Privacy Policy

2.1 Information Stored Locally on Your Device (Not Transmitted to Us)

The following data is collected and stored exclusively on your device in an encrypted local database. We cannot access this data:

• Emotional Logs: Body map paintings, zone selections, activation/deactivation states, intensity levels, emotion labels, timestamps
• Neurotype Profile: Your selected neurotype(s) and calibration preferences
• Biometric Data:Heart rate, heart rate variability (HRV), steps, sleep data, stress scores — sourced from Apple HealthKit, Apple Watch, Google Fit Air, or connected wearables (WHOOP, Fitbit, Garmin, Samsung Health, Pixel Watch)
• Usage Analytics: Check-in frequency, feature usage patterns, notification interaction (stored locally for adaptive frequency calculation)
• AI Model Outputs: Translated emotion labels, confidence scores, physiological correlations

2.2 Information We May Receive

Because all emotional and biometric processing occurs on-device, we receive no personal health data, emotional data, or biometric data from your use of the App. The only information we may receive is:

• App Store / Play Store Distribution Data: Standard app download statistics, crash reports, and app version information provided by Apple App Store Connect and Google Play Console. This data does not include any content you create within the App.
• Opt-In Feedback: If you voluntarily contact us via email or submit feedback through the App, we receive the information you choose to share.
• Anonymized, Aggregated Statistics (Optional):If you explicitly opt in, we may receive anonymized, aggregated usage statistics (e.g., “1,000 check-ins completed today across all users”) that cannot be linked to your identity or your data.
• Waitlist Email (Pre-Launch): If you join our pre-launch waitlist on our website, we store your email address in a secure backend strictly to notify you about the launch. You can request removal at any time.

3.1 On-Device Processing (We Perform This For You, Locally)

Your locally stored data is used exclusively on your device to:

• Translate body maps into emotion labels using the on-device AI translation engine
• Correlate emotional logs with biometric data (heart rate, HRV) to identify patterns
• Adapt notification frequency based on your check-in behavior
• Generate personalized analytics, heatmaps, and trend reports
• Provide profile-specific regulation suggestions (Buffer Mode, grounding exercises)
• Enable data export (PDF reports, CSV) for sharing with healthcare providers at your discretion

3.2 Limited Server-Side Use (Information We Receive)

For the limited information we do receive (App Store data, opt-in feedback, optional anonymized statistics), we use it to:

• Improve app stability and fix bugs (crash reports)
• Understand general adoption trends (download counts by region)
• Respond to user support inquiries
• Develop future features based on aggregated, non-identifiable usage patterns

We do NOT use any information for advertising, marketing, or selling to third parties.

4.1 Apple HealthKit & Apple Watch

Hayuna integrates with Apple HealthKit and Apple Watch to read biometric data (heart rate, HRV, steps, sleep) and write emotional wellness data.

• Read: Hayuna reads heart rate, HRV, step count, and sleep analysis from HealthKit to correlate with your emotional logs and enable passive anomaly detection.
• Write: Hayuna can write emotional state summaries and mindfulness minutes back to HealthKit if you enable this in settings.

Privacy protections:

• All HealthKit data access requires your explicit permission via iOS permission prompts.
• Hayuna never transfers HealthKit data to any server, third party, or advertising platform.
• HealthKit data is used solely for on-device processing to enhance your emotional insights.
• Hayuna does not use HealthKit data for any purpose other than providing the App's core functionality.
• You can revoke HealthKit access at any time in iOS Settings > Privacy > Health.
• Hayuna does not store HealthKit data in iCloud.
• Hayuna does not share HealthKit data with third parties (except as you direct, e.g., exporting a PDF report to your therapist).
• Hayuna does not use HealthKit data for advertising or data mining.
• Hayuna discloses in the App Store privacy label all HealthKit data types read and written.

4.2 Google Fit Air & Connected Wearables (Fitbit, Garmin, Samsung Health, Pixel Watch)

Hayuna integrates with Google Fit Air to access biometric data from a wide range of wearable devices on Android, including Fitbit (heart rate, HRV, active minutes, sleep stages, stress management score), Garmin (heart rate, HRV, Body Battery, stress tracking, sleep score, respiration), Samsung Health (heart rate, HRV, blood oxygen, sleep analysis, stress level), and Pixel Watch (heart rate, HRV, skin temperature, sleep stages, daily readiness).

• All Google Fit Air data access requires your explicit permission via Android permission prompts and Google's OAuth consent screen.
• Hayuna never transfers Google Fit Air data to any server, third party, or advertising platform.
• Google Fit Air data is used solely for on-device processing to enhance your emotional insights.
• You can revoke Google Fit access at any time in Android Settings > Apps > Hayuna > Permissions, or via the Google Fit app settings.
• Hayuna accesses data only through Google Fit Air's standardized API.
• Hayuna does not require direct credentials for any of these services.
• All data remains under the respective provider's privacy policy; Hayuna reads only what you have permitted Google Fit Air to aggregate.

4.3 WHOOP Developer Platform

Hayuna integrates directly with the WHOOP Developer Platform to securely read your health and fitness data, including heart rate, HRV, resting heart rate, respiratory rate, skin temperature, strain score, recovery percentage, sleep stages, and workouts.

• OAuth 2.0:All WHOOP data access requires your explicit permission via WHOOP's secure OAuth flow. Hayuna uses a server-side Client Secret which is never exposed to the client.
• Scopes: Hayuna requests only the minimum read scopes necessary (e.g., read:recovery, read:sleep) for integration.
• Storage: Data fetched from WHOOP is encrypted at rest and used solely to power the Hayuna app experience.
• Revocation: You can disconnect Hayuna at any time directly through the WHOOP app or website, stopping all future data access. You may also request deletion of imported historical data.
• Hayuna only reads data; it does not write or modify your WHOOP data.

4.4 Apple App Store & Google Play Store

Hayuna is distributed through the Apple App Store and Google Play Store. These platforms collect standard distribution data (download counts, ratings, crash reports, device/OS statistics). Apple's privacy policy and Google's privacy policy govern this data. Hayuna does not control what data Apple or Google collects through their respective stores.

4.5 Siri & Shortcuts (Apple Only)

If you enable Siri integration, voice commands (e.g., “Hey Siri, log a spike”) are processed by Apple's Siri infrastructure under Apple's privacy policy. Hayuna receives the structured output of the Siri intent (e.g., “user wants to log a spike”) but does not receive or process the raw audio of your voice command.

4.6 No Third-Party Analytics, Advertising, or Tracking

Hayuna does NOT integrate with:

• Third-party analytics services (e.g., Firebase Analytics, Mixpanel, Amplitude)
• Advertising networks (e.g., AdMob, Facebook Ads, Unity Ads)
• Tracking SDKs (e.g., Facebook SDK, AppsFlyer, Adjust)
• Social media SDKs (e.g., Facebook Login, Google Sign-In)

Hayuna does NOT:

• Serve ads
• Track your behavior across apps or websites
• Sell your data to data brokers
• Share your data with advertising partners
• Use your data for ad targeting

5.1 On-Device Encryption

• iOS:Data Protection (file-level encryption tied to your device passcode/biometric). When your device is locked, Hayuna's data is inaccessible.
• Android:Android's Encrypted File System (or SQLCipher for database-level encryption). Data is tied to your device lock screen credential.

5.2 No Server-Side Data

Because Hayuna does not transmit your emotional or biometric data to any server, there is no server-side data to breach. We physically cannot access your data.

5.3 Device Loss or Theft

If your device is lost or stolen, the encryption protecting Hayuna's data means the data cannot be accessed without your device passcode/biometric. If you remotely wipe your device, all Hayuna data is permanently deleted.

5.4 Data Export Security

When you export data (PDF reports, CSV files), the exported files are stored in your device's file system. You are responsible for securing these files. We recommend using encrypted file storage, not sharing exports via unencrypted channels, and deleting exports after they are no longer needed.

6.1 Access & Portability

You can access all your data at any time within the App (Dashboard, Analytics tabs). You can export your data in CSV format or as a PDF report at any time.

6.2 Deletion

• Individual Logs: Delete specific emotional logs from the Analytics tab
• All Data:Delete all local data via Settings > Privacy > Delete All Data. This permanently removes all emotional logs, body maps, biometric correlations, and analytics from your device. This action cannot be undone.
• Uninstall: Deleting the App from your device permanently deletes all local data.

6.3 Consent Withdrawal

You can revoke permissions at any time:

• Apple HealthKit: iOS Settings > Privacy > Health > Hayuna
• Google Fit Air: Android Settings > Apps > Hayuna > Permissions, or Google Fit app settings
• Notifications: iOS/Android notification settings for Hayuna
• Siri: iOS Settings > Siri & Search > Hayuna

Revoking permissions does not delete existing local data. To delete data, use the deletion options above.

6.4 GDPR Rights (European Union)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request a copy of any personal data we hold about you. Because we do not transmit your emotional or biometric data to any server, we hold no such data.
• Right to Rectification: Request correction of inaccurate data (applies to opt-in feedback only).
• Right to Erasure: Request deletion of your data. For on-device data, use the in-app deletion feature. For any data we hold, contact us at privacy@hayuna.app.
• Right to Restrict Processing: Request that we limit processing of your data (applies to opt-in feedback only).
• Right to Data Portability: Receive your data in a structured, machine-readable format (use the in-app CSV export feature).
• Right to Object: Object to processing of your data (use in-app deletion plus permission revocation).
• Right to Lodge a Complaint: File a complaint with your local supervisory authority if you believe your rights have been violated.

Legal Basis for Processing:Hayuna processes on-device data based on your consent (explicit permission prompts for HealthKit/Google Fit Air) and legitimate interest (providing the core functionality you requested). We do not process data for purposes beyond the App's core functionality without additional consent.

6.5 CCPA Rights (California Residents)

• Right to Know: Request disclosure of what personal information we collect, use, and share. We collect no emotional, biometric, or health data on our servers.
• Right to Delete: Request deletion of your personal information. For on-device data, use the in-app deletion feature; for any data we hold, contact us at privacy@hayuna.app.
• Right to Opt-Out of Sale: We do not sell your personal information. We have never sold and will never sell your data.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Because Hayuna does not transmit emotional or biometric data to any server, the vast majority of your data exists only on your device and is already in your possession and control.

6.6 COPPA (Children's Privacy)

Hayuna is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided personal information to us (e.g., via opt-in feedback), please contact us at privacy@hayuna.app and we will take steps to delete that information.

Age Restriction:Users must be at least 13 years old to use Hayuna. Users aged 13–17 must have parental/guardian consent to use the App, as required by applicable law.