Privacy Policy
Effective date: July 13, 2026
Dunbar ("Dunbar," "we," "us") is an iOS app that helps you nurture the relationships that matter most, organized into concentric circles. This policy explains what data Dunbar accesses, how it is used, and where it is stored.
The short version.
Dunbar is local-first. Your contacts and the signals used to build your circles are processed and stored on your device. Dunbar has no user account, and your personal data is not transmitted to or stored on any Dunbar server. We never sell or share your data.
1. Information Dunbar accesses
Dunbar only accesses data you explicitly connect during onboarding or from Settings. Each source is optional.
Device contacts
With your permission, Dunbar imports your address book so you can sort the people you already know into circles. For each contact, Dunbar reads the name and (where available) the first phone number, first email address, and photo. This information is stored locally on your device and is used to populate and organize your circles.
Google Calendar data (optional)
If you connect Google Calendar, Dunbar requests read-only
access (the calendar.readonly scope). Dunbar reads
your events and their attendees to count how often you meet with people
(favoring smaller, more personal meetings) as another closeness signal.
This is used on your device only.
Anonymous usage analytics
Dunbar collects minimal, anonymous product analytics (via PostHog) to understand which features are used and to improve the app — for example, events such as opening a screen or expressing interest in an upcoming connector. These events are associated with a randomly generated, app-local identifier that is not linked to your name, your Google account, your contacts, or the contents of any connected source. Analytics are best-effort and never include your contacts, email, or calendar data.
2. How your information is used
Dunbar uses the information above solely to:
- Build and display your relationship circles and reach-out reminders;
- Compute, on your device, a "closeness" signal for each person from how often you meet with them, to suggest who belongs in your closer circles; and
- Understand aggregate, anonymous usage to improve the app.
Dunbar does not use your data for advertising, and does not build profiles about you for any third party.
3. Where your data is stored
All personal data — your contacts, the meeting frequency signals derived from Google Calendar, your circle assignments, and your reminders — is stored in a database on your device. This data is not uploaded to, transmitted to, or stored on any Dunbar server. Dunbar has no account system and keeps no server-side copy of your personal information.
When Dunbar reads Google Calendar data, it does so directly between your device and Google's APIs; the results are used to update your on-device database and are not routed through Dunbar servers.
4. Google sign-in and access tokens
Connecting Google Calendar uses Google's standard OAuth sign-in. The access token Google returns is used once, in memory, on your device to perform the read described above and is then discarded. Dunbar does not persist your Google access or refresh tokens and does not maintain ongoing background access to your Google account. To refresh your circles later, you sign in again. You can also revoke Dunbar's access at any time from your Google Account permissions.
5. Google API Services User Data Policy — Limited Use
Dunbar's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically: data obtained from Google Calendar is used only to provide and improve the relationship features described in this policy; it is processed and stored on your device; it is not transferred to others except as necessary to provide those features, comply with applicable law, or as part of a merger or acquisition; and it is not used for advertising and is never sold. No humans read your Google data except with your explicit consent, to comply with law, or as needed for security or to resolve a problem you report.
6. What we don't do
- We don't sell your personal data.
- We don't share your contacts or calendar data with third parties.
- We don't access your email — Dunbar has no access to any email account.
- We don't store your Google tokens or your personal data on our servers.
- We don't use your Google user data for advertising.
7. Third-party services
Dunbar uses Google APIs (Google Calendar) when you connect it, and PostHog for anonymous analytics. Google's handling of your data is governed by Google's Privacy Policy. Analytics data sent to PostHog is limited to anonymous product events as described in Section 1.
8. Data retention and deletion
Because your personal data lives on your device, you control it directly. You can remove imported people within the app, and deleting the Dunbar app removes its on-device database and the data it contains. Since we do not store your personal data on our servers, there is no server-side copy for us to delete. To stop Dunbar from accessing Google data going forward, revoke access from your Google Account permissions.
9. Children
Dunbar is not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from them.
10. Changes to this policy
We may update this policy as Dunbar evolves. When we make material changes, we will update the effective date above and, where appropriate, provide notice in the app.
11. Contact us
Questions about this policy or your privacy? Email support@thedunbar.app.