Privacy Policy

1. Who we are

Longevity Arc is an iOS application ("the App") developed and published on the Apple App Store by r6lab Radosław Jóżefowicz, a sole trader registered in Poland. References to "we", "us", or "our" in this policy refer to the developer and data controller identified below. References to "you" or "your" refer to you as a user of the App.

Data Controller (GDPR Article 13)

r6lab Radosław Józefowicz
ul. Akacjowa 3
55-003 Krzków
Poland
EU VAT: PL9730929262
Email: radek@jozefowicz.dev

As an on-device HealthKit application without a user database operated by the developer, we are not required to appoint a Data Protection Officer under Article 37 GDPR. For all privacy-related enquiries, contact us directly at the email address above.

2. Data we process — and where it stays

The App is architected to keep all data on your device. The table below summarises every category of data the App handles, where it is stored, and whether it ever leaves your device.

* Coaching features may invoke Apple's on-device intelligence frameworks. Those requests are handled according to Apple's privacy controls on your device — not routed through developer-operated servers.

3. Apple HealthKit data

Longevity Arc requests read-only access to your Apple Health data through Apple's HealthKit framework. This access is governed by Apple's strict HealthKit rules, which we comply with in full.

What we read

The App may read the following HealthKit data types, depending on what you have authorised in the iOS Health permissions dialogue:

• Heart rate, resting heart rate, and heart rate variability (HRV)
• Sleep analysis and sleep stages
• Step count, active energy burned, and exercise time
• Body metrics: weight, height, body mass index (BMI)
• VO₂max-related cardio metrics when logged
• Walking speed / gait metrics when present
• Date of birth and biological sex (for age- and sex-aware thresholds)
• Respiratory rate, blood oxygen saturation (SpO₂)
• Mindful minutes and other activity data

Local processing — longevity signals

Signal scores, charts, and composite gauges are computed entirely on your device. HealthKit data read for these features is processed locally in memory, never written to any remote server by the developer, and never stored outside of HealthKit itself except for lightweight app caches you can clear by deleting the App. Longevity Arc does not operate application servers that warehouse your vitals. Your HealthKit data is never synced to infrastructure operated by the developer for analytics purposes.

Apple Intelligence & coaching tips (Pro)

When you request coaching-style summaries inside the App, iOS may process prompts using Apple's on-device intelligence (for example Apple Intelligence or Foundation Models APIs where available). That processing follows Apple's own privacy settings on your device. The developer does not receive copies of those prompts or responses and cannot replay them from cloud dashboards.

What we do not operate

Longevity Arc does not implement a Bring Your Own Key workflow. You do not paste Claude, OpenAI, or Gemini API keys into the App, and we do not relay HealthKit exports through developer-controlled backends for generic chat completions.

Prohibited uses — Apple HealthKit rules

In full, HealthKit data obtained by Longevity Arc is never used or disclosed for any of the following purposes:

• Advertising or marketing of any product or service.
• Sale to data brokers, research organisations, or any third party.
• Building profiles of users for commercial or analytical purposes.
• Cross-app or cross-service behavioural tracking.
• Any purpose other than providing health features directly to you within the App.

How to revoke HealthKit access

You can revoke HealthKit access at any time via Settings → Privacy & Security → Health → Longevity Arc. Revoking access immediately stops the App from reading any new health data. Locally cached summaries may remain until you delete the App or clear its storage.

4. Apple Intelligence & on-device coaching

Pro features may surface short coaching summaries informed by your longevity signals. Those summaries are produced through Apple's developer frameworks for on-device generation where the hardware and OS support them.

• No developer-hosted large language model receives your raw HealthKit export.
• You control whether Apple's broader AI features are enabled via iOS Settings.
• If Apple routes any auxiliary processing off-device under its own policies, that handling is governed solely by Apple's agreements with you — not by infrastructure operated by r6lab.

Review Apple's Privacy Policy for details on Apple Intelligence data handling.

5. In-app purchases & RevenueCat

Optional Pro access is sold as an auto-renewing subscription and/or a one-time lifetime unlock through Apple's App Store. To mirror your entitlements across reinstalls, the App uses RevenueCat, a purchase-verification SDK.

What RevenueCat receives

• A randomly generated, anonymous device identifier.
• Your App Store purchase receipt for the purpose of entitlement verification.
• App version and platform information (iOS).

What RevenueCat does not receive

• Your name, email address, or any account credentials — the App does not require account creation.
• Any health data, AI queries, or personal logs.
• Any health data, coaching prompts, or longevity calculations generated inside the App UI.

RevenueCat's privacy policy is available at revenuecat.com/privacy. All payment processing is handled entirely by Apple; we never see or store your payment information.

6. What we do not collect

To be explicit, the following data is never collected, processed, or stored by Longevity Arc:

• Your name, email address, or any registration credentials (no accounts are created).
• Your location data.
• Your browsing history or behaviour within other apps.
• Any advertising identifiers (IDFA or equivalent).
• Data from other apps on your device.
• Microphone, camera, or contacts data.
• Any data for profiling, targeting, or advertising purposes.
• Aggregate or anonymised health statistics sent to our servers.

There are no advertising networks, behavioural analytics SDKs, or marketing trackers in the App.

7. Data retention & deletion

Because all data is stored locally on your device, you are in full control of retention and deletion:

• To delete all App data: delete the App from your iPhone. This removes local caches managed by the App.
• To revoke HealthKit access without deleting the App: go to Settings → Privacy & Security → Health → Longevity Arc and toggle off any data categories.
• To delete your RevenueCat anonymous record: contact us at radek@jozefowicz.dev and we will submit a deletion request to RevenueCat on your behalf.

We hold no data on our own servers and therefore there is nothing further for us to delete.

8. Security

The App is designed with a privacy-first, minimal-collection architecture. Specific security measures include:

• HealthKit remains Apple's encrypted datastore — the App only reads what you authorise.
• Purchase validation traffic uses HTTPS/TLS between your device, Apple, and RevenueCat.
• No developer-hosted database stores vitals, which eliminates an entire class of cloud breaches for this App.
• The App does not embed arbitrary third-party web trackers.

While we take all reasonable precautions, no method of data transmission or storage is 100% secure. If you discover a security vulnerability, please disclose it responsibly to radek@jozefowicz.dev.

9. Children's privacy

Longevity Arc is not directed at, and is not intended to be used by, children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has enabled purchases without permission, contact Apple Support to disable billing or request refunds pursuant to Apple's policies.

10. Your rights

Because we do not collect or hold personal data on our servers, most data subject rights (access, correction, portability, erasure) are exercisable directly by you on your own device. Nonetheless, the following rights apply:

For users in the European Economic Area, UK, or Switzerland (GDPR)

• Right of access: all data we could conceivably hold is the anonymous RevenueCat identifier. You may request confirmation by emailing us.
• Right to erasure: we will submit a deletion request to RevenueCat on your behalf. All other data can be deleted by you directly on your device.
• Right to object / restrict processing: you may stop all data processing by deleting the App and revoking HealthKit permissions.
• Right to lodge a complaint: you have the right to lodge a complaint with your national data protection authority.

The legal basis for processing (to the extent any processing occurs via RevenueCat) is the performance of a contract — specifically, verification that you have purchased the Pro upgrade you are entitled to use.

For California residents (CCPA / CPRA)

• We do not sell or share your personal information.
• We do not use your personal information for cross-context behavioural advertising.
• You have the right to know, delete, and opt out of sale (though there is nothing to opt out of, as no sale occurs).
• You will not be discriminated against for exercising any of these rights.

To exercise any privacy right, email radek@jozefowicz.dev. We will respond within 30 days.

11. Changes to this policy

We may update this Privacy Policy from time to time — for example when Apple ships new on-device intelligence capabilities or when regulations change.

Continued use of the App after a change constitutes acceptance of the updated policy. If you do not agree with a material change, you should stop using the App and delete it from your device.

12. Contact

For any privacy-related questions, requests, or concerns, please contact us:

• Email: radek@jozefowicz.dev
• Subject line: Privacy Request — Longevity Arc

We aim to respond to all privacy enquiries within 30 days. For data deletion requests involving RevenueCat, allow up to 45 days for the third-party deletion to be confirmed.