone Camera or Photos library, those permissions are governed by Apple's standard iOS permission prompts. We do not see, read, or upload any photo from your library except the specific images you choose to capture or import into a trip.

If you use the App's Share Extension to send a receipt from another app (for example, Mail), the file is handed off to TDY Slayer so it shows up in your trip the next time you open the App. See Section 4 for what is sent to our cloud service.

6. Information we do not collect

TDY Slayer does not:

7. Third parties we rely on

Each third party listed below acts as our service provider for the limited purpose described. Under our agreements with them, they are permitted to use the data only to provide that service to us — not for their own purposes — and are required to protect it consistent with this policy and with Apple's requirements.

Publicly available U.S. Government reference data (such as per-diem and currency-rate tables) is bundled inside the App and used locally on your device. The App refreshes those tables from our own server (see Section 4); no network call is made to the government sources themselves at runtime.

8. Children

TDY Slayer is intended for adults preparing official government travel vouchers. It is not directed at children, and we do not knowingly collect information from anyone under 18. If you believe a child has provided information through the App, please contact us at [email protected] so we can advise.

9. Security

We design TDY Slayer to minimize the data that leaves your device. Concretely:

No system is perfectly secure. You can reduce your own risk by keeping iOS up to date, using a strong device passcode and biometrics, and avoiding shared devices.

10. Your choices and rights

Because the App stores your trips, receipts, and profile on your device, most data-management actions are taken directly in the App or on your phone.

You can:

Apart from the limited sign-in record described in Section 4, we do not maintain a server-side copy of your trips, receipts, or profile, so there is generally nothing else about you for us to access, correct, or port — and you can delete the sign-in record at any time via Delete Account.

State-specific rights (United States)

Depending on where you live, you may have additional rights under state law (for example, California's CCPA/CPRA, Colorado, Connecticut, Utah, Virginia, and other state privacy statutes), including the right to know, the right to delete, the right to correct, the right to opt out of "sale" or "sharing" of personal information, and the right to non-discrimination for exercising these rights.

We do not sell personal information and we do not share personal information for cross-context behavioral advertising. If you wish to exercise a state-law privacy right, email [email protected] and describe your request. We will respond within the timeframe required by your state's law. We may need to verify your identity before acting on the request.

GDPR / UK GDPR

TDY Slayer is designed for the U.S. military DTS workflow and is not marketed to data subjects in the European Union or the United Kingdom. If you nevertheless use the App from the EU/UK, you may have additional rights under the GDPR or UK GDPR, including access, rectification, erasure, restriction, portability, and objection. Email [email protected] to make a request. Our lawful basis for the limited processing we perform (authenticating your sign-in and sending a document to the OCR service at your direction) is your consent and the performance of the service you are using.

11. International data transfers

The OCR Worker is hosted on Cloudflare's global edge network and may run in a data center near you. Cloudflare may transfer request data to the United States, where the AI providers' APIs and the analytics service are operated. If you use the App from outside the United States, you understand that your data will be processed in the United States and other jurisdictions where Cloudflare, the AI providers, and PostHog operate.

12. Operational security (OPSEC) note for service members

TDY Slayer stores location, date, and travel-pattern information about you on your phone. This data — even at rest — could be sensitive in an OPSEC context. You are responsible for following your service's and command's OPSEC guidance regarding storing travel information on a personal device.

Do not use TDY Slayer to process classified information, controlled unclassified information (CUI) that prohibits commercial cloud processing, or any document your security manager has not authorized for handling on a personal commercial device. Cloudflare and the AI providers are commercial services and are not part of any DoD authorized cloud boundary.

13. Changes to this policy

We may update this policy from time to time. Material changes will be reflected in the "Last updated" date at the top and surfaced inside the App where appropriate. Your continued use of the App after a change becomes effective constitutes acceptance of the updated policy.

14. Contact

Privacy questions or requests? Email [email protected].

Southwind Digital LLC