Privacy Policy — dTector
Effective date: 31 May 2026 · Last updated: 31 May 2026
This Privacy Policy explains how the iOS application dTector (the “App”) processes information when you install and use it. dTector turns the iPhone (and, optionally, the Apple Watch) magnetometer into a magnetic-anomaly detector, uses Bluetooth Low Energy advertisements to compute a radio-frequency (“electrosmog”) activity index, lets you log metallic “Discoveries” with optional GPS coordinates into an on-device Vault, and offers an augmented-reality 3D electromagnetic field-mapping mode. It includes an Apple Watch companion app and a home-screen/Watch widget.
dTector is an awareness and hobby tool, not a calibrated metal detector or EMF dosimeter. We have written this policy to be specific: the App is designed to keep the data it gathers on your device, and the few third-party services it relies on (advertising, consent, in-app purchase and a keyless air-quality data source) are described here in detail rather than hidden.
1. Data controller
- Andrea Piani, independent developer, Italy.
- Privacy contact: andreapiani.dev@gmail.com.
The App is distributed through the Apple App Store. Apple Inc. and Apple Distribution International Ltd. act as independent controllers for the data they process during download, purchase and in-app purchase management, in accordance with their own privacy policies.
2. Scope
This policy covers the App itself, its Apple Watch companion and its widget. It does not cover the third-party services listed in Sections 5 to 9, each of which operates under its own privacy notice.
3. Summary at a glance
- All core detection features work without an account. The App has no login, and never asks for your name, email or phone number.
- Magnetometer, accelerometer and Bluetooth readings are processed locally on the device and are never sent to a developer server.
- The App displays advertising through Google AdMob (banner, interstitial, rewarded, native and app-open). See Section 7.
- The App offers an optional one-time “dTector Pro” purchase that removes all advertising. Payment is handled entirely by Apple. See Section 9.
- The App presents a GDPR consent form (Google UMP) and an App Tracking Transparency (ATT) prompt before serving personalized ads. See Section 5.
- Optional air-quality readings are fetched from the keyless Open-Meteo API using your coordinates. See Section 6.
- There is no analytics SDK, no cloud account, and no developer backend (no Firebase, no Supabase). Diagnostic logs use the system logger and stay on the device.
- Discoveries, EMF snapshots and AR field maps are stored on your device via SwiftData; they leave the device only when you explicitly export them.
4. Categories of data the App processes
4.1 Magnetometer and motion sensors
The App reads the device magnetometer through Apple’s Core Motion framework in real time to detect magnetic anomalies, and the accelerometer during the ground-balance calibration (“pump”) routine. These readings are held in memory and rendered as live values, gauges and charts. They are not transmitted to a developer server.
Legal basis (GDPR Art. 6): consent (Art. 6(1)(a)) via the iOS Motion & Fitness prompt where applicable, and performance of the detection feature you requested (Art. 6(1)(b)).
4.2 Bluetooth Low Energy
With your permission, the App scans nearby Bluetooth Low Energy advertisements (reading device names and signal-strength / RSSI values) to compute a radio-frequency activity index that estimates the density of nearby RF sources such as routers, IoT devices and wearables. No payload is broadcast from your phone, and the scan results are processed on the device and not transmitted.
Legal basis: consent (Art. 6(1)(a)) via the iOS Bluetooth prompt and performance of the requested feature (Art. 6(1)(b)).
4.3 Precise location (GPS)
The App requests Core Location authorization in While Using the App mode for two purposes:
- Logging finds. When you tap Log Discovery, the current coordinates are attached to that entry so it can appear on the in-app map and in the Vault. Location is captured only at that moment.
- Air quality. If you open the air-quality feature, your coordinates are sent to the Open-Meteo Air Quality API to retrieve readings for your area (Section 6).
Location is otherwise processed on the device and is not used for advertising by the App. You may revoke it in iOS Settings › Privacy & Security › Location Services.
Legal basis: performance of the service you requested (Art. 6(1)(b)) and your consent given through the iOS permission dialog (Art. 6(1)(a)).
4.4 Camera (AR field mapping)
With your permission, the App uses the camera in its augmented-reality field-mapping mode (ARKit) to anchor 3D electromagnetic-field measurements at real-world positions while you walk and scan. The camera feed is processed live on the device to render the AR scene; camera frames are not stored and are not transmitted to any server.
Legal basis: consent (Art. 6(1)(a)) via the iOS Camera prompt and performance of the requested feature (Art. 6(1)(b)).
4.5 Local content and settings
Content you create — Discoveries, EMF snapshots and AR field maps — is stored on the device using SwiftData. App preferences (theme, sensitivity, sound and haptic profile, Pro status, ad counters) are stored in UserDefaults on the device. This content is not, by itself, uploaded to a developer server. It leaves the device only when you explicitly export it (for example, a point-cloud or CSV file you choose to share).
Legal basis: performance of the service (Art. 6(1)(b)).
4.6 Apple Watch and widget
The Apple Watch companion reads the Watch magnetometer for EMF detection and, with permission, your location to fetch air-quality data (Section 6). The iPhone and Watch exchange sensor and UI state through Apple’s WatchConnectivity framework, directly between your paired devices, without routing through a developer server. The widget reads a small on-device snapshot to display current values.
Legal basis: performance of the service (Art. 6(1)(b)); consent for the underlying sensors/location (Art. 6(1)(a)).
4.7 Network connections
The App connects to the network only for: (a) the Open-Meteo air-quality data source (Section 6), and (b) the advertising and consent services (Sections 5 and 7). The information transmitted is what is technically necessary to fulfil the request — typically your IP address (visible to any server you connect to), the geographic area queried for air quality, timestamps, and advertising-related events.
5. Consent: GDPR (UMP) and App Tracking Transparency (ATT)
For users in the EEA/UK and other covered regions, on first launch the App shows a Google User Messaging Platform (UMP) consent form. The Google Mobile Ads SDK is initialized and ads are requested only after consent allows it; if consent is denied, ads are served in non-personalized mode. You can revisit your choices at any time from Settings › Privacy & Ads › Manage Ad Choices in the App.
The App also presents the iOS App Tracking Transparency prompt. Your choice controls whether the advertising SDK may access the Identifier for Advertisers (IDFA):
- Ask App Not to Track — the App and its SDKs cannot read the IDFA; advertising is non-personalized.
- Allow — the advertising SDK may read the IDFA and serve personalized advertising under Google’s policies.
You can change this at any time in iOS Settings › Privacy & Security › Tracking. Buying dTector Pro removes advertising and, as a consequence, the related IDFA use.
6. Air-quality data — Open-Meteo
The optional air-quality feature retrieves readings (such as European AQI, US AQI, PM2.5, PM10, carbon monoxide, nitrogen dioxide and UV index) from the Open-Meteo Air Quality API (air-quality-api.open-meteo.com), a keyless service. Only the coordinates needed to return data for your area are sent; no account or identifier is attached by the App. Open-Meteo may log the IP address of incoming requests for security and abuse prevention under its own terms and privacy policy; the developer does not receive these logs.
7. Advertising — Google AdMob
In the free tier, the App displays advertising through the Google Mobile Ads SDK (Google AdMob), application ID ca-app-pub-1193280742171051~2786613408 (publisher pub-1193280742171051), in the following formats: banner, interstitial, rewarded (you opt in to watch an ad in exchange for a feature), native and app-open ads.
Google, acting as an independent controller, may process the following for ad delivery, frequency capping, measurement, fraud prevention and (where you granted ATT permission) personalization: IP address, device identifiers (including the IDFA when permitted), advertising-related events such as impressions and clicks, coarse location derived from IP, and device/OS information. The App’s privacy manifest declares these advertising-related data categories (device ID for tracking, coarse location, product-interaction, and crash/performance diagnostics) and the associated tracking domains (googleads.g.doubleclick.net, pagead2.googlesyndication.com, googlesyndication.com, doubleclick.net).
Google’s processing is governed by the Google Privacy Policy and the Ads Data Processing Terms; Standard Contractual Clauses are used for transfers outside the EEA. Users who buy dTector Pro do not see ads.
Legal basis: for non-personalized ads, the legitimate interest in funding a free app (Art. 6(1)(f)); for personalized ads, your consent via UMP and the ATT prompt (Art. 6(1)(a)).
8. No analytics, no cloud backend
The App does not bundle a third-party analytics SDK and does not operate a developer backend (there is no Firebase, Supabase, custom server, account or sync). Diagnostic logs are produced with Apple’s on-device system logger (os.Logger) and remain on the device. The only telemetry that exists is the diagnostic data the Google Mobile Ads SDK collects for its own functionality, described in Section 7.
9. In-app purchase — Apple StoreKit
The App offers an optional one-time dTector Pro purchase (a non-consumable, not an auto-renewing subscription) that permanently removes every advertising surface. It is handled entirely through Apple’s in-app purchase system (StoreKit).
Payment processing. Pricing, billing, refunds, taxes and payment methods are handled by Apple. The developer does not receive or store your card number, Apple ID, billing address or other payment data, under the Apple Media Services Terms.
Data received by the App. Through StoreKit the App receives only the on-device information needed to verify the purchase (transaction and product identifiers). A small entitlement flag (“Pro yes/no”) is cached on the device to remember your status. You can restore the purchase on a new device through StoreKit.
Legal basis: performance of the purchase contract (Art. 6(1)(b)).
10. Where data is processed and international transfers
Data you create is processed on your iOS device. Air-quality requests are routed to Open-Meteo, which operates infrastructure in the European Union. Advertising and consent processing takes place in Google’s global infrastructure, including the United States, with the safeguards described above (including Standard Contractual Clauses where applicable). Apple processes purchase data in its own infrastructure.
11. Data retention
- Content stored on the device (Discoveries, EMF snapshots, AR field maps, settings) is retained until you delete it in the App or uninstall the App. You can erase everything at once via Settings › Danger Zone › Factory Reset.
- The on-device Pro entitlement flag is cleared on uninstall; Apple retains transaction records under its own policies.
- Advertising data is retained by Google per its own policies; air-quality requests are not stored by the App after the reading is shown.
12. Security
The App uses HTTPS for its network requests where supported by the upstream provider. StoreKit transactions are signed by Apple and verified on-device. Local content benefits from iOS data protection when your device is passcode-locked.
13. Your rights
If you are in the EEA, the UK, or a jurisdiction with similar laws, you have the rights of access, rectification, erasure, restriction, portability and objection:
- Erase local data: Settings › Danger Zone › Factory Reset, or uninstall the App.
- Withdraw permissions (location, motion, Bluetooth, camera): iOS Settings › Privacy & Security.
- Withdraw ATT consent / reset the advertising identifier: iOS Settings › Privacy & Security › Tracking.
- Review your GDPR ad-consent choice: Settings › Privacy & Ads › Manage Ad Choices in the App.
- Manage or restore dTector Pro: iOS Settings › Apple ID and the App’s restore option.
- Exercise rights against Apple or Google for the processing they control: through their respective privacy centres.
Contact the developer at andreapiani.dev@gmail.com. You may lodge a complaint with a supervisory authority; in Italy this is the Garante per la protezione dei dati personali.
14. What the App does NOT do
- No account, login, name, email or phone number is collected.
- No third-party analytics SDK and no developer backend (no Firebase, no Supabase, no custom server).
- No transmission of magnetometer, accelerometer or Bluetooth readings to any server.
- No storage or transmission of camera frames; the AR feed stays on the device.
- No background tracking of your location for advertising.
- No direct handling of payment data — the Pro purchase is fully intermediated by Apple.
- No sale of personal data within the meaning of CCPA/CPRA. Sharing for the limited advertising purposes in Section 7 may qualify as “sharing” under CPRA; California residents can opt out via the ATT prompt or by buying dTector Pro.
15. Children
The App is not directed at children under 13 (or under 16 where required by local law) and does not knowingly collect their personal data. Advertising is configured to comply with Google’s policies. In-app purchases can be restricted via iOS Screen Time or Family controls.
16. Changes to this policy
This policy may be updated to reflect new features, new third-party providers, or changes in applicable law. The “Last updated” date tracks the latest revision. Material changes will be announced in the App on first launch after the update.
17. Contact
For any question regarding this policy, contact the developer at andreapiani.dev@gmail.com. We aim to respond within 30 days, in accordance with Article 12(3) GDPR.