Privacy Policy
The body of this document is provided in English only. Any translation elsewhere on the site is for convenience — the English version is the authoritative legal text.
BetaSuite ("we", "us") provides the BetaSuite mobile app ("the App"). The App is built local-first: feedback entries, recordings, photos, and project data live on your device by default and never leave it unless you choose to use a feature that involves an outside service.
Where you do choose such a feature (cloud sync, AI analysis, weather overlay), data is sent directly from your device to that service. Each service is responsible for its own processing under its own privacy policy. We link to those policies in section 4. We process your personal information in accordance with applicable privacy and data-protection laws in your country of residence.
BetaSuite is based in Australia and handles personal information in line with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you use BetaSuite from the European Economic Area (EEA), the United Kingdom, California, or another region with its own data-protection law, the additional information and rights in section 8 also apply to you. For the limited personal information BetaSuite itself handles, BetaSuite is the data "controller" for the purposes of the EU and UK General Data Protection Regulation (GDPR).
1. What we collect, where it lives
On-device only
Feedback entries, notes, voice memos, photos, videos, screen recordings, project data, markers, sessions, and auto-populated device context (model, OS, app version, optional battery / network state when you enable that toggle). All stored on your device, encrypted at rest using AES via the device secure-storage keychain.
Sent to a third party only when you use that feature
Coordinates → weather provider; files you choose to upload → your own cloud storage account; prompts — and any document or photo you pick for protocol extraction — that you choose to process → your selected AI provider; anonymised crash reports → analytics provider when analytics is enabled. See sections 2–4 for detail.
What we never collect
We do not run a backend that stores your account data or the contents of your feedback entries — the only BetaSuite-operated infrastructure is a Cloudflare Worker used for feature-request posting and the anonymous upvote counter (section 5). We have no access to your cloud storage, your AI requests, or the contents of your feedback entries. We do not sell or trade personal information. We do not run advertising and do not track you across other apps or websites.
2. Cloud sync (optional)
If you connect Google Drive, OneDrive, or iCloud, files you choose to upload are sent from your device to your own account at that provider via standard authentication. We do not see, store, or proxy these uploads. Disconnect the account at any time in Settings → Storage.
3. Weather and analytics (optional)
Weather overlay
Coordinates are sent to a weather provider to retrieve local conditions. On iOS 16+ the default provider is Apple Weather (via Apple's WeatherKit service); otherwise the App falls back to OpenWeatherMap or Open-Meteo. No identifier is sent — only the coordinates needed for the lookup. Wherever weather is displayed in the App, the source's attribution is shown alongside the data — the Apple Weather symbol, the "Weather" wordmark, and a link to Apple's data-source page (per Apple's WeatherKit Terms of Service), plus the corresponding credit for OpenWeatherMap or Open-Meteo.
Apple Weather — view data sources- Apple Weather privacy notice
- Apple Weather data sources (legal attribution)
- OpenWeatherMap privacy policy
- Open-Meteo terms
Crash analytics
When analytics is enabled (off by default), anonymised crash reports and feature events are sent to Firebase / Google. No feedback content, recordings, or personally identifiable information is included.
4. AI features
AI features are on by default. The default "BetaSuite Assist" provider is an umbrella that picks the best backend for each task — on-device when your device supports it, cloud when it doesn't. The two backends BetaSuite Assist can call:
Apple on-device (no data leaves your device)
Used first whenever your device supports it.
- Text generation — Apple Intelligence (Foundation Models), iOS 26+ on iPhone 15 Pro and later, or iPadOS 26+ on iPad with M1 chip or later. In this path no feedback content leaves your device.
- Speech-to-text — Apple's Speech framework (
SFSpeechRecognizer) in on-device mode, iOS 13+ / iPadOS 13+ on most modern iPhone and iPad models. Voice memos and voice notes are transcribed locally — the audio never leaves your device.
Apple publishes a dedicated notice covering Apple Intelligence and Private Cloud Compute: Apple Intelligence & Privacy.
Google Firebase AI (cloud fallback)
Used when on-device routing is unavailable (older iPhone or iPad, locale model not installed, or a feature without an on-device path). The specific text or audio you choose to process is sent to Google for inference under the BetaSuite Assist umbrella, and is governed by Google's privacy policy. We do not see or store the request. Google privacy policy.
You can switch to another provider (Anthropic Claude, OpenAI, Google Gemini, DeepSeek, or BetaSuite Default / Pollinations) or turn AI off in Settings → AI Features.
BetaSuite Default / Pollinations (emergency fallback)
Pollinations is a free, key-less open AI service offered as a last-resort fallback when no other provider is available. When this route is used, the prompt is sent directly from your device to the Pollinations service for inference and is governed by their terms. We do not see, store, or relay these requests. Pollinations is blocked in Confidential Mode along with every other cloud provider. Pollinations.
Bring-your-own-key providers
When you supply your own API key for Anthropic Claude, OpenAI, Google Gemini, or DeepSeek, prompts go directly from your device to that provider for inference. The data is governed by that provider's privacy policy and terms. We do not see, store, or relay these requests. Your API key is held in device secure storage (iOS Keychain) and is never transmitted to us.
- Anthropic Claude privacy policy
- OpenAI privacy policy
- Google Gemini API additional terms
- DeepSeek privacy policy
Voice memo and voice note transcription (on-device first, cloud fallback)
Voice memos recorded inside a session — and voice notes attached to markers or feedback entries — are transcribed whenever AI features are enabled. On iOS 13+ / iPadOS 13+ devices that support it, BetaSuite Assist uses Apple's on-device speech recognition (SFSpeechRecognizer with requiresOnDeviceRecognition): the audio never leaves the device, there is no quota, and no network round-trip is involved. When on-device recognition isn't available (older iOS / iPadOS or locale model not installed) the audio falls back to Google Firebase AI (Gemini) under the BetaSuite Assist umbrella and is governed by
Google's privacy policy.
In Confidential Mode the cloud fallback is blocked — on-device transcription still runs on devices that support it, and is skipped entirely on devices that don't.
The App also offers an optional post-transcription polish step that removes speech fillers ("um", "uh", "like"), tightens punctuation, and softens crude language before the transcript is shown to you or embedded in a report. This polish call routes through whichever AI provider you have selected and shares its privacy posture — disable AI features in Settings to skip it. Profanity is masked at report-generation time in any case.
Apple requires its own one-time system dialog before the on-device speech recogniser can run. BetaSuite triggers that dialog up-front when you grant the master AI consent (during onboarding, or via Settings → AI Features → Skip AI consent prompts) so you handle both consents in one step rather than being interrupted mid-recording later. If you decline the system dialog, the App silently falls back to cloud transcription via BetaSuite Assist; you can change your mind any time in iOS Settings → Privacy & Security → Speech Recognition.
AI session summaries (automatic)
When you complete a test session, the App generates a short bullet summary of that session's markers, feedback notes, and media using the AI provider you have selected. This happens automatically whenever AI features are enabled and Confidential Mode is off; on Apple Intelligence the inference is on-device. The summary is cached locally on your device and is included in exported reports only if you choose to generate one. You can regenerate or delete a summary at any time from the session detail screen.
Test-protocol extraction from a document (cloud only)
BetaSuite can read a test protocol — a checklist of steps to run — out of a manufacturer's document you provide. When you use this, the PDF or photo you select is sent to Google Firebase AI (Gemini) under the BetaSuite Assist umbrella so the steps can be extracted. This feature has no on-device path, so it is disabled entirely in Confidential Mode and wherever cloud AI is unavailable (for example the China mainland storefront), and it runs only after you grant consent for it specifically. We do not see or store the document. Drafting a protocol from a sentence you type sends only that text (handled like the other text AI features above); building one by hand sends nothing.
Confidential Mode (section 6) blocks every cloud AI provider automatically — only Apple Intelligence and Apple on-device speech recognition (strictly on-device) are permitted while Confidential Mode is active, and any feature whose on-device path is unavailable is skipped entirely rather than falling back to a cloud route.
Regional availability
The set of AI providers offered depends on your App Store storefront. Where local law requires it — for example on the China mainland storefront — the App offers only Apple Intelligence (on-device) and does not make any cloud AI provider available; in that case no feedback content is sent to a cloud AI service, and voice transcription and text redaction run on-device only or are skipped where the on-device path is unavailable.
5. Feature requests
The Feature Requests screen lets you share ideas with the BetaSuite team and the wider tester community. Submissions go to a public GitHub repository operated by BetaSuite where every entry is visible to anyone with internet access. You can browse and upvote ideas in-app without signing in.
What is sent
The title, description, category (Capture / Reports / AI / Sessions / Workflow / Other), the app version, and the OS version. No project, session, recording, photo, location, account, or device-identifier data is included.
Automated redaction (best-effort)
Before submission, your text runs through an on-device redactor. Pattern matching removes emails, phone numbers, IP addresses, URLs that look like they carry tokens, long hex / base64 strings, and Luhn-valid credit-card numbers. On iPhone and iPad models that support Apple Intelligence, an on-device language model takes a second pass to redact names, addresses, and employer references. On other devices the redactor falls back to Google Firebase AI (Gemini) — in that path your text is sent to Google for inference, governed by Google's privacy policy. Redaction is best-effort, never guaranteed; please review your text before submitting and avoid personal details.
Where it is stored
Each submission becomes a GitHub Issue in the public feedback repository. Anyone can read, comment on, or react to it. Once posted, an entry cannot be deleted from inside the App. To remove or amend an entry, contact us via Settings → Contact Us and we'll act on it in the public repository.
Confidential Mode
Feature-request submission is permitted in Confidential Mode after a one-tap acknowledgement. The data flow is identical to non-confidential submission — only the form fields are sent — but the App surfaces an extra dialog so you confirm the public posting explicitly.
How it gets there
Your device POSTs to a Cloudflare Worker that BetaSuite operates. The Worker holds a fine-grained access token scoped only to the feedback repository, so the App never embeds a GitHub credential. The Worker runs a second pass of pattern-matching redaction before posting. Your IP address is visible to the Worker for the duration of the request — Cloudflare uses it transiently for rate-limiting and abuse prevention — and is not stored by BetaSuite or forwarded to GitHub.
Unrecognised company brand names
When you set up a project, you can pick the company being tested from a built-in registry of brand swatches. If the company isn't in the registry and you type its name as free text, the App posts a brand-add suggestion to the same public feedback repository so we can grow the registry over time. Only the typed brand name is sent (after the same on-device redaction described above), plus the app version and OS version. No project, session, recording, photo, location, or feedback content is included. Brand suggestions are automatically suppressed while Confidential Mode is active so NDA-protected client names never leave the device.
Anonymous community upvote count
When you tap thumbs-up on a request, the App generates a random UUID on first launch (stored in iOS Keychain) and uses it only to dedupe your vote in a Cloudflare Worker counter. The UUID is not your name, email, account, or any device identifier supplied by the OS — it is just random bytes. It is never sent to GitHub. Reinstalling the App generates a new UUID, so a single person could in principle vote again from a fresh install. We accept that as the cost of "no logins, ever".
6. Confidential Mode
When Confidential Mode is active, the App enforces:
- All data stays on your device.
- Cloud sync is disabled.
- All cloud AI providers are blocked. Apple Intelligence (on-device) and Apple on-device speech recognition are permitted; any feature whose on-device path is unavailable on your device is skipped rather than falling back to cloud.
- Feature-request submission (section 5) remains available after a one-tap acknowledgement, since only form fields leave the device.
- A confirmation dialog is required before any share or export action.
Confidential Mode is best-effort enforcement of the App's data-flow paths. It is not a substitute for your own review of where data goes when you take a manual action (e.g. taking a screenshot, sharing via the system sheet after the dialog).
7. International transfers
The third-party services listed in this policy are operated from various countries. When you use such a service, the data you choose to send may be processed in a jurisdiction with different privacy and data-protection laws than the country you live in. Each service's privacy policy (linked above) describes how that service handles transfers and what protections apply. The BetaSuite Cloudflare Worker used for feature-request posting and the anonymous upvote counter (section 5) runs on Cloudflare's global edge network, so each request is served from the Cloudflare data centre nearest to you — the request may be processed outside your country of residence; see Cloudflare's privacy policy for detail.
8. Legal bases, retention, and your rights
Legal bases for processing (where the GDPR applies)
For users in the EEA or the UK, the limited personal information BetaSuite handles is processed on the following bases: performance of a contract (providing the App you purchased and the features you choose to use); your consent (AI features, optional analytics, and any optional flow that sends data outside your device — you can withdraw consent at any time in Settings, without affecting processing already carried out); and our legitimate interests (keeping the App secure, preventing abuse of the public feedback channel, and improving the App from redacted feature requests), balanced against your rights and freedoms.
How long we keep your data
Data you create in the App stays on your device until you delete it, wipe all app data, or uninstall the App — you control retention, and BetaSuite keeps no copy. The anonymous upvote identifier (section 5) persists only as a random value in the Cloudflare counter and is not linked to you. A feature-request entry is public and remains on GitHub until you ask us to remove or amend it. Optional analytics are retained by the analytics provider under its own policy. Anything you send via the Contact form is kept only as long as needed to handle your enquiry.
Your rights — everyone
Because the App stores data locally, you can exercise most rights directly inside the App:
- View and edit any entry, recording, or project at any time.
- Delete an individual entry, recording, project, or session.
- Wipe all app data (Settings → Data → Wipe all app data) or by uninstalling the App.
- Withdraw consent for analytics or AI by toggling the feature off in Settings.
- Export a portable backup (Settings → Data → Export) so you can take your data with you.
For data you have sent to a third-party service (connected cloud storage, an AI provider you used, the public feedback repository), exercise your rights with that service directly using the contact channel in their privacy policy. For removal or amendment of a feature-request issue, contact us via Settings → Legal → Contact Us and we'll act on your behalf in the public repository. For the limited data BetaSuite itself handles — what you send via the Contact form and any optional analytics you enabled — contact us using the channel in section 10 and we will respond within a reasonable time, and within any period required by applicable law.
Australia (Privacy Act 1988 / APPs)
You may ask us to access or correct personal information BetaSuite holds about you, and you may make a privacy complaint to us via the contact channel in section 10. If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
EEA / United Kingdom (GDPR)
You have the right to access, rectify, erase, restrict, or object to processing of your personal data, the right to data portability, and the right to withdraw consent at any time. You also have the right to lodge a complaint with your local data-protection supervisory authority (in the UK, the Information Commissioner's Office, ico.org.uk). BetaSuite itself handles only a small amount of personal data — what you send via the Contact form, any optional analytics you enable, and redacted feature-request text — while almost everything else stays on your device or is sent directly to providers you choose. On that basis we consider BetaSuite's own processing of EEA/UK personal data to be limited and occasional, not to involve large-scale special-category data, and to be unlikely to result in a risk to your rights and freedoms within the meaning of GDPR Article 27(2), and we have not appointed an EU or UK representative. You can reach us through the contact channel in section 10.
California (CCPA / CPRA)
We do not sell or share your personal information, and we do not use it for cross-context behavioural ("targeted") advertising. Subject to verifying your request, California residents may ask to know, delete, or correct personal information, and will not be discriminated against for exercising these rights. Because almost everything stays on your device, you can exercise the know / delete / correct rights directly in the App; for anything BetaSuite itself handles, use the contact channel in section 10.
Automated decisions
BetaSuite's AI features draft summaries, transcripts, redactions, and reports to assist you, but they do not make automated decisions that produce legal or similarly significant effects about you. You review and control everything before it is used or shared.
9. Children
The App is not directed at children, and we do not knowingly collect personal information from a child. Because the App holds data locally, a parent or guardian can remove it directly via Settings → Data → Wipe all app data, or by uninstalling the App. For a public feature request posted by a child, contact us and we'll remove it on your behalf.
10. Changes and contact
We may update this policy from time to time. The effective date at the top of this page reflects the most recent revision; the current version is always available inside the App at Settings → Legal → Privacy Policy and on this website.
Questions, requests, or complaints about this policy or your data: use the contact form on our support page, or the in-app form at Settings → Legal → Contact Us.
If you are not satisfied with our response, you have the right to lodge a complaint with the data-protection authority in your country of residence.