Legal

Privacy Policy

Effective date: 16 May 2025 · Last updated: 16 May 2025

      Plain-language summary: Everwell stores all your data exclusively on your device. We do not collect, transmit, or sell any personal information. Health data is read from Apple Health only with your permission and never leaves your device.
    

1. Data Controller

The controller responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (EU) 2016/679 (GDPR) is:

r6lab Radosław Józefowicz
ul. Akacjowa 3
55-003 Krzykow
Poland (EU)
EU VAT: PL9730929262
Email: radek@jozefowicz.dev

2. Scope of This Policy

This policy applies to the Everwell iOS mobile application (the "App") distributed on the Apple App Store. It does not apply to third-party services you may access through links in the App.

3. Data We Process

3.1 Data stored locally on your device

The App stores the following data exclusively in the device's sandboxed local storage. This data never leaves your device and is never transmitted to us or any third party:

Habit definitions and daily completion state you create
Personal goals (step target, sleep target, active days target)
Financial habit selections
Application settings (AI provider preference, review schedule, notification preferences, Pro status)
Weekly review history and AI-generated reflection text

3.2 Apple Health data

If you grant permission, the App reads the following data types from Apple HealthKit:

Step count
Sleep analysis (including sleep stages: deep, REM, and awake periods)
Active energy burned
Resting heart rate

This data is read locally on your device and used solely to calculate your protection score and populate your trends. It is never transmitted to our servers. We have no access to your Apple Health data. Everwell is a wellness tool — not a medical device — and its scores are for personal motivation only.

3.3 AI reflections

Depending on the AI provider you choose in Settings:

Apple Intelligence: processing occurs entirely on-device via Apple's private APIs. No data leaves your device.
Custom API key (BYOK): a summary of your weekly statistics (no raw health records, no personal identifiers) is sent to the AI provider you configure (e.g. OpenAI) using the API key you supply. You are subject to that provider's privacy policy.
Built-in summaries (no AI): no external network call is made.

3.4 Push notification content

If you grant notification permission, the App schedules local notifications for your weekly review reminder. Notifications are generated and displayed entirely on-device. No notification content is sent to external servers.

3.5 In-app purchases

Pro subscription purchases are processed by Apple's App Store and RevenueCat (our payment infrastructure provider). RevenueCat receives an anonymous App User ID (a random UUID generated on first launch) and purchase receipt data solely to validate entitlements. RevenueCat does not receive your name, email, or health data. See RevenueCat's Privacy Policy.

3.6 Data we do NOT collect

Name, email address, or any account information (no account is required)
Raw Apple Health records on our servers
Location data
Device identifiers or advertising IDs
Usage analytics or crash telemetry
Payment card or banking information

4. Legal Basis for Processing (GDPR Article 6)

Processing activity	Legal basis
Storing habits, goals, and settings on your device	Art. 6(1)(b) — necessary for the performance of the app's service at your request
Reading Apple Health data	Art. 6(1)(a) — your explicit consent, granted via the Apple Health permission prompt
Scheduling local push notifications	Art. 6(1)(a) — your explicit consent, granted via the iOS permission prompt
Validating Pro purchase via RevenueCat	Art. 6(1)(b) — necessary for the performance of the transaction you initiated
Sending weekly stats to a BYOK AI provider	Art. 6(1)(a) — your explicit consent, given when you choose and configure the BYOK option

5. Data Transfers Outside the EU

When you use the BYOK AI option, your weekly statistics summary is transferred to the AI provider you configure, which may be located outside the EU. You control this by your choice of provider and API key. All other app data remains on your device.

RevenueCat (USA) processes purchase receipts. RevenueCat operates under standard contractual clauses and its own GDPR commitments. Apple's App Store and payment infrastructure operate under Apple's Privacy Policy.

6. Data Retention

All app data persists on your device until you delete the App or clear its storage. Uninstalling the App removes all locally stored data. We hold no copies of your data on our infrastructure. RevenueCat retains purchase records as required by Apple and applicable law.

7. Your Rights Under the GDPR

As a data subject in the EU/EEA, you have the following rights. Because we hold no personal data on our servers, most of these rights are exercised directly on your device:

Access (Art. 15)All your data is visible within the App at any time.

Rectification (Art. 16)Edit or delete any habit, goal, or setting directly in the App.

Erasure (Art. 17)Delete all data by removing the App from your device.

Portability (Art. 20)Data export is available in Settings (coming soon).

Restriction (Art. 18)Revoke Health or notification permission at any time in iOS Settings.

Object (Art. 21)Switch AI provider to "Built-in summaries" to stop any external data flow.

To exercise any right that requires our involvement, contact us at radek@jozefowicz.dev. You also have the right to lodge a complaint with the Polish supervisory authority: Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa.

8. Health Data — Special Category Notice

Step count, sleep data, heart rate, and active energy are health-related data and may constitute special category data under GDPR Art. 9. This data is processed exclusively on your device based on your explicit consent (Art. 9(2)(a)) given through the Apple Health permission prompt. We have no technical access to this data.

9. Children

The App is not directed at children under 13 years of age, and we do not knowingly process data from children. If you believe a child has used the App, contact us and we will provide guidance on removing the local data.

10. Security

App data is stored in Apple's sandboxed on-device storage, protected by iOS device encryption and the iOS security model. We have no access to this storage. You are responsible for securing access to your device.

11. Changes to This Policy

We may update this policy if the App's data practices change. We will update the "Last updated" date above and, for material changes, provide notice within the App or on this page. Your continued use of the App after the effective date constitutes acceptance of the revised policy.

12. Contact

For any privacy-related questions or to exercise your rights:

r6lab Radosław Józefowicz
ul. Akacjowa 3, 55-003 Krzykow, Poland
radek@jozefowicz.dev

This document was prepared in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation).