MagTicker
MagTicker is a MAG-7 market analysis console for iPhone. Your portfolio, watchlist, and settings live entirely on your device. Zero personal data is collected, tracked, or sold.
MagTicker is built with Apple's native frameworks only. No third-party SDKs, no analytics, no advertising. Here is exactly how your data is handled.
Your positions - symbols, quantity, average cost, and notes - are stored exclusively on your device using SwiftData with cloudKitDatabase: .none. iCloud sync is disabled. Your cost basis and P&L figures never leave your iPhone.
Price history and live quotes are fetched directly from Yahoo Finance, Finnhub, and Tiingo. Your device contacts these providers directly - no MagTicker backend server is involved. The developer never sees your queries or the symbols you track.
Finnhub and Tiingo API keys you optionally provide are stored in the iOS Keychain with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly - excluded from iCloud and iTunes backups. Keys are revealed only after Face ID or Touch ID authentication.
Optional tips are processed entirely by Apple's StoreKit 2. MagTicker never sees your payment details, Apple ID, or financial information. All purchases are consumable and are not linked to your identity.
All price data displayed in the app is fetched from publicly accessible market data providers.
Yahoo Finance is used as the default and fallback provider - no account or API key is required. Finnhub and Tiingo are optional paid-tier sources that offer higher rate limits. You configure your preferred provider in Settings → Data Provider. Your device connects directly to these services; MagTicker does not proxy or store the data on any developer-operated server.
A clear look at what MagTicker does - and does not - access or transmit.
| Category | Collected | Detail |
|---|---|---|
| Personal information | Never | No account, no sign-in, no profile |
| Portfolio holdings | On-device only | SwiftData with iCloud sync disabled; never sent to developer servers |
| Watchlist symbols | On-device only | Stored locally in SwiftData; not linked to identity |
| API keys (Finnhub / Tiingo) | Keychain only | Stored with ThisDeviceOnly accessibility; excluded from all backups |
| Market data queries | Never | Fetched directly from providers; developer has no server to log them |
| Usage analytics | Never | No analytics SDK of any kind |
| Device identifiers | Never | No fingerprinting or tracking |
| Advertising data | Never | No ads, no ad networks, no IDFA |
| Payment information | Never | Tip Jar handled entirely by Apple StoreKit 2 |
| Crash reports | Never | No crash reporting SDK; only Apple's standard opt-in diagnostics |
| Push notifications | On-device only | Scheduled locally by UserNotifications; no remote push server |
| Biometric data | Never | Face ID / Touch ID evaluated on-device by iOS; MagTicker receives only a boolean pass/fail |
MagTicker does not operate its own backend servers. The app connects directly to the following services:
The default free market data provider. Used for historical candles, live quotes, and as an automatic fallback for index symbols (SPX, DJI, NDX). No API key required. No personal data included in requests.
An optional market data provider accessed via api.finnhub.io. Your API key is sent as a URL parameter per Finnhub's API design. Connections use SPKI SHA-256 certificate pinning to prevent interception.
An optional market data provider accessed via api.tiingo.com. Your API key is sent as an HTTP Authorization header. Connections use SPKI SHA-256 certificate pinning to prevent interception.
In-app Tip Jar purchases are processed by Apple's servers. MagTicker has no access to your payment method, Apple ID, or transaction details beyond a purchase confirmation receipt verified by StoreKit 2.
MagTicker implements multiple layers of security to protect your API keys and market data in transit.
API keys are stored with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly - they survive device restarts but cannot be extracted via iCloud, iTunes, or cross-device restore. Stale or revoked keys are automatically purged on HTTP 401/403 responses.
Viewing a stored API key in Settings requires biometric or device passcode authentication. Face ID is always preferred; passcode is a fallback only if biometry is unavailable.
Connections to Finnhub and Tiingo use SPKI SHA-256 public-key pinning (implemented with CryptoKit). A single hash match anywhere in the certificate chain is required. MITM attacks in Release builds are blocked.
Financial signals (bias, score, indicator values) are logged with privacy: .private - redacted in system logs on non-development devices. Symbol names are public in logs; values are not.
MagTicker is built exclusively with Apple's native technologies. No third-party analytics, advertising, crash reporting, or tracking frameworks are integrated.
Apple's modern UI framework and native persistence layer. All app data - portfolio, watchlist, snapshots - is stored locally in SwiftData with iCloud sync disabled.
CryptoKit provides SHA-256 for SPKI certificate pinning. The Security framework manages Keychain access. No custom cryptography is used.
Apple's in-app purchase framework for the optional Tip Jar. All transactions handled by Apple with checkVerified enforced on every purchase.
Scheduled analysis alerts (pre-market, open, close, weekly) are delivered via local notifications only - no remote push server or push token is involved.
MagTicker collects no personal data from anyone, making it safe for users of all ages. The app is rated 4+ on the App Store with no objectionable content. No special provisions are required under COPPA or similar regulations, as there is no personal data collection to regulate.
MagTicker does not create accounts, profiles, or any database on developer-operated servers. Since no personal data is collected, stored, or processed on our end, there is no data to access, export, correct, or delete.
Your portfolio holdings and watchlist exist only on your device. You can delete them at any time within the app, or remove the app entirely to erase all locally stored data.
If this policy is updated, the revised version will be published at this page with an updated effective date. The core commitment - that MagTicker does not collect, store, or sell your personal data - will not change.
Effective date: May 20, 2026
If you have questions about this privacy policy or MagTicker, you can reach the developer on X: