**Last Updated**: December 26, 2025

**Effective Date**: December 26, 2025

## Introduction

Instinct ("we," "our," or "the app") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use the Instinct iOS application.

**Key Privacy Principles**:

- No account or email required to use the app

- All data stored locally on your device by default

- Optional iCloud sync to your private iCloud storage

- Minimal data sharing with third parties

- No advertising or behavioral tracking

- You control your data and can delete it anytime

---

## 1. Information We Collect

### 1.1 Health & Fitness Data (Local Storage)

When you use Instinct to track your eating sessions, we collect and store the following information **locally on your device**:

- **Hunger and satiety ratings** (0-100% scale)

- **Meal timing and duration**

- **Hunger type classifications** (physical, emotional, habitual)

- **Meal photos** (optional - you choose whether to capture photos)

- **User notes and reflections** about meals

- **Emotional triggers** (stress, boredom, anxiety, etc.)

- **Hydration tracking** (water intake before meals)

- **Digestive comfort ratings** (optional post-meal check-ins)

- **Journey phase progress** (Deconditioning, Reconnection, Optimization)

**Storage**: This data is stored locally using SwiftData on your device.

**iCloud Sync**: If you enable iCloud, this data syncs to your **private iCloud CloudKit database** This is your personal cloud storage - we do not have access to it.

### 1.2 HealthKit Data (Planned - Not Yet Active)

In future versions, with your explicit permission, we plan to read:

- **Sleep duration** from Apple Health

- **Heart Rate Variability (HRV)** from Apple Health

**Purpose**: To correlate sleep quality with eating patterns and provide personalized insights.

**User Control**: You will be asked for permission before any HealthKit data is accessed. You can revoke this permission anytime in iOS Settings > Health > Data Access & Devices > Instinct.

**Current Status**: HealthKit integration is not yet active. When implemented, we will update this privacy policy.

### 1.3 Subscription Information

If you subscribe to Instinct Premium, we collect:

- **Subscription tier** (Weekly, Monthly, or Annual)

- **Subscription status** (active, expired, cancelled)

- **Subscription expiration date**

**Processor**: Subscription payments are processed by Apple via the App Store. We use **RevenueCat** to manage subscription entitlements.

**Data Shared with RevenueCat**:

- Customer ID (RevenueCat-generated identifier)

- Subscription status and entitlements

- Product IDs

**RevenueCat Privacy Policy**: https://www.revenuecat.com/privacy

### 1.4 Usage Data (Local Only)

We track minimal usage data **stored locally** for app functionality:

- **AI insight generation counts** (for rate limiting - free: 1/day, premium: 20/day)

- **Number of insights viewed** (integer counter)

**No External Analytics**: We do NOT use Google Analytics, Firebase, Mixpanel, or any third-party analytics service.

### 1.5 Information We Do NOT Collect

Instinct does **NOT** collect:

- ❌ Name, email address, or contact information (no account required)

- ❌ Location data (precise or coarse)

- ❌ Browsing history or search history

- ❌ Device identifiers (IDFA) for advertising

- ❌ Contacts, calendar, or other device data

- ❌ Audio or video recordings

- ❌ Crash logs or diagnostics (no crash reporting service)

- ❌ Social media profiles

- ❌ Payment information (handled by Apple)

---

## 2. How We Use Your Information

### 2.1 Core App Functionality

We use your eating session data to:

- **Display your meal history** and progress over time

- **Calculate statistics** (average hunger/satiety, Hara Hachi Bu achievement rate)

- **Detect patterns** in your eating behavior (e.g., "You tend to overeat when sleep-deprived")

- **Provide real-time guidance** via Meal Companion mode

- **Send optional notifications** for daily check-ins and meal reminders

All of this processing happens **locally on your device** or in your **private iCloud database**. We do not have access to your data.

### 2.2 AI-Powered Insights (Premium Feature - Opt-In)

If you subscribe to Instinct Premium **and** opt-in to AI insights, we send **anonymized, aggregated summaries** of your eating patterns to OpenAI's API to generate personalized insights.

**What We Send to OpenAI**:

- Aggregated statistics (e.g., "average satiety level this week: 75%")

- Pattern summaries (e.g., "user tends to eat past fullness on Tuesdays")

- Anonymized context (e.g., "sleep quality: subjective 3/5")

**What We Do NOT Send**:

- ❌ Raw meal data

- ❌ Meal photos

- ❌ Your name, email, or any personally identifiable information

- ❌ URLs, phone numbers, or email addresses in notes (stripped via `DataAnonymizer.swift`)

**Data Anonymization**: We use pattern matching to remove all personally identifiable information (PII) before sending data to OpenAI.

**AI Models Used**:

- Free tier: GPT-4o-mini

- Premium tier: GPT-4o

**OpenAI Privacy Policy**: https://openai.com/privacy

**User Control**: You can disable AI insights anytime in app settings. When disabled, no data is sent to OpenAI.

### 2.3 Subscription Management

We use RevenueCat to manage your subscription status and premium feature access. RevenueCat processes:

- Subscription entitlements (which features you have access to)

- Subscription status checks (is your subscription active?)

- Restore purchases requests

RevenueCat does NOT access your meal data, photos, or health information.

---

## 3. How We Store Your Information

### 3.1 Local Storage (SwiftData)

All meal tracking data is stored **locally on your device** using Apple's SwiftData framework. This data remains on your device unless you enable iCloud sync.

**Data Persistence**: Data remains until you:

- Delete the app (removes all local data)

- Use "Clear All Sessions" in Settings (deletes all meal history)

### 3.2 iCloud Sync (Optional)

If you enable iCloud on your device, your data automatically syncs to your **private iCloud CloudKit database**.

**Container**: `iCloud.com.aitoapps.Instinct`

**Database Type**: Private (only you can access it)

**Conflict Resolution**: Last-write-wins based on modification timestamp

**What Syncs**:

- All eating sessions and meal data

- User profile and journey progress

- Subscription status

- Daily check-ins and craving surf sessions

**Privacy**: Your iCloud data is encrypted by Apple and stored in your personal iCloud account. We do not have access to your iCloud data.

**User Control**: To disable iCloud sync:

1. Open iOS Settings > [Your Name] > iCloud

2. Turn off iCloud for Instinct

To delete iCloud data:

1. Open iOS Settings > [Your Name] > iCloud > Manage Storage

2. Tap "Instinct"

3. Tap "Delete Data"

### 3.3 Data Retention

- **Local Data**: Retained indefinitely until you delete the app or clear sessions

- **iCloud Data**: Retained until you manually delete from iCloud settings

- **RevenueCat Data**: Subscription history retained per RevenueCat's retention policy

- **OpenAI Data**: API requests may be retained for 30 days per OpenAI's policy (anonymized data only)

---

## 4. How We Share Your Information

### 4.1 Third-Party Service Providers

We share limited data with the following third parties to provide app functionality:

#### RevenueCat (Subscription Management)

- **Data Shared**: Customer ID, subscription status, entitlements

- **Purpose**: Manage premium subscriptions and restore purchases

- **Privacy Policy**: https://www.revenuecat.com/privacy

#### OpenAI (AI Insights - Premium Feature)

- **Data Shared**: Anonymized, aggregated meal pattern summaries

- **Purpose**: Generate personalized eating insights

- **User Control**: Opt-in required, can disable in settings

- **Privacy Policy**: https://openai.com/privacy

#### Apple (iCloud Sync)

- **Data Shared**: All user data (if iCloud enabled)

- **Purpose**: Backup and sync across user's devices

- **Privacy**: Stored in user's private iCloud database (we cannot access it)

- **Privacy Policy**: https://www.apple.com/legal/privacy/

### 4.2 We Do NOT Sell Your Data

We **never sell, rent, or trade** your personal information to third parties for marketing or advertising purposes.

### 4.3 Legal Requirements

We may disclose your information if required by law, such as:

- To comply with a subpoena or court order

- To protect our legal rights or defend against legal claims

- To investigate fraud or security issues

- To protect the safety of users or the public

In such cases, we will disclose only the minimum information necessary and will notify you unless prohibited by law.

---

## 5. Your Privacy Rights and Choices

### 5.1 Access Your Data

You can access all your data within the app:

- View meal history in the History tab

- View journey progress in Settings

- Export data (Premium feature - coming soon)

### 5.2 Delete Your Data

You can delete your data at any time:

**Delete All Local Data**:

1. Open app Settings

2. Scroll to "Data" section

3. Tap "Clear All Sessions"

4. Confirm deletion

**Delete iCloud Data**:

1. iOS Settings > [Your Name] > iCloud > Manage Storage

2. Tap "Instinct"

3. Tap "Delete Data"

**Delete App Completely**:

1. Delete the app from your device (removes all local data)

2. Delete iCloud data (see above)

3. Cancel subscription (iOS Settings > Subscriptions)

### 5.3 Disable AI Insights

1. Open app Settings

2. Tap "AI Insights" toggle to OFF

When disabled, no data is sent to OpenAI.

### 5.4 Disable Notifications

1. Open app Settings

2. Tap "Notifications" toggle to OFF

Or disable via iOS Settings > Notifications > Instinct.

### 5.5 Disable Haptic Feedback

1. Open app Settings

2. Tap "Haptic Feedback" toggle to OFF

### 5.6 Cancel Subscription

1. iOS Settings > [Your Name] > Subscriptions

2. Tap "Instinct"

3. Tap "Cancel Subscription"

Your premium features remain active until the end of the current billing period.

### 5.7 Restore Purchases

If you reinstall the app or use it on a new device:

1. Open the paywall screen

2. Tap "Restore Purchases"

Your subscription will be restored from Apple's servers.

---

## 6. Children's Privacy

Instinct is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with information, please contact us at [support email], and we will delete the information.

**Age Rating**: 12+ (App Store rating due to medical/treatment information about eating disorders)

---

## 7. Data Security

We take reasonable measures to protect your information:

### 7.1 Local Storage Security

- Data stored using Apple's SwiftData framework (encrypted by iOS)

- No network transmission unless you opt-in to AI insights

- No cloud storage unless you enable iCloud

### 7.2 Network Security

- All network requests use HTTPS encryption

- OpenAI API requests use secure TLS connections

- RevenueCat uses industry-standard payment security

### 7.3 No External Analytics or Tracking

- No third-party analytics SDKs (no Firebase, Mixpanel, etc.)

- No crash reporting services

- No advertising trackers or IDFA collection

### 7.4 Data Anonymization

- PII removed before sending data to OpenAI (see `DataAnonymizer.swift`)

- URLs, emails, phone numbers stripped from user notes

---

## 8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you by:

- Posting the new Privacy Policy in the app

- Updating the "Last Updated" date at the top of this policy

- Showing an in-app notification (for material changes)

Your continued use of the app after changes are posted constitutes your acceptance of the updated Privacy Policy.

---

## 9. International Data Transfers

Instinct is operated in the United States. If you use the app from outside the U.S., your data may be transferred to and stored in the U.S. or other countries where our service providers operate.

**OpenAI**: Servers located in the United States

**RevenueCat**: Servers located in the United States

**Apple iCloud**: Servers may be located worldwide depending on your iCloud region

By using the app, you consent to the transfer of your information to countries outside your country of residence.

---

## 10. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

### 10.1 Right to Know

You have the right to know what personal information we collect, use, and share.

**Categories We Collect**:

- Health & Fitness Data (hunger/satiety ratings, meal data)

- User Content (meal photos, notes)

- Identifiers (RevenueCat customer ID for subscriptions)

- Usage Data (AI insight counts - stored locally)

### 10.2 Right to Delete

You have the right to request deletion of your personal information.

**How to Delete**: See Section 5.2 above.

### 10.3 Right to Opt-Out of Sale

We **do not sell** your personal information, so there is nothing to opt out of.

### 10.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

### 10.5 How to Exercise Your Rights

To exercise your rights, contact us at [support email]. We will respond within 45 days.

---

## 11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

### 11.1 Legal Basis for Processing

We process your data under the following legal bases:

- **Consent**: AI insights (you opt-in)

- **Contract**: Subscription management (necessary to provide premium features)

- **Legitimate Interest**: App functionality (providing meal tracking features you requested)

### 11.2 Your Rights

- **Right to Access**: Request a copy of your data

- **Right to Rectification**: Correct inaccurate data

- **Right to Erasure**: Request deletion of your data

- **Right to Restrict Processing**: Limit how we use your data

- **Right to Data Portability**: Receive your data in a portable format (coming soon - data export feature)

- **Right to Object**: Object to processing based on legitimate interest

- **Right to Withdraw Consent**: Withdraw consent for AI insights anytime

### 11.3 Data Controller

AitoApps

### 11.4 How to Exercise Your Rights

Contact us at androidoine@gmail.com. We will respond within 30 days.

### 11.5 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority.

---

## 12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

**Email**: androidoine@gmail.com

**Website**: https://instinctapp.carrd.co/#support

**App Developer**:

AitoApps

---

## 13. Consent

By using Instinct, you consent to this Privacy Policy and our collection, use, and sharing of your information as described herein.

If you do not agree with this Privacy Policy, please do not use the app.

---

**Last Updated**: December 26, 2025

**Effective Date**: December 26, 2025