Privacy Policy

1. Who we are

Metrya is an iOS application ("the App") developed and published on the Apple App Store by r6lab Radosław Jóżefowicz, a sole trader registered in Poland. References to "we", "us", or "our" in this policy refer to the developer and data controller identified below. References to "you" or "your" refer to you as a user of the App.

Data Controller (GDPR Article 13)

r6lab Radosław Józefowicz
ul. Akacjowa 3
55-003 Krzyków
Poland
EU VAT: PL9730929262
Email: radek@jozefowicz.dev

As a BYOK application with no backend data collection, we are not required to appoint a Data Protection Officer under Article 37 GDPR. For all privacy-related enquiries, contact us directly at the email address above.

2. Data we process — and where it stays

The App is architected to keep all data on your device. The table below summarises every category of data the App handles, where it is stored, and whether it ever leaves your device.

We do not collect analytics, usage statistics, or behavioural data of any kind. There are no third-party analytics SDKs in the App.

3. Apple HealthKit data

Metrya requests read-only access to your Apple Health data through Apple's HealthKit framework. This access is governed by Apple's strict HealthKit rules, which we comply with in full.

What we read

The App may read the following HealthKit data types, depending on what you have authorised in the iOS Health permissions dialogue:

• Heart rate, resting heart rate, and heart rate variability (HRV)
• Sleep analysis and sleep stages
• Step count, active energy burned, and exercise time
• Body metrics: weight, height, body mass index (BMI)
• Date of birth and biological sex (for biological age calculations)
• Respiratory rate, blood oxygen saturation (SpO₂)
• Mindful minutes and other activity data

Local processing — Dashboard & Biological Age

The Health Dashboard and Biological Age feature are computed entirely on your device. HealthKit data read for these features is processed locally in memory, never written to any remote server, and never stored outside of HealthKit itself. Metrya does not operate any servers or backend infrastructure. Your HealthKit data is never stored on Metrya servers or synced to iCloud by this App.

AI Advisor — data transmission disclosure

If you choose to use the AI Advisor feature, the App will format a relevant subset of your HealthKit data (and, for Pro subscribers, your manual logs and profile context) into a prompt and transmit it directly from your device to the AI provider whose API key you have entered (Anthropic, OpenAI, or Google). This transmission:

• Is initiated only by your explicit action (tapping Send on a query).
• Goes device → your AI provider — Metrya is not an intermediary and does not receive, log, or store the content.
• Is governed by your chosen AI provider's own privacy policy (linked in §4).
• Requires your explicit in-app consent before the first query is sent.

You may stop using the AI Advisor at any time; doing so stops all HealthKit data from being transmitted to any AI provider.

Prohibited uses — Apple HealthKit rules

In full, HealthKit data obtained by Metrya is never used or disclosed for any of the following purposes:

• Advertising or marketing of any product or service.
• Sale to data brokers, research organisations, or any third party.
• Building profiles of users for commercial or analytical purposes.
• Cross-app or cross-service behavioural tracking.
• Any purpose other than providing health features directly to you within the App.

How to revoke HealthKit access

You can revoke HealthKit access at any time via Settings → Privacy & Security → Health → Metrya. Revoking access immediately stops the App from reading any new health data. Existing data already processed locally or sent to an AI provider during a previous session cannot be recalled.

4. Data Processing and Third-Party AI

This section contains language required to comply with Apple's App Store privacy label requirements and HealthKit guidelines for Bring Your Own Key (BYOK) applications.

What this means in practice

When you send a query in the AI Advisor, the App packages the relevant portion of your Apple Health data (and, if you are a Pro subscriber, your manual logs and profile context) into a prompt and sends it as an API request directly from your device to the AI provider you have configured. This communication is between your device and the AI provider. We are not involved in, and do not have access to, the content of those requests.

Choosing your AI provider

The App currently supports the following AI providers. Before using any provider, you should review their privacy policy:

• Anthropic (Claude): anthropic.com/privacy
• OpenAI (GPT): openai.com/policies/privacy-policy
• Google (Gemini): policies.google.com/privacy

API usage (as opposed to consumer products) is generally subject to stricter data processing terms at these providers — for example, Anthropic's API does not use your prompts to train models by default. However, you are responsible for reviewing and accepting the terms of your chosen provider independently.

What data is sent to the AI provider

Only the data necessary to answer your query is included in each API request. The App does not send your entire HealthKit history in every request — it selects the relevant recent data (typically the last 7–30 days) based on the context of your question. For Pro users, relevant manual logs, session data, and profile context are appended to provide richer, more personalised responses.

5. API key storage

The iOS Keychain is an encrypted, hardware-backed secure storage system provided by Apple. Keychain entries are protected by the device's hardware security module (Secure Enclave on supported devices), meaning the key is never exposed in plaintext outside of the secure enclave — not to Metrya, not to other apps, and not during backups. Your API key is:

• Never transmitted to our servers (we have none).
• Never included in analytics, crash reports, or any outbound communication other than the direct API request to your chosen AI provider.
• Accessible only by the Metrya app on your device.
• Excluded from iCloud backups — it does not leave your device.
• Deleted from the Keychain when you remove the App from your device.

You are responsible for keeping your API key secure. If you believe your API key has been compromised, revoke it immediately in your AI provider's dashboard and generate a new one.

6. In-app purchases & RevenueCat

The Pro upgrade is a one-time, non-consumable in-app purchase processed through Apple's App Store. To verify your entitlement status across app reinstalls, the App uses RevenueCat, a third-party purchase management SDK.

What RevenueCat receives

• A randomly generated, anonymous device identifier.
• Your App Store purchase receipt for the purpose of entitlement verification.
• App version and platform information (iOS).

What RevenueCat does not receive

• Your name, email address, or any account credentials — the App does not require account creation.
• Any health data, AI queries, or personal logs.
• Your API key.

RevenueCat's privacy policy is available at revenuecat.com/privacy. All payment processing is handled entirely by Apple; we never see or store your payment information.

7. What we do not collect

To be explicit, the following data is never collected, processed, or stored by Metrya:

• Your name, email address, or any registration credentials (no accounts are created).
• Your location data.
• Your browsing history or behaviour within other apps.
• Any advertising identifiers (IDFA or equivalent).
• Data from other apps on your device.
• Microphone, camera, or contacts data.
• Any data for profiling, targeting, or advertising purposes.
• Aggregate or anonymised health statistics sent to our servers.

There are no advertising networks, behavioural analytics SDKs, or marketing trackers in the App.

8. Data retention & deletion

Because all data is stored locally on your device, you are in full control of retention and deletion:

• To delete all App data: delete the App from your iPhone. This removes all local data, your Keychain entry, and SecureStore entries.
• To revoke HealthKit access without deleting the App: go to Settings → Privacy & Security → Health → Metrya and toggle off any data categories.
• To delete your RevenueCat anonymous record: contact us at radek@jozefowicz.dev and we will submit a deletion request to RevenueCat on your behalf.

We hold no data on our own servers and therefore there is nothing further for us to delete.

9. Security

The App is designed with a privacy-first, minimal-collection architecture. Specific security measures include:

• API keys stored in the iOS Keychain with hardware-backed encryption (Secure Enclave where available).
• All communication with AI providers is conducted over HTTPS/TLS.
• Preview usage counters stored in Expo SecureStore, which uses iOS Keychain on iOS.
• No backend infrastructure means there is no server-side database to breach.
• The App does not implement any web views that could expose data to unintended parties.

While we take all reasonable precautions, no method of data transmission or storage is 100% secure. If you discover a security vulnerability, please disclose it responsibly to radek@jozefowicz.dev.

10. Children's privacy

Metrya is not directed at, and is not intended to be used by, children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect any personal information from children. If you believe a child has used the App and provided data to an AI provider via the BYOK feature, please contact us and the relevant AI provider immediately.

11. Your rights

Because we do not collect or hold personal data on our servers, most data subject rights (access, correction, portability, erasure) are exercisable directly by you on your own device. Nonetheless, the following rights apply:

For users in the European Economic Area, UK, or Switzerland (GDPR)

• Right of access: all data we could conceivably hold is the anonymous RevenueCat identifier. You may request confirmation by emailing us.
• Right to erasure: we will submit a deletion request to RevenueCat on your behalf. All other data can be deleted by you directly on your device.
• Right to object / restrict processing: you may stop all data processing by deleting the App and revoking HealthKit permissions.
• Right to lodge a complaint: you have the right to lodge a complaint with your national data protection authority.

The legal basis for processing (to the extent any processing occurs via RevenueCat) is the performance of a contract — specifically, verification that you have purchased the Pro upgrade you are entitled to use.

For California residents (CCPA / CPRA)

• We do not sell or share your personal information.
• We do not use your personal information for cross-context behavioural advertising.
• You have the right to know, delete, and opt out of sale (though there is nothing to opt out of, as no sale occurs).
• You will not be discriminated against for exercising any of these rights.

To exercise any privacy right, email radek@jozefowicz.dev. We will respond within 30 days.

12. Changes to this policy

We may update this Privacy Policy from time to time, for example when we add new features, integrate additional AI providers, or as required by law. Material changes will be communicated by updating the "Last updated" date at the top of this document. We encourage you to review this page periodically.

Continued use of the App after a change constitutes acceptance of the updated policy. If you do not agree with a material change, you should stop using the App and delete it from your device.

13. Contact

For any privacy-related questions, requests, or concerns, please contact us:

• Email: radek@jozefowicz.dev
• Subject line: Privacy Request — Metrya

We aim to respond to all privacy enquiries within 30 days. For data deletion requests involving RevenueCat, allow up to 45 days for the third-party deletion to be confirmed.