Privacy Policy
Overview
IntoHarmony is designed to be privacy-first. The majority of your data stays only on your device, and we take a limited, curated subset off-device only for the purposes described below. Data stored on your device is encrypted at rest, and all communication with our servers is encrypted in transit (TLS).
Data Stored On Device Only
The following categories of data are stored in your device’s local storage and are never transmitted to our servers: • Raw health metric values from Apple Health (sleep, heart rate, HRV, respiratory rate, activity) • Your daily cycle log (bleeding and symptom entries) • Behavioural episode logs (individual urges, meals, tools used) • Your full local check-in history • Rhythm engine personalization weights If you opt in to provider sharing and additionally enable “urge patterns” for a specific provider, aggregate counts derived from your urge log (how often and when, over a recent window) are transmitted for that provider to view — never the individual episodes themselves.
Data Transmitted to Our Servers
When you create an account and sign in, we receive: • Account identifiers (email, Supabase user ID) • Only if you have opted in under Profile → Data & research: a curated subset of engagement events — including your check-in inputs and resulting state, your current cycle phase and symptoms, and derived health signals (e.g. “low sleep”), plus validation feedback and session outcomes — used to build, train, and improve the predictive models and rhythm engine behind your insights • Only if you have opted in to provider sharing and linked a provider by invite code: summaries of the app’s own readouts — surfaced patterns, trend estimates, “since you started” effect estimates, engagement summaries, and (only if you enable it per provider) aggregate urge-pattern counts — stored for that provider to view; turning sharing off removes them • Support tickets and feedback you explicitly submit, including diagnostics (app version, OS, device model) These events are linked to your account (they are not anonymous). Kid-profile check-ins are never transmitted and are never used to train models. We do not transmit your raw Apple Health metric values, your daily cycle log, your behavioural episode logs (individual meals, urges), or any free text beyond the support tickets and feedback you choose to send.
How We Use Your Data
We use the limited data we receive to: (a) authenticate your account, (b) if you have opted in under Data & research, build, train, and improve the predictive models and rhythm engine behind your insights, (c) respond to support requests, and (d) detect and fix bugs. We do not use your data for advertising.
Data Sharing
We do not sell your personal data. We share data only with: (a) our cloud infrastructure provider (Supabase) for hosting; (b) crash reporting providers (Sentry) for diagnosing app errors; (c) government authorities when required by law.
Your Rights
You can: (a) view your local data in the Insights and History tabs; (b) export analytics in development builds; (c) delete your account and all associated cloud data from Profile → Privacy & data. Deletion is permanent and cannot be undone.
Data Retention
On-device data persists until you delete it or uninstall the App. Cloud data is retained for as long as your account is active. When you delete your account, we delete associated cloud records within 30 days. If you withdraw research consent, the research data you previously shared is deleted from our servers and your account is excluded from future model-training runs. Withdrawal cannot retroactively remove your data’s contribution from models that were already trained; those models are retrained on a rolling basis, after which your data no longer contributes.
Children’s Privacy
The App is not directed to children under 13, and children do not hold accounts. A parent or legal guardian may operate a kid profile on a child’s behalf; the child’s check-in data is stored only on the device and is never transmitted to our servers or used to train models. We do not knowingly collect personal data from children under 13.
International Transfers
Your cloud data may be processed in the United States or other countries where our infrastructure providers operate. By using the App you consent to this transfer.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via in-app notice before they take effect.
Contact
Questions about your privacy? Use the in-app Contact Support form or email privacy@intoharmony.app.