Skip to main content
HypoMeTemplatesPricingBlogHelpLog In
  • System
  • Light
  • Dark
  • English
  • Deutsch
  • Español (Latam)
  • Français
  • Italiano
  • Nederlands
  • Polski
  • Português (BR)
  • Русский
  • Українська

Legal

Privacy Policy

Effective 11 June 2026 · HypoMe (“we”, “our”, “us”)

1. Information We Collect

We collect the minimum data required to operate the service. We do not collect data for advertising, tracking, or profiling purposes.

  • Account data: Email address and/or Apple ID (name, anonymised Apple identifier) provided at sign-up via Apple Sign-In or email/password registration.
  • Experiment and entry data: Experiment titles, interventions, outcome values, adherence flags, free-text notes, and confound tags you log. When you use an AI feature (see below), the experiment metadata and entries relevant to that feature are sent to our AI provider to generate a response.
  • AI-feature usage: HypoMe includes optional AI features — the AI Experiment Designer, AI Results Interpreter, AI next-experiment suggestions, AI confound insights, and AI voice check-in parsing — powered by Anthropic’s Claude API. Before we send personal experiment or check-in details to Anthropic for the first time, HypoMe asks for explicit AI data-sharing permission. When you use one of these features after granting permission, we send only the details needed for that request, which may include experiment titles, interventions, outcome definitions, daily outcome values, adherence flags, notes, confound tags, voice transcripts, and numeric Apple Health, Oura, or glucose values that are already part of the experiment entries. We do not send your email, name, Apple ID, payment details, crash reports, or product-usage telemetry to Anthropic. You can revoke AI data-sharing permission at any time in Settings; revoking it prevents new AI requests until you grant permission again. We also store a per-request log entry containing the model name, token counts, request duration, error type, and a one-way hash of your internal user ID for cost auditing and abuse prevention. Raw prompts and raw responses are not persisted on our servers after the request completes. AI requests are rate-limited (3 designs per month for free users; 5 requests per hour for all users) and can be globally disabled or restricted per-user via an operator kill switch.
  • Apple Health data (optional): If you choose an outcome backed by Apple Health (Sleep Duration, Daily Steps, Heart Rate Variability, Active Calories, or Blood Glucose) and grant HypoMe the corresponding per-metric read permission on your device, HypoMe reads the relevant values from Apple Health on-device to populate your baseline and daily check-in entries. Your Apple Health data is never sent to our servers or to Anthropic as a separate health-data export — only the resulting numeric outcome values for your experiment days are stored with your entries, the same as if you had logged them manually. If you grant AI data-sharing permission and invoke an AI feature for an experiment that includes those entries, those numeric outcome values may be included in the prompt sent to Anthropic because they are part of the experiment data being analysed. For blood glucose, individual readings (for example from a connected glucose monitor) are read and processed entirely on your device — only the day’s mean glucose value is stored with your entry, and time-in-range statistics shown in Results are computed on-device and never uploaded. You can revoke Apple Health access at any time in the iOS Settings app.
  • Oura data (optional): If you connect your Oura account from Settings, we store the authorisation tokens needed to access the Oura API on your behalf, and our servers retrieve and store a small daily summary from your Oura account (sleep duration, heart rate variability, readiness score, steps, active calories, and skin-temperature deviation) to populate Oura-backed outcomes. Cached daily summaries are kept for a rolling one-year window while your account exists. Disconnecting Oura in Settings revokes our access at Oura and deletes the stored tokens and every cached daily summary; deleting your account does the same. Your Oura data is never sold or shared with third parties, and is not sent to Anthropic as a separate payload — only the numeric outcome values for your experiment days appear in your entries.
  • Voice check-in (optional): If you use voice check-in, HypoMe uses your microphone and the device or browser speech-recognition system to transcribe your speech. No audio recording is stored by HypoMe. The resulting transcript is sent to our server and then to Anthropic’s Claude API only after you grant AI data-sharing permission, so the AI parser can turn it into draft check-in values, adherence, and notes for you to review. Only the values and notes you choose to submit are saved as your check-in. You can revoke microphone and speech-recognition access in your device or browser settings, and you can revoke AI data-sharing permission in HypoMe Settings.
  • Device and notification data: Push-notification token (to deliver reminders you schedule) and device timezone (to compute experiment schedules). We do not collect device identifiers, hardware information, or location data.
  • Subscription and billing data: Subscription tier (free or premium), Apple or Stripe transaction and subscription identifiers, and billing state (e.g. active, expired, in billing grace period) stored on our servers to enforce entitlement access. Payment processing is handled entirely by Apple (for subscriptions purchased on iOS) or Stripe (for subscriptions purchased on the web); we never receive or store your payment-card details.
  • Crash and diagnostic data: If the app encounters an error, our crash-reporting service (Sentry) may collect device type, operating-system version, app version, and a stack trace of the error. This data does not include your experiment content or account credentials. You may opt out of crash reporting in your device’s system privacy settings.
  • Usage events: We collect lightweight product-usage events (e.g. “experiment created”, “check-in completed”) to improve the service. Raw telemetry event files stored in our AWS account contain the event name, timestamp, app environment, and optional non-content properties. Separate daily aggregate records store an internal user identifier solely to calculate daily active users; that identifier does not include your email or name and is removed from those aggregates if you delete your account. We do not include your experiment content or account credentials in telemetry, and we do not share these events with third parties.
  • Anonymous community contributions (opt-in): If you enable “Anonymous Sharing” in Settings, we collect aggregate statistical results from your completed experiments — such as mean values, percent change, effect size, adherence rate, experiment category, and outcome type. These contributions contain no user identifier, experiment identifier, intervention text, hypothesis text, or raw daily data. They are stored separately from your account and cannot be linked back to you. You can revoke previously shared contributions at any time from Settings.
  • Internal account annotations: Our team may attach short internal labels (for example, “family” or “Apple reviewer”) and free-text notes to your account record for support and operational purposes — for example, identifying review or test accounts and recording context relevant to support. These annotations are visible only to authorised staff, are stored alongside your other account data, are never shared with third parties, and are deleted when you delete your account.

2. Cookies and Similar Technologies

Our web surfaces (the marketing site and the authenticated web app, both served from hypome.com) use a small number of cookies, local-storage keys, and similar browser-storage mechanisms. We do not use cookies for advertising, cross-site tracking, or behavioural profiling. Cookies fall into two categories:

2.1 Strictly Necessary

Required for the service to function. These are always active and do not require your consent. They store no behavioural or marketing information.

  • Authentication session (web app): AWS Cognito issues an opaque session token that proves you are signed in. Stored in an HttpOnly cookie scoped to hypome.com and cleared on sign-out.
  • Language preference (language-storage, browser localStorage): the locale you picked in Settings, so the app loads in the right language on next visit.
  • Appearance preference (appearance-storage, browser localStorage): your light / dark / system theme choice.
  • Cookie consent record (cookie-consent-storage, browser localStorage): the choice you made on the consent banner, so we don’t ask you again on every visit.
  • CloudFront edge cache cookies: short-lived cookies our CDN sets to route requests and improve page-load latency.

2.2 Analytics (Consent Required in EU / UK / Canada / Brazil / Switzerland)

Anonymous diagnostic and performance data. Off by default for visitors in jurisdictions where cookie law requires explicit opt-in (EU/EEA, United Kingdom, Canada, Brazil, Switzerland), and you can turn them off from Settings → Cookie Preferences at any time.

  • Sentry crash reports: device type, browser version, app version, stack trace, and an internal user identifier (never your email or name). No experiment content or credentials are sent. Retained up to 90 days.
  • CloudWatch RUM (Real User Monitoring): anonymised performance metrics (LCP, CLS, INP), 10% session sample. Cookie-free by construction; uses an AWS unauthenticated identity pool that is not linked to your account.

We do not run any marketing, advertising, or personalisation cookies. If that changes, we will add a new tier here and re-prompt for consent.

How to change your mind: open the consent banner via Settings → Cookie Preferences (signed in) or the Cookie Preferences link in the footer (signed out). You can also reset everything by clearing your browser’s site data for hypome.com.

We keep an append-only audit record of consent changes (timestamp, the choice you made, your country at the time, and whether the change came from the banner, Settings, or a sign-in reconcile) for as long as your account exists. This satisfies our obligation under GDPR Article 7(1) to demonstrate that consent was given.

3. How We Use Your Information

  • Deliver and operate the HypoMe app and its experiment-tracking features.
  • Send push notifications for experiment reminders you configure and for experiment-phase transitions (e.g. baseline complete).
  • Verify and enforce subscription entitlements.
  • Diagnose crashes, errors, and performance issues to maintain app stability.
  • Respond to account-deletion requests and support inquiries.

We do not use your data for advertising, user profiling, or sale to third parties.

4. Third-Party Services

The following third-party services process data on our behalf. Each service processes only the minimum data required for its function.

  • Amazon Web Services (Cognito): Manages user authentication and secure credential storage. AWS Privacy Policy.
  • Expo Push Notification Service: Routes push notifications from our servers to your device. Expo Privacy Policy.
  • Apple (App Store / StoreKit): Processes subscription purchases and renewals made on iOS. Apple provides us with signed transaction records (including transaction IDs and subscription state) to verify entitlements. Apple Privacy Policy.
  • Stripe: Processes subscription purchases made on the web, including checkout and self-service billing management. Stripe collects your payment details directly — they never pass through our servers; we receive only customer and subscription identifiers and billing state to verify entitlements. Stripe Privacy Policy.
  • Oura: If you connect your Oura account, we retrieve your daily summary data from the Oura API using the access you grant, as described in Section 1. We interact with Oura only at your instruction; Oura’s own handling of the data in your Oura account is governed by the Oura Privacy Policy.
  • Anthropic (Claude API): Powers HypoMe’s AI features (Experiment Designer, Results Interpreter, Next-Experiment Suggestions, Confound Insights, and voice check-in parsing). When you grant AI data-sharing permission and invoke an AI feature, the relevant experiment metadata, entries, and voice transcript text for that request are sent to Anthropic for model inference. We do not send your email, name, Apple ID, payment details, crash reports, or product-usage telemetry to Anthropic. Anthropic’s handling of this data is governed by their own terms at anthropic.com/legal.
  • Sentry: Collects crash reports and diagnostic data to help us identify and fix errors. Sentry receives an internal user identifier (not your email or name) alongside crash data so we can correlate reports during support. Sentry does not receive your experiment content or account credentials. Sentry Privacy Policy.

We do not share your data with any other third parties. Data processed by the services listed above is subject to their respective privacy policies, linked above.

5. Data Retention

Your account data and experiment data are retained for as long as your account exists. Deleting your account from Settings permanently removes your Cognito credentials and all associated experiment, entry, subscription, results, and connected-integration data (including stored Oura tokens and cached Oura daily summaries) from our systems. If you have an active web subscription, account deletion also cancels it at Stripe, and any Oura access token is revoked at Oura before removal.

Exceptions after deletion:

  • Server-side request logs (which may contain your anonymised user ID) are retained for up to 30 days in accordance with our cloud provider’s default log-retention policy, after which they are automatically purged.
  • Raw usage telemetry files already written before 13 April 2026 may include an internal user identifier and can remain in our storage for up to 90 days before automatic deletion. Daily telemetry aggregate records persist after account deletion, but the deleted account’s internal identifier is removed from those aggregates during the deletion process.
  • Apple retains its own record of your App Store subscription and transaction history independently of us.
  • Stripe retains its own records of your payment and subscription history independently of us, as required for financial compliance.
  • Oura retains the data in your Oura account independently of us — disconnecting Oura or deleting your HypoMe account revokes our access and deletes our copies, but does not affect your Oura account.
  • Crash reports already transmitted to Sentry prior to deletion are retained for up to 90 days.
  • AI request metadata (model name, token counts, request duration, error type, hashed user ID) is retained in our internal cost-audit store for up to 60 days from the request. Raw prompts and raw responses are not persisted on our servers after the request completes.

6. Data Security

All data transmitted between your device and our servers, and between our servers and the third-party services listed above (including Anthropic’s Claude API), is encrypted in transit using TLS. Authentication tokens are stored on your device using the operating system’s encrypted keychain (Secure Enclave on iOS). Server-side data is stored in encrypted-at-rest databases hosted on Amazon Web Services within the US–West–2 (Oregon) region.

7. Your Rights

  • Access: Contact us at support@hypome.com to request a copy of the data we hold about you. We will respond within 30 days.
  • Portability: All users can export their experiment data in CSV, JSON, or PDF format directly from the app.
  • Deletion: Use “Delete Account” in Settings at any time. All associated data will be permanently and irreversibly deleted, subject to the exceptions listed in Section 5.
  • Correction: Contact us to correct inaccurate account information.

8. GDPR (European Users)

Our legal basis for processing is:

  • Contractual necessity (Art. 6(1)(b) GDPR) — to provide the service you signed up for.
  • Legitimate interest (Art. 6(1)(f) GDPR) — to maintain app stability, diagnose errors, and prevent abuse.

You have the right to access, rectify, erase, restrict, port, or object to processing of your personal data. To exercise these rights, contact support@hypome.com. You may also lodge a complaint with your local data-protection authority.

9. CCPA (California Residents)

We do not sell or share your personal information for cross-context behavioural advertising.

You have the right to know what personal information we collect, to request deletion, and to non-discrimination for exercising your rights. Contact support@hypome.com to make a request.

10. Children’s Privacy

HypoMe is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately and we will delete the data.

11. Changes to This Policy

We may update this policy when our practices change. We will note the new effective date at the top of this page. If a change materially affects how we handle your data, we will notify you via in-app notice or email before the change takes effect.

12. Contact

Questions or concerns? Email us at support@hypome.com.

© 2026 HypoMeTemplatesPricingBlogAboutChangelogRoadmapHelpPrivacy PolicyCookie preferencesTerms of Use

Your privacy matters

We use cookies to keep the site working and (with your consent) to improve it via anonymous crash and performance reports. You can change your mind any time from the footer.

Cookie preferences

Choose which cookies HypoMe may use. Necessary cookies keep the site working and cannot be turned off.

Strictly necessary

Required for the site to work (language, appearance, this consent record). Always on.

Analytics

Anonymous crash reports and performance metrics. Helps us improve stability.