Overview
LiveBand Sunday Stream (“the App”) is developed by GraniteVector Systems, LLC (“we”, “us”, “our”). This policy describes how the App handles your data.
Summary
We do not collect any personal data. The App does not use analytics, advertising, or tracking services. All app data is stored locally on your device unless you choose to enable iCloud sync.
Data We Collect
None. The App does not require an account, login, or registration. We do not collect names, email addresses, phone numbers, location data, device identifiers, or any other personal information.
Data Stored on Your Device
The App stores the following data locally:
- Songs, lyrics, chord charts, and setlists you create or import
- Learning progress and practice statistics
- App preferences and settings
- Stream configuration (RTMP URLs, SRT settings) if you use streaming features
- Stream keys and passphrases, stored securely in your device’s Keychain
- Crash diagnostics from Apple’s MetricKit framework, stored locally with file-level encryption and never transmitted to us. Reports older than 7 days are automatically deleted
This data stays on your device and is not sent to us or any third party.
iCloud Sync (Optional)
If you enable iCloud sync in the App’s settings, your songs and setlists are synced to your personal iCloud account via Apple’s CloudKit service. This data is managed by Apple under Apple’s Privacy Policy. We do not have access to your iCloud data. You can disable iCloud sync at any time.
Streaming
When you use the App’s livestreaming features (available on macOS), audio and video content is transmitted directly to the streaming destination you configure (for example, YouTube, Facebook, or a custom RTMP/SRT server). This content goes directly from your device to your chosen destination. We do not receive, store, route, or have access to your streamed content. You are responsible for your streaming destination’s privacy practices.
Local Network
The App may use your local network to discover and control audio mixers (via OSC), PTZ cameras (via VISCA-over-IP), MIDI devices, companion camera devices, NDI video sources, tally lights, and other LiveBand Sunday Stream devices for Band Sync. All local network communication stays on your network. No data from these connections is transmitted to us.
Band Sync
When you use Band Sync to synchronize setlist playback and song content with other band members, the App can communicate in two ways:
- Local (Bluetooth / Wi-Fi): Uses Apple’s MultipeerConnectivity framework to communicate directly between nearby devices. All communication is encrypted and stays between the connected devices. Local sessions use pairing codes for secure connections.
- Cloud (iCloud): When local connectivity is unavailable, Band Sync can optionally use your personal iCloud account (via CloudKit) to relay session state and song updates. This data is stored temporarily in your iCloud account and cleaned up when the session ends. We do not have access to your iCloud data.
No data from Band Sync sessions — local or cloud — is transmitted to us or any third party. Band Sync is optional and requires you to explicitly start a session.
Web Remote Control (macOS)
On macOS, the App includes an optional Web Remote feature that runs a local HTTP server on your device to provide a browser-based control dashboard. This server is accessible only on your local network and requires a per-session authentication token for all API requests. The server does not expose any personal data, and no data from the Web Remote is transmitted outside your local network. The Web Remote is disabled by default and must be explicitly enabled.
Web Content Import
When you use the web import feature to fetch song lyrics or chord charts from a URL you provide, the App makes a standard HTTP GET request to that URL. The App does not track which URLs you visit, and no browsing data is sent to us. On macOS, the studio’s WebSource feature can render a URL as a video source — this content is processed locally and never transmitted back to us.
Face-Gesture Scrolling (iOS)
On iOS, the App can use the TrueDepth camera (via ARKit) to detect head tilt for hands-free lyrics scrolling during performances. Facial geometry data is processed entirely on your device in real-time. It is never stored, recorded, or transmitted. This feature is optional and requires your explicit permission.
Backup and Export
When you export a backup (.appbackup), setlist (.lbsetlist), or library (.lblibrary), the App creates a temporary ZIP archive on your device. This file is only shared when you explicitly choose a destination (e.g., Files, AirDrop, email). Temporary backup files older than 24 hours are automatically cleaned up. We never receive backup files.
Lyrics Translation
The App offers optional lyrics translation using Apple’s Translation framework. When you translate lyrics, Apple may process the text on your device (using downloaded language models) or through Apple’s translation servers, depending on the language pair and device capabilities. This processing is handled entirely by Apple under Apple’s Privacy Policy. We do not send lyrics to any non-Apple service. Translation is user-initiated and optional.
On-Device AI
On supported devices (iOS 26+ / macOS 26+ with compatible hardware), the App uses Apple’s FoundationModels framework for AI-assisted features such as chord parsing and lyric formatting. All AI processing runs entirely on your device. No data is sent to any AI service, cloud API, or external server. When AI features are unavailable, the App uses deterministic processing instead.
Third-Party Code
The App includes one third-party open-source library: HaishinKit (RTMP/SRT streaming). This library does not collect, transmit, or store any user data. No other third-party SDKs, analytics services, advertising frameworks, or tracking tools are included.
Permissions
The App may request the following device permissions. All are optional — the App works fully for Library, Setlists, Learn, and practice features without any permissions granted.
- Camera — Live video production and multi-camera switching (macOS); face-gesture lyrics scrolling (iOS via TrueDepth/ARKit)
- Microphone — Live audio mixing, monitoring, broadcast encoding, and real-time audio analysis (macOS)
- Screen Recording — Capturing windows and displays as video sources for live production (macOS)
- Local Network — Discovering and controlling audio mixers (OSC), PTZ cameras (VISCA), NDI sources, companion devices, tally lights, and MIDI devices on your network
- Face ID / TrueDepth Camera — Hands-free face-gesture lyrics scrolling during performances (iOS only; data is never stored or transmitted)
- Bluetooth / Peer-to-Peer Wi-Fi — Band Sync uses Bluetooth and peer-to-peer Wi-Fi to synchronize setlist playback and song content with other band members’ devices (optional; all communication is encrypted and stays between connected devices). Cloud mode uses your personal iCloud account as an alternative transport
- Notifications — Receiving iCloud sync updates (requested only when you enable iCloud sync)
- Accessibility — Global keyboard shortcuts for studio controls (macOS only; e.g., scene switching, fade to black)
Children’s Privacy
The App does not collect personal data from any user, including children under 13.
Changes to This Policy
We may update this policy. Changes will be posted here with a revised effective date.
Contact
If you have questions about this privacy policy, visit granitevectorsystems.com/contact and select “LiveBand Sunday Stream — app support” from the dropdown.
App Privacy Answer Matrix
This document provides verified answers for the App Store Connect privacy questionnaire, based on a full codebase audit.
Overall Privacy Posture
| Question | Answer | Evidence |
|---|---|---|
| Does this app track users? | No | No IDFA, no ATTrackingManager, no AppTrackingTransparency imports found. |
| Does this app use third-party analytics? | No | No Firebase, Crashlytics, Amplitude, Mixpanel, Sentry, or any analytics SDK present. |
| Does this app collect data linked to user identity? | No | No user accounts, no login, no email collection, no remote user profiles. |
| Does this app use advertising SDKs? | No | No ad frameworks or advertising identifiers. |
| Does this app transmit data to developer servers? | No | No URLSession calls to any developer-controlled backend. All network activity is user-initiated (RTMP/SRT streaming to user-configured destinations, OSC to user’s mixer, local LAN web remote). |
| Does this app use iCloud? | Yes (optional) | CloudKit sync is user-controlled. Data stored in the user’s personal iCloud account, managed by Apple. |
Privacy Nutrition Label — Category Answers
| Category | Collect? | Verification |
|---|---|---|
| Contact Info | No | No fields for name, email, phone, or address. No user account system. |
| Health & Fitness | No | No HealthKit, no health-related data types. |
| Financial Info | No | No payment processing, no financial data. No in-app purchases in v2.0.0. |
| Location | No | No CoreLocation, no CLLocationManager, no GPS or geofence usage. |
| Sensitive Info | No | No biometric data collection. TrueDepth camera (ARKit) processes head tilt in real-time; never stored or transmitted. |
| Contacts | No | No Contacts framework, no address book access. |
| User Content | No | Songs, setlists, lyrics, charts, recordings stored locally. Optional iCloud sync stored in user’s iCloud (Apple-managed). |
| Browsing History | No | No web browsing functionality. WebSource (macOS) renders user-configured URLs without tracking. |
| Search History | No | Library and Learn search are on-device only. Stored locally via UserDefaults. |
| Identifiers | No | No device ID, no IDFA, no vendor identifier collection. |
| Purchases | No | No in-app purchases or subscriptions in v2.0.0. |
| Usage Data | No | StreamTelemetryManager tracks stream health locally for UI display only — never transmitted. |
| Diagnostics | No | CrashReporter uses Apple MetricKit. Payloads saved to local disk only — no remote transmission. |
| Other Data | No | No other data categories collected. |
Network Activity Audit
| Component | Purpose | Data Destination | Developer Collection? |
|---|---|---|---|
| RTMPBroadcaster | Livestream output | User-configured RTMP/RTMPS server | No |
| SRTBroadcaster | Livestream output | User-configured SRT endpoint | No |
| StudioWebRemote | LAN remote control | Local network only (HTTP server on device, token-authenticated) | No |
| HostConnectionManager | Mixer control (OSC) | User’s X32/M32 mixer on local network | No |
| DeviceScanner | Network discovery | Local network broadcast (Bonjour/mDNS) | No |
| MIDINetworkController | MIDI over network | Local network MIDI devices | No |
| CloudKit (iCloud sync) | Optional data sync | User’s personal iCloud account (Apple-managed) | No |
| AIImportEngine | AI chord/lyric parsing | On-device only (FoundationModels) | No |
| CloudPresetManager | Mixer preset storage | CloudKit (user’s iCloud) | No |
| VideoMixingEngine | Video compositing | Local only (no network) | No |
| CompanionCameraSender/Receiver | iOS companion camera | Local network peer-to-peer (NWConnection) | No |
| TallyLightService | Tally light broadcast | Local network UDP broadcast | No |
| PTZCameraManager | PTZ camera control | User’s PTZ camera on local network (VISCA-over-IP) | No |
| APNs (push notifications) | CloudKit sync triggers | Apple Push Notification service (Apple-managed) | No |
| MetricKit (CrashReporter) | On-device crash diagnostics | Local disk only — Apple delivers payloads to app, no developer server | No |
| WirelessMicMonitor | Wireless mic status | Local network monitoring | No |
| NDISenderManager | NDI video output (LAN) | Local network only (raw BGRA frames via NDI protocol) | No |
| BandSyncManager | Band Sync (setlist + content sync between devices) | Local peer-to-peer (MultipeerConnectivity, Bluetooth/Wi-Fi) or user’s personal iCloud (CloudKit) | No |
| CloudBandSyncTransport | Band Sync cloud transport | User’s personal iCloud account (CloudKit public database, session records cleaned up on end) | No |
| WorshipPlannerEngine | AI setlist generation | On-device only (algorithmic + optional FoundationModels) | No |
| TranslationService (Lyrics Translation) | Optional lyrics translation | On-device (downloaded language models) or Apple’s translation servers, depending on language pair — Apple-managed under Apple’s Privacy Policy. No non-Apple service receives lyrics. | No |
| WebImportService | Fetch song/chord HTML for import | User-provided URL (GET with browser User-Agent) | No |
| WebSource (macOS studio) | Render user-configured URL as video source | Local rendering only (WKWebView, no data sent back) | No |
| FaceScrollManager (iOS) | ARKit head-tilt for hands-free lyrics scroll | On-device only (real-time ARKit face geometry, never stored or transmitted) | No |
| SecurityBookmarkManager | Persist sandbox file access across launches | Local disk only (Application Support plist) | No |
| BackupManager | Export/import .appbackup, .lbsetlist, .lblibrary | Local disk (temp directory ZIP, user-initiated file transfer only) | No |
No component transmits data to any developer-controlled server.
On-Device Data Storage Audit
All data is stored locally on the user’s device (or the user’s personal iCloud account if sync is enabled). No data reaches developer-controlled servers.
| Storage Location | Data Stored | Sensitive? | Component |
|---|---|---|---|
| Keychain (com.livebandsundaystream.streamkey) | RTMP stream key, SRT passphrase, iOS stream key | YES — encrypted by OS Keychain | KeychainStreamKeyStore |
| UserDefaults / @AppStorage (~95+ keys) | UI preferences, layout, studio settings | NO — no PII or auth tokens | Various (studio*, learn* prefixed) |
| ~/Documents/ | Songs (JSON), Setlists (JSON), learning progress | NO (user content) | LibraryViewModel, LearningProgressStore |
| ~/Documents/CrashReports/ | MetricKit diagnostic payloads (JSON), file-level encrypted, auto-deleted after 7 days | NO — system diagnostics only | CrashReporter |
| ~/Movies/ (macOS) | Broadcast recordings (.mov, HEVC+AAC) | NO (user content) | ProgramRecorder, ISORecordManager |
| ~/Application Support/LiveBandSundayStream/ | Security-scoped bookmarks, scene manager data | NO | SecurityBookmarkManager, SceneManager |
| Temp directory | ZIP archives during export (.appbackup), auto-cleaned after 24 hours | NO — cleared after user downloads | BackupManager |
| NSUbiquitousKeyValueStore (iCloud) | Songs, setlists, learning progress (JSON) | NO — user’s personal iCloud | SDSong, LearningProgressStore |
PrivacyInfo.xcprivacy Verification
| Key | Value | Status |
|---|---|---|
| NSPrivacyTracking | false | Correct |
| NSPrivacyCollectedDataTypes | [] (empty) | Correct — no data collected |
| NSPrivacyAccessedAPITypes | UserDefaults (CA92.1), Disk Space (E174.1), System Boot Time (35F9.1), File Timestamp (DDA9.1) | Correct — all declared with valid reasons |
Info.plist Permission Strings
| Key | Description | Required For |
|---|---|---|
| NSCameraUsageDescription | Camera access | Livestream video capture (macOS) |
| NSMicrophoneUsageDescription | Microphone access | Livestream audio capture (macOS) |
| NSScreenCaptureUsageDescription | Screen recording | Window/display capture as studio sources (macOS) |
| NSLocalNetworkUsageDescription | Local network | Mixer discovery (OSC), companion device connectivity |
| NSFaceIDUsageDescription | TrueDepth camera | Hands-free face-gesture lyrics scrolling (iOS, ARKit) |
| NSBonjourServices | Bonjour | Network device discovery |
Encryption (ITSAppUsesNonExemptEncryption)
| Key | Value | Rationale |
|---|---|---|
| ITSAppUsesNonExemptEncryption | false | All encryption is exempt: RTMPS uses OS-provided TLS (exempt), SRT uses libsrt AES (auth/data integrity, exempt under TSU exception), Keychain uses Apple Security framework (exempt), HaishinKit MD5 is for RTMP auth handshake only (exempt). |
Third-Party SDK Audit
| Dependency | Purpose | Privacy Impact |
|---|---|---|
| HaishinKit.swift | RTMP/RTMPS streaming | No analytics, no tracking. MD5 used for RTMP auth handshake only. |
No other third-party SDKs, analytics frameworks, or ad networks are included in the project.
Note: A PrivacyInfo.xcprivacy has been added to the HaishinKit target declaring no tracking, no collected data types, and no required-reasons APIs (audit confirmed none are used). The HaishinKit Package.swift bundles this manifest as a resource.