Your network stays yours. Kilpi evaluates threats on your device. We never receive your browsing activity, your DNS queries, or your block history.
Who we are
Stationify Oy (Business ID: 3608699-3, D-U-N-S: 369301281) is a software company based in Helsinki, Finland. Kilpi is published on the Apple App Store by Stationify Oy.
Our privacy principle
We believe people own their data. Kilpi follows one rule: collect nothing unless the app literally cannot function without it. Threat analysis and rule evaluation happen on your device. Threat-feed updates are the only external downloads. We do not operate user accounts, tracking systems, or analytics platforms.
Data we collect
The short answer: as little as possible. The table below describes the categories of data Kilpi handles.
| Data type | Collected? | Details |
|---|---|---|
| Browsing activity & DNS queries | On-device only | Kilpi inspects URLs and DNS queries locally to evaluate them against your rules and the threat-intelligence feeds. The activity never leaves your device. |
| Block history | On-device only | Recent blocks and matched rules are stored locally so you can audit what the system blocked and why. We never receive this data. |
| Custom rules & allowlists | On-device only | Rules you create stay on your device and (optionally) sync via your iCloud account using Apple's encrypted infrastructure. We never have access. |
| Threat-intel feed updates | Apple / vendor servers | The app downloads compiled blocklists from URLhaus, StevenBlack, PhishingDB, Disconnect, AbuseIPDB, and AlienVault OTX. These are public lists; the request only signals that an update was fetched. |
| Encrypted DNS traffic | Your chosen DNS provider | DNS-over-HTTPS requests go to the encrypted resolver you configure. We do not operate a DNS resolver and never receive these requests. |
| Personal information (name, email, phone) | No | We do not collect personal identifiers. No account is required to use Guardian mode. Expert subscriptions are processed entirely by Apple. |
| Usage analytics & tracking | No | We do not use analytics SDKs, ad trackers, or third-party telemetry. |
| Advertising data | No | We do not display ads or participate in ad networks. |
| Device identifiers | No | We do not read or store IDFA, IDFV, or hardware identifiers. |
| Purchase information | Apple only | Subscriptions are processed entirely by Apple. We do not receive or store your payment details. |
| Diagnostics & crash data | Apple only | If you opt in to share diagnostics with developers via iOS Settings, Apple may provide us with anonymised crash reports. We do not operate our own crash reporting service. |
How protection works
Kilpi installs three on-device network components, all controlled by Apple's Network Extension framework:
- Encrypted DNS — DNS-over-HTTPS settings with local blocklist matching
- Content Filter — system-level URL filtering through a Network Extension content filter
- Safari Blocker — ad, tracker, and cookie-banner blocking via Apple's Content Blocker API
Rules are matched on-device against compiled patterns. None of your traffic is forwarded to Stationify.
Third-party services
Kilpi does not integrate third-party analytics, advertising, or social media SDKs. The only external services involved are:
- Apple StoreKit — for processing the Expert subscription
- Threat-intel feeds — public blocklists (URLhaus, StevenBlack, PhishingDB, Disconnect, AbuseIPDB, AlienVault OTX) downloaded periodically
- Your chosen DNS provider — encrypted DNS queries are sent to whichever DoH resolver you configure
Data storage & security
All user data is stored locally on your device with iOS file protection. Custom rules and allowlists may sync via your iCloud account using Apple's encrypted infrastructure if you enable it. We never have access. You can delete all app data at any time by removing the app from your device.
Children's privacy
We do not knowingly collect any personal data from anyone, including children under 13. Because Kilpi does not collect personal data, it complies with COPPA and similar regulations by design.
Data retention
We do not retain any user data because we do not collect any. Block history, rules, and traffic analytics live on your device. When you delete the app, your local data is removed with it.
Your rights
Under GDPR and other privacy regulations, you have the right to access, correct, and delete your personal data. Since we do not collect or store personal data on our servers, there is nothing for us to provide, correct, or delete. All data remains under your control on your own device.
Changes to this policy
If we update this policy, we will revise the "Last updated" date at the top of this page. If Kilpi introduces new data practices, we will update both this policy and the app's App Store privacy label before the change takes effect.
Contact
If you have questions about this privacy policy or about Kilpi, contact us at:
Stationify Oy
Helsinki, Finland
[email protected]
stationify.fi