Last updated: April 21, 2026 (device attestation disclosure)
Wasl ("we", "our", or "the App") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our iOS application, keyboard extension, and share extension.
Profile Data from Screenshots: When you share or paste a screenshot of a dating profile, the App uses on-device OCR (optical character recognition) to extract text. This extracted text, along with structured attributes parsed from it (such as bio, interests, prompts, and detected language), is sent to our servers to generate personalized opening messages. We store these generation requests on our servers, including the parsed profile text, to support your history, improve generation quality, and enable restore after reinstall. We do not store the original screenshot image.
Keyboard Input: Our custom keyboard extension does not log, record, or transmit anything you type into other apps.
Keyboard Clipboard Access: When you switch to the Wasl keyboard, it checks whether your iOS clipboard contains an image so it can offer to analyze a profile screenshot you just took. The image is only read after you tap "Analyze screenshot" — at that point iOS shows you a system permission prompt that you must approve before the keyboard can access the clipboard contents. Once approved, the image is processed entirely on-device using OCR. Only the extracted text (not the image itself) is sent to our servers to generate openers, and the text is handled the same way as profile text from the share extension. The keyboard does not access your clipboard for any other purpose, does not read clipboard text, and does not retain the image after OCR completes.
Generated Messages and Favorites: When you generate opening messages, the results are stored both locally on your device and on our servers. When you save a favorite opener, it is stored locally on your device only. The text of openers you select or copy is recorded server-side to help personalize future suggestions.
Device Identifier: We generate a random, anonymous device identifier to manage your account, subscription status, and usage. This identifier is stored on your device (including in the iOS Keychain, where it persists across app reinstalls to support account continuity) and on our servers. It is not your Apple ID or any personally identifiable information.
Usage and Analytics Data: We collect pseudonymous usage analytics in the main app, tied to your device identifier. This includes feature usage events, generation counts, language and tone preferences, opener selection patterns, and subscription events. Analytics are collected by the main app and operate independently of whether the keyboard extension has Full Access enabled. This data helps us understand how the App is used and improve the experience.
Subscription Data: Subscription purchases are processed by Apple. We use RevenueCat as a subscription management platform. RevenueCat receives your anonymous device identifier (as an app user ID) and subscription event data from Apple, including subscription status, tier, expiry date, and transaction identifiers. We never receive or store your payment details, credit card number, or Apple ID credentials.
Crash and Diagnostic Data: We use Firebase Crashlytics to collect crash reports, error logs, and diagnostic information from the main app and share extension. The keyboard extension does not configure Crashlytics and does not send crash reports. Crashlytics receives your device identifier, app version, and error context. It does not receive profile text, generated messages, or any user-created content.
Profile text you share is sent to a third-party AI service (via OpenRouter) to generate opening messages. This data is used only for the immediate generation request and is not used to train AI models. We do not send any personally identifiable information about you to AI providers.
We use Apple's App Attest service to verify that requests come from a genuine copy of Wasl running on your device. During this process, iOS generates a per-device cryptographic key in the Secure Enclave and Apple produces an attestation statement confirming the app's authenticity. We receive a short-lived attestation token and a hashed form of your device's public key, which together let our servers reject requests from tampered or emulated clients. App Attest does not collect personal data, does not identify you, and does not use your Apple ID. The hashed device key is retained for up to 90 days to support fraud prevention and is then rotated.
Local storage: Your preferences, cached subscription status, recent generation results, saved favorite openers, and tone/language settings are stored locally on your device using iOS App Group storage shared between the app, keyboard, and share extension.
Server-side storage: The following data is stored on our servers in a secure database hosted on Supabase with row-level security policies: your device identifier, subscription status, generation history (including the full parsed text from screenshots you process), opener selection records, and usage analytics events. All network communication uses HTTPS encryption.
We use the following services to operate the App:
We do not sell, trade, or share your personal information with third parties for marketing purposes.
Our custom keyboard extension requires "Full Access" to function. Full Access is needed for four reasons: (1) to read parsed profile text from the shared App Group container that the main app or share extension populated when you processed a screenshot, (2) to check whether the iOS clipboard contains a screenshot you would like to analyze, and to read that image after you explicitly tap "Analyze screenshot" and approve the iOS paste permission prompt, (3) to make network requests to our servers for AI generation and to verify your subscription status, and (4) to send pseudonymous analytics events (such as when the keyboard is opened) tied to your device identifier. Without Full Access the keyboard cannot reach the clipboard, the shared container, or the network, and will prompt you to enable it.
The keyboard does not log keystrokes, does not read clipboard text, and does not collect any text you type outside of the Wasl keyboard interface. The only clipboard data it reads is a screenshot image you have explicitly asked it to analyze; the image is OCR-processed on-device and only the extracted text is sent to our servers.
Important: Enabling or disabling keyboard Full Access does not affect analytics or crash reporting in the main app. The main app collects usage analytics and crash reports independently of the keyboard extension's Full Access setting.
Local data: Cached data on your device is cleared when you uninstall the App. Saved favorite openers are stored locally and are removed when you uninstall. In the keyboard extension, parsed profile data from screenshots is automatically cleared after use or after 30 minutes. In the main app, cached profile data is replaced when you process a new screenshot. Your device identifier persists in the iOS Keychain across reinstalls to support account continuity and subscription restore.
Server-side data: Generation history (including parsed profile text), opener selection records, and account data are retained on our servers indefinitely to support restore, continuity, and product improvement. There is no automated expiry or scheduled deletion of server-side data. You can erase all server-side data associated with your device at any time using the in-app self-service flow at Settings → "Delete My Data". After deletion, your device identifier is recorded in our tombstone list so it cannot be re-registered, and the app rotates to a new identifier on next launch.
Wasl is not intended for users under 17 years of age. We do not knowingly collect information from children.
We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page.
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:
Email: privacy@leptas.com