1-bit ("the app") is an iOS audio player developed by Arsenie Coseac. This policy explains what data the app handles and how. The short version: 1-bit is designed to work without collecting personal data. There is no analytics, no advertising, no tracking, no user account, and no server operated by us.
Regulatory note
1-bit collects no personal data. This design inherently complies with the GDPR (EU), the Swiss Federal Act on Data Protection (FADP), and the CCPA (California). There is no data subject access request to file, because there is no data.
Data stored only on your device
- SMB credentials (server address, username, password) are saved in the iOS Keychain so you don't have to re-enter them. They never leave your device.
- Bridge tokens and TLS fingerprints for any 1-bit Bridge servers you have paired live in the iOS Keychain alongside the SMB credentials. They never leave your device.
- Music library metadata (track, album, artist, playback state, playlists) is kept in a local database on your device.
- Cached artwork and artist images are kept in the app's local Caches directory.
- Local files source (v1.1): files you place in the app's Documents folder play through the app's built-in local source. Nothing about them leaves your device.
- Offline downloads (v1.4): tracks you choose to download for offline playback are stored in the app's private Application Support folder. These files are hidden from the Files app, excluded from iCloud backup so they don't consume your iCloud quota, and removed when you delete the download, delete the share, or uninstall the app. They never leave your device.
- Diagnostic logs (v1.4): a small rolling buffer of recent diagnostic log lines is kept in memory and can be viewed in Settings → Logs. The logs stay on your device unless you explicitly choose to share them from that screen (for example, to attach to a support email).
- Device backup identifier (v1.5): if you turn on playlist backup or playback-history upload for a bridge (both off by default), the app generates a random identifier so the bridge can keep each device's backups separate. It is stored in the iOS Keychain, not linked to your Apple ID or any advertising identifier, not shared with anyone other than the bridge you run, and sent only to that bridge.
- On-device performance metrics (v1.5): the app keeps a small daily summary of its own performance (CPU/energy, memory, playback runtime) from Apple's on-device MetricKit for the in-app diagnostics screen. This summary never leaves your device.
Network requests the app makes
- SMB connections to the servers you configure. These are used to browse and stream your own music files. Requests only go to the servers you specify.
- 1-bit Bridge connections (optional, v1.1): if you pair a 1-bit Bridge server (a companion server you run on your own machine), the app talks to it over HTTPS with a bearer token and a pinned TLS certificate fingerprint captured at pairing time. On the wire the app sends relative paths, byte ranges, and MusicBrainz IDs — never your account info, device ID, or any third-party identifier. When the bridge handles enrichment, the artist-name lookups described below happen on your bridge server, not from your iOS device. See the bridge's own privacy policy at acoseac.github.io/1-bit-bridge/privacy.
- Local-network discovery (Bonjour + SSDP): the app browses for SMB servers and 1-bit Bridge instances (Bonjour) and, in v1.5, DLNA renderers such as a Chord 2Go (SSDP multicast on your LAN). No data leaves your network.
- DLNA renderer playback (v1.5): when you play to a DLNA renderer on your network, the app sends it a standard UPnP control message with the track's tag metadata (title, artist, album, etc.) and a link to the audio file on your own bridge. The renderer fetches the audio directly from your bridge over your LAN — the audio does not pass through any server we operate, and nothing is sent to a third party.
- Playlist backup to your bridge (optional, v1.5, OFF by default): uploads playlists (names and the tracks they contain) to the bridge you run so they survive a reinstall. Goes only to your bridge, never to us or a third party. Per-bridge toggle in Settings.
- Playback history to your bridge (optional, v1.5, OFF by default): uploads what you played (track, listen duration, audio format, output device) to the bridge you run. No account or identity info; goes only to your bridge. Per-bridge toggle in Settings.
- Deezer artist-image lookup (SMB shares only, optional, OFF by default):
if you turn on "Fetch artist images (SMB shares)" in Settings, the app sends the artist
name from your music library to Deezer's public API (
api.deezer.com) to retrieve a public artist photo — but only for SMB shares. 1-bit bridge sources are unaffected by this toggle: their artist images come from the bridge server itself, and the iOS app never contacts Deezer for bridge content. No user identifier, account info, device ID, or other personal data is sent — only the artist's name. You can disable this at any time in Settings. Deezer's own privacy policy: https://www.deezer.com/legal/personal-datas
What we do not do
- We do not collect analytics.
- We do not track you across apps or websites.
- We do not use advertising identifiers.
- We do not sell, share, or disclose your data to third parties.
- We do not operate a server. There is no user account for 1-bit.
- We do not knowingly collect data from children.
iOS permissions the app requests
- Local Network: required to discover SMB servers, 1-bit Bridge instances, and (in v1.5) DLNA renderers such as a Chord 2Go on your network and connect to them. v1.5 adds the multicast networking capability to this permission so the app can perform SSDP discovery of DLNA renderers.
- Background audio: required to continue playback when the app is in the background or the screen is locked.
- CarPlay (v1.4): the app uses Apple's CarPlay Audio entitlement so it can display your library and Now Playing controls on a CarPlay-equipped vehicle's head unit. The CarPlay surface reads the same on-device library used in the iOS app; no additional information is sent over the network for CarPlay, and what's shown on the head unit (track titles, artists, albums, playlists, artwork) is the same content already shown on your phone.
Third-party components
- Deezer public API: used only if you enable the optional artist-image lookup described above.
- AMSMB2 (open-source SMB2 client library embedded in the app): does not transmit data to its developers.
- 1-bit Bridge (optional companion server you run on your own machine, not operated by us): see its separate privacy policy at acoseac.github.io/1-bit-bridge/privacy.
Your rights
Because the app does not collect personal data, there is nothing for us to access, correct, or delete. To remove locally-stored credentials, metadata, and caches, delete the app from your device.
Changes to this policy
If this policy changes, the updated version will be posted at this URL with a new "Last updated" date, and the in-app copy will be updated in the next app release.
Version history
- v1.5 (June 2026) — Added playing to DLNA renderers on your network (such as a Chord 2Go): found via standard SSDP discovery on your local network (adds the multicast networking capability to the existing Local Network permission); when you cast, the app sends the renderer the track's tag metadata plus a link to the file on your own bridge, and the renderer fetches the audio directly from your bridge — nothing routes through a server we operate. Added two optional, OFF-by-default per-bridge features: backing up your playlists to a bridge you run, and uploading your playback history to a bridge you run. Both go only to your own bridge, never to us or any third party; when enabled the app uses a random per-device identifier (Keychain, not linked to your Apple ID or any advertising identifier) so the bridge can separate each device's backups. The app also keeps an on-device performance summary (MetricKit) for the in-app diagnostics screen; it never leaves your device. No new third-party services, and aside from the multicast capability, no new permissions. The data we collect is still none.
- v1.4 (May 2026) — Added CarPlay support: browse and play your library from a CarPlay-equipped vehicle's head unit. The CarPlay surface uses the same on-device library as the iOS app and sends no additional information over the network. Added offline downloads: you can now save selected tracks to your device for playback without a network connection. Downloads are stored in the app's private storage area, hidden from the Files app, excluded from iCloud backup, and removed when you delete the download or uninstall the app. Added an in-app log viewer (Settings → Logs) showing recent diagnostic log lines; the logs stay on your device unless you explicitly choose to share them. Added on-device DSD audio processing (an optional digital signal processing chain for DSD playback) that runs entirely on your device. The CarPlay surface uses Apple's CarPlay Audio entitlement, which is approved at App Review and is not a runtime permission prompt; aside from this entitlement there are no new permissions, no new third-party services, and no change to the data the app collects (still none).
- v1.3 (May 2026) — Stability, metadata, and background-scan polish. The library scanner can now opportunistically continue your first scan of a large library after you background the app, when the device is charging and idle, so you don't have to keep the app in the foreground for the whole walk; this runs locally on your device and transmits nothing new (you can turn it off in Settings → Refresh). Added composer, conductor, and work fields to the library so classical recordings group correctly. Added a Listening Tips guide. Refined the v1.2 cellular streaming control to also suppress opportunistic next-track preloading on cellular when Low Power Mode is on or you've chosen "Warn before streaming" or "Wi-Fi only". No new permissions, no new third-party services, no change to the data the app collects (still none).
- v1.2 (May 2026) — Refined the optional 1-bit Bridge integration. Bridges can now require admin approval for new device pairings — an authorized-device list maintained on the bridge you run, not on a server we operate. Bridges can also generate optional upscaled audio variants on request; variant generation runs on your bridge and never leaves the network you control. Added a per-share cellular streaming control (default "Always allow"; users can opt into "Warn before streaming" or "Wi-Fi only" in Settings). No new permissions, no new third-party services, no change to the data the app collects (still none).
- v1.1 (April 2026) — Added optional 1-bit Bridge support. When you pair a
bridge, your phone talks to a server you run yourself instead of (or in addition to) SMB;
metadata enrichment that v1.0 did from the phone now happens on the bridge. Added local
files playback from the app's Documents folder. Added the
bridge://pairURL scheme for QR-code pairing. - v1.0 (19 April 2026) — Initial release. SMB-only network surface, optional Deezer artist-image lookup, no third-party data sharing.