Privacy Policy

Effective Date: January 24, 2026

            Summary: Your raw health data stays on your device. During calibration, we process aggregated statistics (not individual readings) one time to build your model, then delete them. A limited amount of statistical data is sent to a third-party AI service to orchestrate the calibration process.
        

1. Introduction

Pharo ("we," "our," or "the App") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your data.

By using Pharo, you consent to the practices described in this policy.

2. Data We Collect

2.1 Health Data (from Apple HealthKit)

With your explicit permission, we read the following from Apple HealthKit:

Heart rate (resting and active)
Heart rate variability (HRV)
Respiratory rate
Sleep analysis (duration, stages)
Step count and activity minutes

This raw data never leaves your device. It is stored locally in the App's secure container.

2.2 Labels You Create

Any labels you create (e.g., "bad day," "good day," or any other text) and the dates you assign them to.

2.3 Account Information

Apple ID identifier (an anonymous token, not your email)
Subscription status
Device type and iOS version (for compatibility)

2.4 What We Do NOT Collect

Your name or email (unless you contact support)
Location data
Contacts or photos
Data from other apps

3. How We Use Your Data

3.1 On-Device Processing (Default)

Most operations happen entirely on your iPhone:

Calculating your personal baseline statistics
Displaying trends and patterns
Running your trained model for daily insights

For these operations, no data leaves your device.

3.2 Calibration (Requires Data Transfer)

When you request model calibration (a Pro feature), we must process data on our servers. Here is exactly what happens:

Your Device → Our Servers → AI Service → Our Servers → Your Device

1. AGGREGATED statistics (not raw readings) sent to our servers
2. Our servers send SUMMARY statistics to AI service for orchestration
3. AI service returns experiment instructions (no health data retained)
4. Our servers train your model and send it back to your device
5. All processing data deleted within 24 hours

3.3 Data Sent During Calibration

Data Type	What's Sent	What's NOT Sent
Heart Rate	Daily averages, std deviation, min/max	Individual readings, timestamps
HRV	Daily averages, variability metrics	Beat-by-beat intervals
Sleep	Duration per night, efficiency %	Sleep/wake times, stage details
Labels	Dates marked, label text	N/A (you control what you label)

4. Third-Party Data Sharing

Important: We share a limited amount of data with a third-party AI service (Anthropic/Claude) during calibration. This section explains exactly what is shared.

4.1 AI Service (Anthropic)

During calibration, we use Anthropic's Claude AI to orchestrate the model training process. The AI helps determine which experiments to run and how to optimize your model.

What is sent to Anthropic:

High-level statistical summaries (e.g., "user has 45 days of data, 3 labeled episodes")
Aggregated feature statistics (e.g., "mean RHR deviation: 2.3 bpm")
Experiment results (e.g., "model achieved 72% correlation")
Your label text (the words you chose for your labels)

What is NOT sent to Anthropic:

Raw health readings
Timestamps or dates
Your Apple ID or any identifier
Any data that could identify you personally

Anthropic's data handling:

Data is processed transiently for the API request
Anthropic does not use API data to train their models (per their data policy)
No data is retained after processing completes

See Anthropic's privacy policy: anthropic.com/privacy

4.2 Cloud Infrastructure (AWS)

Our servers run on Amazon Web Services (AWS). AWS provides the computing infrastructure but does not access or process your data. Data is encrypted in transit and at rest.

4.3 No Other Sharing

We do not sell, rent, or share your data with any other third parties, including:

Advertisers
Data brokers
Analytics companies
Social media platforms

5. Data Retention

5.1 On Your Device

Data stored on your device remains until you delete the App or clear its data. You control this entirely.

5.2 On Our Servers

Data Type	Retention Period
Calibration processing data	Deleted within 24 hours of calibration completion
Trained model file	Stored until you request deletion or 1 year of inactivity
Account metadata	Until account deletion
Anonymized usage statistics	Indefinitely (cannot be linked to you)

5.3 One-Time Processing

Calibration is a one-time process. We do not continuously upload or sync your health data. Each calibration is an independent event, and all processing data is deleted afterward.

6. Data Security

We implement industry-standard security measures:

Encryption in transit: All data transfers use TLS 1.3
Encryption at rest: Server data encrypted with AES-256
Access controls: Strict authentication for all systems
Minimal data: We collect only what's necessary
No persistent storage: Processing data deleted promptly

7. Your Rights

You have the right to:

7.1 Access Your Data

Request a copy of all data we hold about you.

7.2 Delete Your Data

Request deletion of your account and all associated data. This includes:

Any stored models
Account metadata
Any processing data (if calibration is in progress)

7.3 Revoke HealthKit Access

You can revoke HealthKit permissions at any time in iOS Settings → Privacy → Health → Pharo. This stops the App from reading any new health data.

7.4 Export Your Data

You can export your labels and settings from within the App.

7.5 Opt Out of Calibration

You can use the free tier indefinitely without ever sending data to our servers. Calibration is entirely optional.

8. Children's Privacy

Pharo is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us for deletion.

9. International Users

Our servers are located in the United States. By using Pharo, you consent to data transfer to the US. We comply with applicable data protection laws, including GDPR for EU users.

10. Changes to This Policy

We may update this Privacy Policy. We will notify you of material changes via the App or email. Continued use after changes constitutes acceptance.

11. Contact Us

For privacy questions, data requests, or concerns:

Email: privacy@pharo.app

12. Summary Table

Question	Answer
Does raw health data leave my device?	No, never
Is any data sent to third parties?	Yes, limited statistics to Anthropic during calibration
Can I use the app without sending data?	Yes, free tier is fully on-device
How long is processing data kept?	Deleted within 24 hours
Do you sell my data?	No, never
Can I delete everything?	Yes, contact privacy@pharo.app