Privacy Policy

Draft. This policy is written to match how Calmunity actually handles data today. Have it reviewed by a lawyer before public launch, and fill the bracketed placeholders (legal entity, contact email, governing jurisdiction).

Calmunity (“Calmunity”, “we”, “us”) is operated by [Vontiqa / legal entity]. This policy explains what we collect, what we deliberately do not collect, and your choices. The short version: your raw health data never leaves your device.

1. The core principle

Calmunity computes your daily Calm Score (a number from 0–100) entirely on your device, from health data you already have in Apple Health. Your underlying heart rate, resting heart rate, and sleep data are read on-device, used to compute the score, and never transmitted to us or anyone else.

2. What we read on your device (and never send anywhere)

With your permission, Calmunity reads the following from Apple Health, on-device only:

• Heart rate and resting heart rate
• Sleep analysis (duration/stages)
• Related signals used for context (e.g. respiratory rate, wrist temperature) where available

This data is processed locally to produce your Calm Score and personal insights. It is not uploaded, sold, shared, or used for advertising. Per Apple’s requirements, HealthKit data is never used for marketing or advertising and is never sold.

3. What does leave your device

To power the leaderboard, we send only the following to our backend (hosted on Supabase):

• Your derived Calm Score (0–100) and day state (e.g. “scored”, “incomplete”) — never the raw health values behind it
• Your display name and optional avatar
• Your city (a coarse, city-level label — never your precise coordinates)
• Technical metadata: scoring formula version, an illness-pattern flag, and timestamps

Within your city and your private groups, other users can see your display name, avatar, and weekly Calm Score. They cannot see your underlying health data, because we never have it.

4. Location

If you choose “Use my location”, Calmunity requests your location once and converts it on-device into a city name (e.g. “Almaty”). Only the city label is stored — your exact location is never stored or transmitted. You can instead enter your city manually.

5. Account & identity

Calmunity uses Sign in with Apple. We receive the identifier Apple provides and the display name you choose. We do not receive your password. If you use Apple’s “Hide My Email”, we never see your real email address.

6. Analytics

We use PostHog (US Cloud) to understand product usage (e.g. which screens are opened, whether onboarding completed). No health values are ever included in analytics events — only states and counts. Analytics is a separate pipeline from any health processing.

7. What we do NOT do

• We do not transmit, store, or have access to your raw heart rate, sleep, or other Health data.
• We do not sell your data.
• We do not use your data for third-party advertising.
• Calmunity is not a medical service and does not provide medical advice, diagnosis, or treatment.

8. Data retention & your choices

• You can delete your account at any time, which removes your profile, scores, and city/group associations from our backend.
• You can export your on-device daily data as a CSV from within the app.
• Revoking Health or Location permission in iOS Settings stops the corresponding processing immediately.

9. Children

Calmunity is rated 4+ but is intended for general audiences and is not directed at children under 13. We do not knowingly collect data from children under 13.

10. Changes

We may update this policy; we will revise the “Last updated” date and, for material changes, notify you in-app.

11. Contact

Questions or data requests: support@calmunity.app.

Governing privacy law and jurisdiction: [to be set — e.g. GDPR for EU users, CCPA for California].