Legal

Privacy Policy

Effective 28 April 2026 · HypoMe (“we”, “our”, “us”)

1. Information We Collect

We collect the minimum data required to operate the service. We do not collect data for advertising, tracking, or profiling purposes.

• Account data: Email address and/or Apple ID (name, anonymised Apple identifier) provided at sign-up via Apple Sign-In or email/password registration.
• Experiment and entry data: Experiment titles, interventions, outcome values, adherence flags, free-text notes, and confound tags you log. When you use an AI feature (see below), the experiment metadata and entries relevant to that feature are sent to our AI provider to generate a response.
• AI-feature usage: HypoMe includes optional AI features — the AI Experiment Designer, AI Results Interpreter, and AI next-experiment suggestions — powered by Anthropic’s Claude API. When you use one of these features, we send the relevant experiment metadata and entries to Anthropic so the model can generate a response. We do not send your email, name, or Apple ID. We also store a per-request log entry containing the model name, token counts, request duration, error type, and a one-way hash of your internal user ID for cost auditing and abuse prevention. Raw prompts and raw responses are not persisted on our servers after the request completes. AI requests are rate-limited (3 designs per month for free users; 5 requests per hour for all users) and can be globally disabled or restricted per-user via an operator kill switch.
• Apple Health data (optional): If you choose an outcome backed by Apple Health (Sleep Duration, Daily Steps, Heart Rate Variability, or Active Calories) and grant HypoMe the corresponding per-metric read permission on your device, HypoMe reads the relevant values from Apple Health on-device to populate your baseline and daily check-in entries. Your Apple Health data is never sent to our servers or to Anthropic as a separate payload — only the resulting numeric outcome values for your experiment days are stored with your entries, the same as if you had logged them manually. You can revoke Apple Health access at any time in the iOS Settings app.
• Device and notification data: Push-notification token (to deliver reminders you schedule) and device timezone (to compute experiment schedules). We do not collect device identifiers, hardware information, or location data.
• Subscription and billing data: Subscription tier (free or premium), Apple transaction identifiers, and billing state (e.g. active, expired, in billing grace period) stored on our servers to enforce entitlement access. Payment processing is handled entirely by Apple; we never receive or store your payment-card details.
• Crash and diagnostic data: If the app encounters an error, our crash-reporting service (Sentry) may collect device type, operating-system version, app version, and a stack trace of the error. This data does not include your experiment content or account credentials. You may opt out of crash reporting in your device’s system privacy settings.
• Usage events: We collect lightweight product-usage events (e.g. “experiment created”, “check-in completed”) to improve the service. Raw telemetry event files stored in our AWS account contain the event name, timestamp, app environment, and optional non-content properties. Separate daily aggregate records store an internal user identifier solely to calculate daily active users; that identifier does not include your email or name and is removed from those aggregates if you delete your account. We do not include your experiment content or account credentials in telemetry, and we do not share these events with third parties.
• Anonymous community contributions (opt-in): If you enable “Anonymous Sharing” in Settings, we collect aggregate statistical results from your completed experiments — such as mean values, percent change, effect size, adherence rate, experiment category, and outcome type. These contributions contain no user identifier, experiment identifier, intervention text, hypothesis text, or raw daily data. They are stored separately from your account and cannot be linked back to you. You can revoke previously shared contributions at any time from Settings.
• Internal account annotations: Our team may attach short internal labels (for example, “family” or “Apple reviewer”) and free-text notes to your account record for support and operational purposes — for example, identifying review or test accounts and recording context relevant to support. These annotations are visible only to authorised staff, are stored alongside your other account data, are never shared with third parties, and are deleted when you delete your account.

2. How We Use Your Information

• Deliver and operate the HypoMe app and its experiment-tracking features.
• Send push notifications for experiment reminders you configure and for experiment-phase transitions (e.g. baseline complete).
• Verify and enforce subscription entitlements.
• Diagnose crashes, errors, and performance issues to maintain app stability.
• Respond to account-deletion requests and support inquiries.

We do not use your data for advertising, user profiling, or sale to third parties.

3. Third-Party Services

The following third-party services process data on our behalf. Each service processes only the minimum data required for its function.

• Amazon Web Services (Cognito): Manages user authentication and secure credential storage. AWS Privacy Policy.
• Expo Push Notification Service: Routes push notifications from our servers to your device. Expo Privacy Policy.
• Apple (App Store / StoreKit): Processes subscription purchases and renewals. Apple provides us with signed transaction records (including transaction IDs and subscription state) to verify entitlements. Apple Privacy Policy.
• Anthropic (Claude API): Powers HypoMe’s AI features (Experiment Designer, Results Interpreter, Next-Experiment Suggestions). When you invoke an AI feature, the relevant experiment metadata and entries are sent to Anthropic for model inference. We do not send your email, name, Apple ID, or crash/usage telemetry to Anthropic. Anthropic’s handling of this data is governed by their own terms at anthropic.com/legal.
• Sentry: Collects crash reports and diagnostic data to help us identify and fix errors. Sentry receives an internal user identifier (not your email or name) alongside crash data so we can correlate reports during support. Sentry does not receive your experiment content or account credentials. Sentry Privacy Policy.

We do not share your data with any other third parties. Data processed by the services listed above is subject to their respective privacy policies, linked above.

4. Data Retention

Your account data and experiment data are retained for as long as your account exists. Deleting your account from Settings permanently removes your Cognito credentials and all associated experiment, entry, subscription, and results data from our systems.

Exceptions after deletion:

• Server-side request logs (which may contain your anonymised user ID) are retained for up to 30 days in accordance with our cloud provider’s default log-retention policy, after which they are automatically purged.
• Raw usage telemetry files already written before 13 April 2026 may include an internal user identifier and can remain in our storage for up to 90 days before automatic deletion. Daily telemetry aggregate records persist after account deletion, but the deleted account’s internal identifier is removed from those aggregates during the deletion process.
• Apple retains its own record of your App Store subscription and transaction history independently of us.
• Crash reports already transmitted to Sentry prior to deletion are retained for up to 90 days.
• AI request metadata (model name, token counts, request duration, error type, hashed user ID) is retained in our internal cost-audit store for up to 60 days from the request. Raw prompts and raw responses are not persisted on our servers after the request completes.

5. Data Security

All data transmitted between your device and our servers, and between our servers and the third-party services listed above (including Anthropic’s Claude API), is encrypted in transit using TLS. Authentication tokens are stored on your device using the operating system’s encrypted keychain (Secure Enclave on iOS). Server-side data is stored in encrypted-at-rest databases hosted on Amazon Web Services within the US–West–2 (Oregon) region.

6. Your Rights

• Access: Contact us at support@hypome.com to request a copy of the data we hold about you. We will respond within 30 days.
• Portability: All users can export their experiment data in CSV, JSON, or PDF format directly from the app.
• Deletion: Use “Delete Account” in Settings at any time. All associated data will be permanently and irreversibly deleted, subject to the exceptions listed in Section 4.
• Correction: Contact us to correct inaccurate account information.

7. GDPR (European Users)

Our legal basis for processing is:

• Contractual necessity (Art. 6(1)(b) GDPR) — to provide the service you signed up for.
• Legitimate interest (Art. 6(1)(f) GDPR) — to maintain app stability, diagnose errors, and prevent abuse.

You have the right to access, rectify, erase, restrict, port, or object to processing of your personal data. To exercise these rights, contact support@hypome.com. You may also lodge a complaint with your local data-protection authority.

8. CCPA (California Residents)

We do not sell or share your personal information for cross-context behavioural advertising.

You have the right to know what personal information we collect, to request deletion, and to non-discrimination for exercising your rights. Contact support@hypome.com to make a request.

9. Children’s Privacy

HypoMe is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately and we will delete the data.

10. Changes to This Policy

We may update this policy when our practices change. We will note the new effective date at the top of this page. If a change materially affects how we handle your data, we will notify you via in-app notice or email before the change takes effect.

11. Contact

Questions or concerns? Email us at support@hypome.com.