‹ Armpit

Privacy Policy

privacy.

Effective July 10, 2026

Summary

Armpit is a music player for self-hosted Navidrome and Subsonic-compatible media servers, available on iPhone, iPad, Mac, Apple TV, and Apple Watch. It has no accounts, no analytics, no advertising, and no tracking of any kind.

The developer collects no data. None. Armpit has no server-side component operated by the developer. Everything the app does happens between your devices, your own media server, and your own private iCloud account.

Data the developer collects

Nothing. Armpit contains no analytics SDKs, no crash-reporting services, no advertising identifiers, and no telemetry. The app never contacts any server operated by or on behalf of the developer. The developer cannot see your listening habits, your server address, your credentials, or anything else about your use of the app.

Your media server

Armpit connects directly to the media server you configure (a Navidrome or Subsonic-compatible server you own or have been given access to). Audio streams, album artwork, metadata, search queries, lyrics, and playlists travel directly between your device and that server — often over your local network. The privacy of that data is governed by whoever operates that server, which is typically you.

Playback reporting ("scrobbles") — which tracks you played and when — is sent only to your own media server, using the standard Subsonic scrobble API. It goes nowhere else.

Credentials

Your server URL, username, and password/token are stored in the device's Keychain, Apple's encrypted credential store. On iPhone, iPad, and Mac, the Keychain item may sync between your own devices through iCloud Keychain, which is end-to-end encrypted by Apple. The developer has no access to these credentials at any point.

iCloud sync

To make setup seamless across your devices, Armpit can sync your server list, app settings, and preferences (such as EQ presets and accent color) through your private iCloud account, using Apple's CloudKit private database (with end-to-end-encrypted fields for sensitive values) and NSUbiquitousKeyValueStore.

This data lives in your personal iCloud account and is accessible only to your Apple ID and your devices. The developer cannot read, access, or recover any of it. If you don't use iCloud, the app works entirely locally.

Downloads and local data

Music you download for offline playback, cached artwork, and the app's local library index are stored on the device itself, inside the app's sandboxed container. They never leave the device except as part of your own device backups (which you control through iOS/macOS backup settings). Deleting the app deletes this data.

Per-platform notes

iPhone and iPad

Behave as described above: Keychain (with optional iCloud Keychain sync), private iCloud sync, local downloads, direct server connections. CarPlay on iPhone is a display of the same app — it introduces no additional data flows.

Mac

Identical to iPhone/iPad, including Keychain with optional iCloud Keychain sync and private iCloud sync.

Apple TV

Connects directly to your media server like the other platforms. Credentials are stored in the device Keychain. The Top Shelf extension shows recently played and newly added albums by querying your own server; that data is fetched and displayed locally and shared with no one.

Apple Watch

The Watch app works standalone: it streams from your server and stores downloads on the watch itself. It can receive your server credentials from the paired iPhone using Apple's Watch Connectivity framework — an encrypted, device-to-device Apple channel. Credentials on the watch are stored in the watch's Keychain. Playback reporting from the watch goes only to your server.

Third parties

Armpit uses no third-party services. Beyond Apple's own system frameworks, the only non-Apple component is the open-source AudioStreaming audio engine library, which performs no network calls of its own — it only plays the audio Armpit fetches from your server.

There are no ads, no analytics providers, no crash reporters, and no data brokers involved in any part of the app.

Children

Armpit does not collect data from anyone, including children. There is nothing to collect.

Changes to this policy

If this policy ever changes, the updated version will be posted at this address with a new effective date. Since the app collects nothing, changes are expected to be rare and editorial.

Contact

Questions about this policy or the app: open an issue at github.com/ulm0/armpit/issues.