Privacy Policy

1. Data Controller

Data Controller: Mohamad Sakkal

Trading as: MS

Location: Vienna, Austria

The Controller has not appointed a Data Protection Officer as the processing does not meet the thresholds requiring such appointment under Article 37 GDPR.

2. Legal Framework

This policy is governed by:

Regulation (EU) 2016/679 (General Data Protection Regulation - "GDPR")
Austrian Data Protection Act (Datenschutzgesetz - DSG)
Apple App Store Guidelines (including HealthKit requirements)

                 Health Data Notice: This App processes Special Category Data (health data) under Article 9 GDPR. Such processing is only permitted with your explicit consent.
            

3. Age Requirement

This Service is intended for users aged 16 years or older, in accordance with Article 8 GDPR regarding the age of digital consent. By using this App, you confirm that you are at least 16 years of age.

4. Data We Collect

4.1 Data You Provide

Data Category	Examples	Classification
Journal Entries	Text or voice entries about daily experiences, symptoms, and observations	Health Data
Medication & Supplement Logs	Names, dosages, timing, accommodations	Health Data
Personal Knowledge	Medical history and preferences you teach the AI	Personal Data

4.2 Apple HealthKit Data

With your explicit permission, we access:

HealthKit Data	Purpose
Sleep Analysis	Correlate rest patterns with symptoms
Heart Rate (BPM)	Identify physiological stress markers
Heart Rate Variability (HRV)	Track autonomic nervous system regulation
Workouts	Auto-log exercise in Daily Intake (type, duration, calories)

                 Apple HealthKit Compliance:

                HealthKit data will NOT be used for advertising, data mining, or sold to third parties. It is used solely to provide health insights within the App.

4.3 Technical Data

Data Type	Purpose	Retention
Error Logs	Debugging and stability	30 days
App Preferences	Store your settings	Until app deletion

5. AI Processing

                 Important: AI analysis is the core functionality of this Service. To use the App, you must consent to the processing of your entries by AI systems.
            

How It Works

When you request AI analysis:

Only relevant journal snippets are selected locally (using on-device semantic search)
Selected content is transmitted securely to AI services
AI generates insights and recommendations
Data is processed transiently in memory and discarded immediately

What We Send to AI

Sent	NOT Sent
Journal entry text	Your name or identity
Medication & supplement logs	Email address
Extracted pattern summaries	Device identifiers
Sleep hours (from HealthKit, as context)	Raw HealthKit data streams

AI Service Providers

Provider	Service	Purpose	Location
Amazon Web Services	AWS Bedrock — Anthropic Claude Haiku 4.5	Journal entry classification, pattern extraction, thread naming	EU inference endpoint
Amazon Web Services	AWS Bedrock — Anthropic Claude Sonnet	Chat responses, report generation	EU inference endpoint
Amazon Web Services	AWS Bedrock — Amazon Nova Pro	Chat responses (user-selectable)	EU inference endpoint

On-Device Processing (no data leaves your device)

Technology	Purpose
WhisperKit (OpenAI Whisper small.en)	Voice-to-text transcription — runs entirely on-device
Apple NLContextualEmbedding	Semantic search for finding related journal entries — runs entirely on-device

                 Data Security:

                Data sent to AI services via AWS Bedrock is processed transiently in memory and discarded immediately after generating a response. It is not stored by AWS Bedrock, and is not used to train AI models, as per AWS standard service terms. Voice transcription and semantic search run entirely on your device — no audio or embedding data is ever transmitted.

6. Data Storage & Security

Local Storage

The majority of your data is stored locally on your device with:

iOS Data Protection (encrypted at rest)
Keychain storage for sensitive credentials
No unencrypted export of health data

Security Measures

TLS 1.3 encryption for all API communications
Cryptographically signed API requests
Data minimization (only necessary data transmitted)
Purpose limitation (data used only for stated purposes)

7. Data Retention

Data Category	Retention Period
Journal Entries, Patterns, Medications	Until you delete them
HealthKit Data (cached)	Until you revoke permission
AI-Generated Insights	Until you delete them
Technical Logs	30 days (automatic)

8. Your Rights Under GDPR

Right	How to Exercise
Access (Art. 15)	View all data in-app or request a copy
Rectification (Art. 16)	Edit entries directly in the App
Erasure (Art. 17)	Delete entries in-app or request full deletion
Data Portability (Art. 20)	Export to JSON/CSV in Settings
Withdraw Consent (Art. 7)	Stop using app and contact us for data deletion
Lodge Complaint (Art. 77)	Contact Austrian DPA (see below)

Austrian Data Protection Authority

Osterreichische Datenschutzbehorde

Barichgasse 40-42

1030 Vienna, Austria

Email: dsb@dsb.gv.at

Website: www.dsb.gv.at

9. Summary

Who we are	Mohamad Sakkal (MS), Vienna, Austria
What we collect	Journal entries, patterns, mood, HealthKit (with permission)
Why	AI-powered behavioral pattern analysis
Legal basis	Your explicit consent (required for health data)
Where data goes	Stored locally; AI processing is transient (not stored)
Retention	Until you delete; logs for 30 days
Age requirement	16 years or older

10. Contact

For questions or to exercise your rights:

Email: contact@msakkal.com

We respond within 30 days as required by GDPR.