This Privacy Policy ("Policy") explains how Carry (the "App", "we", or "our") handles your information when you use the App. The App is developed and published by TIAN LYU.
If you have questions, comments, or wish to exercise any rights described below, please contact us at murphy.lyu@icloud.com.
By using the App, you acknowledge that you have read, understood, and agreed to this Policy. If you do not agree, please stop using the App and uninstall it.
We designed Carry around the principle of data minimization. We do not collect, store, transmit, or sell any of your personal information to our servers or any third party.
Specifically:
To make the App functional, the following data is generated as you use it:
This data is stored entirely on your device, managed by iOS's system-level database (SwiftData) and protected by iOS's app sandbox. Unless you opt into iCloud sync (see Section 4), no one — including us — can access this data.
When you uninstall the App, this data is removed by iOS along with it.
The App also maintains an automatic local backup file in the app's private sandbox storage directory, used solely for data recovery within the App. This file is not accessible to us or any third party.
In future versions, the App may offer iCloud sync. When enabled:
If you do not enable iCloud sync, this section does not apply.
The App uses iOS local notifications to remind you to start packing before a trip. All scheduling and delivery happen entirely on your device — no notification content passes through any server.
You can disable notifications at any time via iOS Settings.
When you enable "Calendar sync," the App requests access to your system calendar (full access) to write your trips and packing reminders into your calendar, so you can see them in the system Calendar app. In addition, if you enable "Calendar overlay," the App reads events within your trip's date range from the calendars you actively select, to display them alongside your itinerary so you can avoid conflicts; the App does not read calendars you have not selected. This calendar data is processed solely on your device (including any iCloud calendar sync you have enabled, which is handled by Apple) and is never transmitted to us or any third party. Both features are optional and off by default; you can turn them off in the App's Settings at any time, or revoke calendar access via iOS Settings → Carry. Turning off calendar sync can also remove the trip events already written.
When you tap the location button on the map, the App requests access to your device's location ("When In Use") to display your current position via Apple's MapKit framework. This location data is processed on-device and is never transmitted to us or any third party. You can revoke this permission at any time via iOS Settings → Carry.
When you enter a destination city name, it is sent to Apple's geocoding service (CLGeocoder) to resolve its geographic coordinates. This request is processed entirely by Apple and the result is not accessible to us.
When you view the weather forecast for a trip destination, the App sends that destination's geographic coordinates to Apple's WeatherKit service to retrieve weather data. These coordinates are used solely to fetch the forecast, are not linked to your identity, and the App does not store or upload your location history. This request is processed by Apple.
If you choose to enable the period-aware packing reminder, the App requests read-only access to your Cycle Tracking data in Apple Health (HealthKit). This data is used solely on your device to predict whether an upcoming trip may overlap your period, so the App can suggest packing the relevant items. Your health data is never stored by the App, never written back to Health, never included in any backup or iCloud sync, and never transmitted to us or any third party. This feature is entirely optional and off by default — you turn it on yourself under the App's Settings → Period Reminders, and you can turn it off there at any time. If you decline access, the period scene remains available to select manually. You can also revoke Health access at any time via iOS Settings → Privacy & Security → Health → Carry.
When you use the "Rebuild trip from photos" feature, the App reads — only within the photos you actively select through the iOS system photo picker — those photos' capture time and geographic location (EXIF metadata), in order to generate an itinerary locally on your device. The App does not request access to your entire photo library, never uploads or stores your original photos, and never uses the above information for any other purpose or transmits it to us or any third party; it only saves a low-resolution thumbnail on your device for the generated itinerary. You can remove these thumbnails at any time by deleting the corresponding trip or place.
When you actively add files, photos, or links as attachments to an itinerary item (transport / lodging / place) — such as a car-rental contract or hotel confirmation — that content is stored solely on your device (files in the App's private sandbox; links and metadata in the local database) and is never uploaded or transmitted to us or any third party. For privacy, attachments are never included in itinerary content you share or export to others. You can delete attachments at any time within the App.
When you use "Auto-fill from flight number" to look up a flight, the App sends the flight number and date you enter to a third-party aviation data service (via our query proxy) to retrieve that flight's public basic information (route, scheduled times, aircraft, etc.). These query parameters are not linked to your identity and are not used for any other purpose; the App does not upload any other personal information through this feature.
When you search for a place while adding a place / accommodation / transit point to a trip, the App sends the search terms you type (and the approximate coordinates of your trip's destination, used to bias results toward that area) to third-party place-search services to retrieve candidate locations: places within mainland China are handled via Apple MapKit (powered by AutoNavi/AMap in mainland China); overseas places are handled, via our query proxy, by a third-party place-search provider (Mapbox or Geoapify), and if your search terms are in Chinese they are first translated into English via the Microsoft Azure translation service to enable the lookup. These search parameters are not linked to your identity and are not used for any other purpose; the App does not upload any other personal information through this feature.
For the avoidance of doubt, the App does not collect any of the following:
The App does not integrate any third-party analytics, advertising, tracking, push, or crash-reporting SDKs.
The only third-party relationships involved are:
The App is not designed for children under 13. Because the App does not collect any personal information, we do not knowingly collect personal information from any user, including children.
If you are a guardian and have questions or wish to exercise any rights on behalf of a child, please contact us using the email in Section 1.
Because we do not collect or hold any of your personal information, common data subject rights (such as access, rectification, or portability) have no executable target on our side. You retain the following control through your device:
If you reside in the EU, UK, California, or another jurisdiction granting specific data-subject rights, the protections described above already exceed the minimum standards required by applicable law.
Because we do not collect your data, the concept of a retention period does not apply on our side. The retention of data on your device is entirely under your control.
Because data lives on your device and (if enabled) in your iCloud account, security depends on:
We recommend you enable strong passcodes and two-factor authentication on your device and Apple ID.
Because we collect no data, no cross-border data transfer takes place on our side.
If iCloud sync is enabled, any cross-border transfer is handled entirely by Apple under Apple's Privacy Policy.
If we make material changes to this Policy, we will notify you through release notes when the App is updated, and update the "Last updated" date at the top of this page.
Because we have no user account system, we cannot notify you individually by email or push. Please review this Policy when significant version updates are released.
Continued use of the App after changes constitutes acceptance of the updated Policy. If you do not accept the changes, please stop using the App.
For any questions, comments, or to exercise any rights:
Email: murphy.lyu@icloud.com
Operator: TIAN LYU
We aim to respond within a reasonable time (typically within 7 business days).