Data Privacy and Security in Tot
We don't collect any data when you use Tot. The app runs in a sandbox with limited permissions, so your files and data outside of Tot are not visible or accessible to us, and that's the way we like it. The only data that Tot can access are files you explicitly select (e.g. to restore a backup).
The text you type into Tot is stored securely by Apple in iCloud and allows your data to sync across platforms. We do not have access to this iCloud data. In fact, we don't even know where it's stored, and that's for the best.
Your data is also backed up automatically and is stored as unencrypted JSON in a place that's not accessible by most apps (the secure app container). We do not recommend storing secrets in Tot because applications with Full Disk Access (such as Terminal, BBEdit, Transmit, etc.) can access these backups. You can view the unencrypted files using the File > Show Automatic Backups… menu item. Beginning with Tot 1.5, the following command line option will disable automatic backups.
defaults write com.iconfactory.Tot disableAutomaticBackups 1
We do not recommend doing this because iCloud hiccups have resulted in lost data where you'll need a recent backup to recover.
We don’t collect or send data regarding your device, Tot version, or usage patterns. Tot doesn’t even have sandbox entitlements that allow reading or writing to the network. The only network access is done by Apple and can be disabled in Settings by turning off iCloud completely or turning off iCloud Drive for Tot.
Again, we built Tot to protect our own privacy and this naturally extends to our customers who use it. If you have any additional questions, please contact us.