Last updated 2026-05-29
This privacy policy applies to the Unraveled app for mobile devices (the "Application"), operated by Sofia Levin (the "Service Provider"). Unraveled is an independent third-party client for Ravelry. It is not affiliated with, endorsed by, or sponsored by Ravelry LLC.
Sofia Levin acts as the Data Controller responsible for the processing of your personal data.
For data protection inquiries and to exercise your GDPR rights, please contact the Data Controller using the contact information above.
Unraveled is a client application for Ravelry's API. It does not operate any backend servers. All of your projects, queue, stash, favorites, messages, photos, and profile information are stored on and retrieved from Ravelry's servers under your existing Ravelry account.
You do not register with Unraveled. You sign in to your existing Ravelry account through Ravelry's OAuth flow, which opens Ravelry's site in a secure system-managed sheet. Your Ravelry password is never seen, transmitted to, or stored by Unraveled. Only the resulting OAuth access token is stored locally on your device in the iOS Keychain to keep you signed in.
Your interactions with Ravelry data are governed by Ravelry's own privacy policy: https://www.ravelry.com/about/privacy.
Unraveled obtains the following categories of information in order to function:
The Service Provider uses this information solely to provide the Application's functionality. Unraveled does not send marketing communications.
When the Application crashes, becomes unresponsive, or experiences a performance issue, diagnostic information is transmitted to Sentry (see Third Parties below). This may include:
The Application also sends a small set of anonymous product-interaction events to TelemetryDeck (see Third Parties below) to measure the trial-to-purchase conversion funnel. These events include:
Each event is associated with an anonymous device hash that cannot be linked back to your Ravelry account, your Apple ID, or any other personally identifying information. Payload values are limited to short non-identifying strings (e.g., entry source, days remaining).
This data is used exclusively to diagnose stability problems and to measure how the Application is performing. It is not used for advertising, profiling, or cross-app tracking.
No. Unraveled does not use the iOS Advertising Identifier (IDFA), does not display advertising, and does not track you across other applications or websites.
No. Unraveled does not request or collect device location information.
No. Unraveled does not use AI technologies to process your data or generate features.
Where the GDPR applies, the Service Provider relies on the following lawful bases:
The Application relies on the following third-party services. Each has its own privacy policy that governs how it handles data:
Where the GDPR applies, the Service Provider enters into Data Processing Agreements with these processors as required by Article 28 GDPR.
The Service Provider may disclose information:
Some of the third parties listed above (Apple, Sentry, Ravelry) may process personal data outside the European Economic Area (EEA), including in the United States. TelemetryDeck stores its data on EU-based servers and does not transfer data outside the EEA. Where transfers outside the EEA do occur, the Service Provider relies on the transfer mechanisms required by GDPR Chapter V, including:
Countries outside the EEA may not provide the same level of data protection as the EEA. Where required by law, the Service Provider applies appropriate safeguards.
You can stop the Application from communicating with Ravelry, Apple, or Sentry by uninstalling it. To remove the locally cached authentication token and other on-device state, sign out from the Application's Settings before uninstalling. Note that iOS may retain Keychain entries (including authentication tokens and trial start date) across reinstall by design; signing out clears these.
To delete data stored on Ravelry's servers (your account, projects, stash, etc.), use Ravelry's own account-management tools or contact Ravelry directly.
To request deletion of any personal data the Service Provider controls, or to exercise any of your rights, contact feedback@getunraveled.app.
Unraveled does not operate its own servers and does not retain personal data centrally. Data persists only in the following locations:
The Service Provider is committed to safeguarding the confidentiality of your information. The Application uses iOS Keychain for sensitive credentials, HTTPS for all network communication with Ravelry, and Apple's StoreKit for purchases. Access to information processed by Unraveled is limited to Sofia Levin, the sole developer. However, no security system can prevent all potential security breaches.
In the event of a personal data breach that poses a risk to your rights and freedoms, the Service Provider will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Where the breach is likely to result in a high risk to your rights and freedoms, the Service Provider will also notify affected individuals without undue delay, providing information about the nature of the breach, the categories of data affected, and the measures taken or proposed to address it.
The Application is not intended for children under 16 years of age, or where a higher age of digital consent is established by applicable law. The Service Provider does not knowingly solicit data from children or market the Application to them.
If the Service Provider becomes aware that a child has provided personal information through the Application, the Service Provider will take steps to remove that information from the locations under their control and notify Ravelry where applicable. If you are a parent or guardian and believe your child has provided information through the Application, please contact feedback@getunraveled.app.
The Service Provider may update this Privacy Policy from time to time. The Service Provider will indicate material changes by updating the "Last updated" date at the top of this document. For material changes that affect how personal data is processed, the Service Provider will, where required by law, seek your consent before the changes take effect. Previous versions are available upon request at feedback@getunraveled.app.
Under the GDPR, you have the following rights:
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority. Contact details for each country's Data Protection Authority can be found at: https://edpb.ec.europa.eu/about-edpb/members_en
If you are located in the United Kingdom, you may contact the Information Commissioner's Office at https://ico.org.uk.
If you are a resident of California, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:
To exercise any of these rights, please contact feedback@getunraveled.app. The Service Provider will verify your request using the information you provide and respond within the timeframes required by law. You may designate an authorized agent to make a request on your behalf.
By signing in to your Ravelry account through Unraveled, you affirmatively consent to the data processing described in this policy as necessary to provide the Application. You may withdraw consent for optional processing at any time without affecting processing carried out before withdrawal. Processing based on other lawful bases — including contract performance, legitimate interests, or legal obligation — continues as described above.
For any questions about this Privacy Policy or to exercise your rights, contact:
The Service Provider will respond within one month of receiving your request, extendable by up to two months where necessary due to the complexity or volume of requests, as permitted by applicable law.