Privacy Policy

Last updated: April 10, 2026

Phosphor ("we," "our," or "the app") is a URL filtering application for iOS that uses Apple's NEURLFilterManager API with Private Information Retrieval (PIR). This privacy policy explains how we handle your data.

The Core Promise

Phosphor never sees, collects, stores, or transmits any URLs you visit. This isn't just a policy — it's cryptographically enforced by the architecture:

• URLs are checked locally on your device using a Bloom filter
• For potential matches, the system sends homomorphically encrypted queries to our PIR server — we process the query without ever decrypting it
• Queries are routed through Apple's Oblivious HTTP (OHTTP) relay, which strips your IP address before reaching our server
• Our server never sees your IP address or the URLs being queried

Data We Do NOT Collect

• URLs or domains you visit
• Browsing history or activity
• IP addresses
• Device identifiers or fingerprints
• Analytics or usage telemetry
• Crash reports
• Location data

Data Stored Locally on Your Device

The following data is stored only on your device in the app's sandboxed container and shared App Group:

• Filter list metadata — names, categories, and enabled status of your filter lists
• Filter rules — the domain lists you've enabled (downloaded from public sources)
• Aggregate block statistics — counts of blocks by category and day (no individual URLs)
• App preferences — settings like update frequency and pause state

This data never leaves your device. It is not backed up to iCloud and is deleted when you uninstall the app.

PIR Server

Our PIR server hosts an encrypted database of URLs to filter. When the system queries this database:

• The query is homomorphically encrypted — our server performs computation on the ciphertext without decrypting it
• The server returns an encrypted response that only your device can decrypt
• We cannot determine which URL was queried or what the result was
• Server logs contain only anonymous request timestamps and sizes — no identifying information

Subscription Data

Subscriptions are processed entirely by Apple through the App Store. We do not collect or store payment information. Apple's privacy policy governs subscription data handling.

Third-Party Services

Phosphor uses no third-party SDKs, analytics services, crash reporters, or advertising networks. The only external services involved are:

• Apple's OHTTP Relay — operated by Apple, provides network-level anonymity for PIR queries
• Apple's App Store — handles subscription billing
• Public filter list sources — domain lists are fetched from well-known open-source projects (EasyList, StevenBlack, etc.)

Children's Privacy

Phosphor does not knowingly collect any data from children under 13. Since we collect no personal data from any user, there is no data to protect.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

Contact

If you have questions about this privacy policy, contact us at privacy@phosphor.online.