HeadYogi

Privacy Policy

Last updated: 2025-09-26

Contact: info@graimatter.nl

Introduction

HeadYogi helps you track headaches and related factors. We designed the app with privacy by default and minimize data collection. This policy explains what data we process, how we use it, and your choices.

What data we process

  • User‑provided data: headache entries, triggers, notes, preferences, and export files you create.
  • Device data: app version, device model, OS version, crash logs (if enabled by Apple), and non‑identifying aggregate analytics Apple provides.
  • Account and purchases: subscription status and transactions are processed by Apple. We do not receive your full payment details.
  • Health data: the app does not read or write HealthKit data.
  • Advertising and tracking: no third‑party ads or tracking SDKs are used.

Storage and Sync

  • Local‑only mode: data stays on your device and iCloud is off.
  • iCloud Sync (optional): when enabled, your data is stored in your private iCloud container and synced across your devices signed into the same Apple ID. Apple provides encryption in transit and on server; with Advanced Data Protection, many categories are end‑to‑end encrypted. We do not have access to your iCloud account.
  • Exports: when you export to CSV/Markdown/PDF, files are created on‑device and only leave your device if you share or upload them.

Security

  • Encryption: iOS provides data‑at‑rest encryption when your device is locked; iCloud encrypts data in transit and on server.
  • App Lock: optional Face ID/Touch ID/passcode gate to protect access within the app.
  • Least‑privilege: the app only requests permissions it needs (e.g., notifications).

How we use your data

  • Provide core functionality (entries, analysis, sync, exports).
  • Improve reliability and diagnose issues (aggregate crash/diagnostic data via Apple where available).
  • Communicate service updates (in‑app notices).

AI Analysis (Pro)

  • If you use the optional Pro feature “AI Analysis”, we send the text of your headache entries and app‑generated summaries to an external large language model (LLM) via the OpenRouter platform (openrouter.ai) to generate insights for you.
  • We minimize what is sent: no account identifiers, no email, and no device identifiers are included. Content is limited to de‑identified text (e.g., your entries and prompts) necessary to produce the analysis.
  • Using AI Analysis is optional. If you do not use this feature, no entry text is sent to external AI providers.

What we do not do

  • We do not sell your data.
  • We do not show third‑party ads.
  • We do not track you across other companies’ apps and websites.

Your choices and rights

  • Switch storage mode anytime: Settings → Privacy & Security → iCloud Sync on/off.
  • Export your data: Settings → Export Data.
  • Delete your data: Settings → Privacy & Security → Delete All Data (removes entries, analyses, exports, and preferences on all devices signed into your Apple ID when using iCloud; in local‑only mode it removes data on this device).
  • Notifications: manage reminders in Settings → Preferences → Notifications or in iOS Settings.
  • EU/UK residents (GDPR): rights to access, rectification, erasure, restriction, portability, and objection. Contact us to exercise rights at info@graimatter.nl.
  • California residents (CCPA): rights to know, delete, and non‑discrimination. We do not sell personal information.

Legal bases for processing (GDPR)

  • Contract: to provide the app’s core features you request.
  • Legitimate interests: app safety, diagnostics, and fraud prevention (minimal and proportionate).
  • Consent: push notifications and iCloud Sync toggles.

Data retention

  • Your entries persist until you delete them or uninstall the app.
  • Diagnostic/crash data retention is governed by Apple’s policies.
  • Exports remain where you save/share them; manage or delete as you prefer.

Children’s privacy

HeadYogi is not directed to children under 13 (or the minimum age in your jurisdiction).

International transfers

iCloud storage locations and transfers are handled by Apple subject to their terms and safeguards. AI Analysis requests sent via OpenRouter may be processed by infrastructure outside your country/region depending on the model/provider you choose; we avoid attaching any direct identifiers to these requests.

Third parties

  • Apple (iCloud, App Store, TestFlight, crash diagnostics).
  • OpenRouter (openrouter.ai) as a gateway to AI model providers for the optional Pro “AI Analysis” feature (request content only; no account identifiers).
  • We avoid additional processors; if that changes we will update this policy.

Changes to this policy

We may update this policy as the app evolves. We will update the “Last updated” date and may provide an in‑app notice for material changes.

Contact

Privacy Q&A

How do I keep my data only on this device?
Turn off iCloud Sync in Settings → Privacy & Security. Data remains local.

Can you see my data?
No. We do not have access to your iCloud or on‑device data.

Do you use HealthKit?
No. The app does not integrate with HealthKit.

Do you show ads or use trackers?
No third‑party ads or tracking SDKs.

How do I export or delete my data?
Export via Settings → Export Data. Delete all data via Settings → Privacy & Security → Delete All Data.

What happens if I uninstall the app?
Local data is removed by iOS. If you used iCloud Sync, your data may remain in your iCloud private container until removed by iCloud policies or by using the in‑app delete before uninstalling.

What personal information do you store about purchases?
Purchases are processed by Apple. We receive subscription status, not your full payment details.

Who can I contact about privacy?
info@graimatter.nl

Change Log

  • 2025-09-26: Initial publication.