Privacy Policy
1. About Us
HealSpace AI is developed and operated by Michael Clarke, an individual developer based in Australia. References to "HealSpace AI", "we", "us", or "our" in this Privacy Policy refer to Michael Clarke trading as HealSpace AI.
HealSpace AI is an iOS application designed to help individuals track symptoms, mood, sleep, food, exercise, and medications, and to receive AI-generated health insights and pattern analysis. The app is available exclusively on the Apple App Store and is intended for use on iPhone and iPad devices.
2. Scope of This Policy
This Privacy Policy applies to:
- The HealSpace AI iOS application;
- The HealSpace AI website at healspaceai.com;
- Any communications between you and HealSpace AI (e.g. support emails).
This policy does not apply to third-party services linked from the app. We encourage you to review the privacy policies of those services separately (listed in Section 7 below).
3. Information We Collect
We collect only the information necessary to provide and improve HealSpace AI.
3.1 Account Information
When you create an account using Sign in with Apple, we receive a unique Apple user identifier and, if you choose to share it, your name and email address. You may opt to use Apple's email relay feature, in which case we receive a private relay address instead of your real email.
3.2 Health and Wellness Logs
The core function of the app involves you voluntarily entering personal health data. This includes:
- Symptoms — type, severity, duration, frequency, and any notes you attach;
- Mood — daily mood ratings and optional qualitative descriptions;
- Sleep — sleep duration, quality ratings, and sleep/wake times;
- Food and nutrition — meals, foods consumed, dietary notes;
- Exercise — activity type, duration, intensity;
- Medications and supplements — names, doses, timing, adherence;
- Free-text notes — any additional context you choose to record.
3.3 Location Data (Optional)
If you grant permission, the app may optionally record approximate location data (e.g. city or region) to help correlate symptoms with environmental factors such as weather or air quality. Location collection is entirely optional and can be disabled at any time in your device's Settings app. We do not track your precise, real-time GPS location continuously.
3.4 Usage and Technical Data
We collect limited technical data to operate and improve the app:
- App version, iOS version, and device model (for compatibility);
- Crash reports and error logs (via Sentry — see Section 7);
- Feature usage patterns (aggregated and anonymised where possible);
- In-app subscription status (via RevenueCat and Apple).
We do not use third-party advertising SDKs and do not collect advertising identifiers (IDFA).
3.5 Communications
If you contact us for support or feedback, we retain your correspondence (including your email address and the content of your messages) for the purpose of resolving your enquiry.
4. How We Use Your Information
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Providing core app functionality (logging, storage, retrieval) | Health logs, account info | Performance of contract |
| AI-powered pattern analysis and insight generation | Health logs, symptoms, mood, sleep, food, exercise, medications | Performance of contract; Explicit consent |
| Generating weekly and monthly health summaries | Health logs | Performance of contract |
| Text-to-speech playback of insights (optional) | Insight text (no personal identifiers) | Performance of contract; Explicit consent |
| Crash detection and stability improvements | Crash reports, device info | Legitimate interests |
| Processing subscriptions and billing | Subscription status (no payment card data) | Performance of contract |
| Customer support | Communications, account info | Legitimate interests |
| Legal compliance and fraud prevention | Account info, logs as required | Legal obligation |
We do not use your data to serve advertisements. We do not sell, rent, or trade your personal data to any third party for marketing or commercial purposes.
5. Sensitivity of Health Data
Specifically, we commit to the following:
- Your health data is never sold to insurers, employers, pharmaceutical companies, data brokers, or any other party;
- Your health data is not used to train third-party AI models beyond what is strictly necessary to generate your own personalised insights;
- Your health data is transmitted over encrypted connections (TLS 1.2 or higher) at all times;
- Your health data is stored in a dedicated, access-controlled database (Supabase) with row-level security enforced, meaning each user's data is logically isolated;
- Access to production data by HealSpace AI personnel is strictly limited and logged.
Where we use Anthropic's Claude API to analyse your health logs and generate insights, we transmit only the minimum data necessary. Anthropic's API processes this data in accordance with their enterprise data processing terms and does not use customer API data to train their models. See Section 7 for details.
6. AI-Powered Analysis
A core feature of HealSpace AI is the use of artificial intelligence to identify patterns in your health logs and generate personalised insights, investigations, and summaries. To provide this feature, relevant portions of your health data are transmitted to Anthropic, PBC via their Claude API.
Important limitations you should be aware of:
- AI-generated insights are for informational and educational purposes only. They do not constitute medical advice, diagnosis, or treatment recommendations;
- AI analysis may not capture all factors relevant to your health. Always consult a qualified healthcare professional for medical concerns;
- The AI does not have access to your full medical history unless you choose to enter it into the app.
By using AI features, you explicitly consent to the transmission of relevant health log data to Anthropic's API infrastructure for the purpose of generating your insights.
7. Third-Party Service Providers
We engage the following third-party service providers to operate HealSpace AI. Each is engaged under a data processing agreement or equivalent contractual terms. We share only the minimum data each provider needs to perform their service.
Hosts your health logs and account data on PostgreSQL servers. Data is stored with row-level security. Supabase infrastructure is located in data centres that may include regions in the United States and EU.
Processes health log data to generate AI insights and pattern analysis. Anthropic does not use API customer data for model training under their enterprise terms. Servers located in the United States.
Converts insight text to spoken audio for in-app playback. Only insight text is sent — no personally identifiable health metadata is included in TTS requests.
Receives anonymised crash reports, stack traces, and error events to help us identify and fix technical issues. Sentry is configured to minimise collection of personal data in crash reports.
Manages in-app subscription entitlements and purchase history. RevenueCat receives your App Store transaction identifiers. They do not receive your health data.
Provides Sign in with Apple authentication and processes all in-app purchases. Apple's privacy practices are governed by Apple's own Privacy Policy.
We do not use Google Analytics, Meta Pixel, or any advertising network SDKs. We do not share your data with data brokers.
8. International Data Transfers
HealSpace AI is operated from Australia. Some of our third-party service providers (including Supabase, Anthropic, Cartesia, Sentry, and RevenueCat) are based in the United States and may process your data on servers located outside Australia.
For Australian users: By using HealSpace AI and providing your information, you consent to the transfer of your personal information to overseas recipients, including those in the United States. We take reasonable steps to ensure overseas recipients handle your information in a manner consistent with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
For EU/EEA users (GDPR): Where your personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) or the recipient's certification under an adequacy decision, where applicable. You may request details of the specific safeguards in place by contacting us.
9. Data Retention
We retain your personal data for as long as your account is active and for a limited period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements.
- Active account data (health logs, insights, account info): retained for the duration of your account plus 90 days after deletion to allow for recovery requests;
- Health logs older than 3 years are automatically purged from our production database on a rolling basis, even while your account is active, unless you request otherwise;
- Crash reports: retained for up to 90 days by Sentry;
- Support communications: retained for up to 3 years;
- Subscription records: retained as required by applicable tax and financial regulations (typically 7 years).
After the applicable retention period, your data is permanently deleted or irreversibly anonymised.
10. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal data:
Request a copy of the personal data we hold about you.
Request that inaccurate or incomplete data be corrected.
Request deletion of your account and all associated personal data ("right to be forgotten").
Export your health logs and data in a machine-readable format (JSON or CSV) from within the app.
Object to processing based on legitimate interests (e.g. crash analytics).
Request that we limit processing of your data in certain circumstances.
Withdraw consent to AI processing or location collection at any time.
Lodge a complaint with your national data protection authority (e.g. OAIC in Australia, your EU supervisory authority).
How to Exercise Your Rights
You can exercise most rights directly within the app:
- Delete account and data: Settings → Account → Delete Account;
- Export data: Settings → Export My Data;
- Revoke location permission: iOS Settings → HealSpace AI → Location → Never;
- Revoke AI consent: Settings → Privacy → AI Processing.
For any rights request not available in-app, please email support@healspaceai.com. We will respond within 30 days (or within the timeframe required by applicable law).
11. Security
We implement reasonable and appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:
- All data in transit is encrypted using TLS 1.2 or higher;
- Data at rest is encrypted by Supabase's underlying storage infrastructure;
- Row-level security policies ensure users can only access their own data;
- Authentication is delegated to Apple's Sign in with Apple, which uses industry-standard OAuth 2.0 and is protected by Apple's security infrastructure;
- Access credentials and API keys are stored in secure environment variables, not in source code;
- We conduct periodic reviews of our security practices.
No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant regulators as required by law.
12. Children's Privacy
HealSpace AI is intended for users aged 13 years and older. We do not knowingly collect personal information from children under the age of 13. If you are under 13, please do not use the app or provide any information to us.
If you are between 13 and 18 years of age, we encourage you to review this policy with a parent or guardian before use.
If we become aware that we have inadvertently collected personal information from a child under 13, we will take prompt steps to delete such information. If you believe we may have collected information from a child under 13, please contact us at support@healspaceai.com.
13. No Advertising, No Data Sales
We state clearly and unequivocally:
- HealSpace AI contains no advertisements;
- We do not sell your personal data — including your health data, usage data, or any other information — to any third party, ever;
- We do not share your data with data brokers, advertising networks, or analytics companies for commercial purposes;
- We do not use your data to build advertising profiles or to target you with ads on other platforms.
Our only source of revenue is in-app subscriptions paid directly through the Apple App Store. Our business model does not depend on monetising your data.
14. Australian Privacy Act Compliance
HealSpace AI is committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Health information is classified as sensitive information under the Australian Privacy Act and is afforded additional protections. We will only collect, use, or disclose your health information with your consent or where otherwise permitted by law.
Privacy Officer: Michael Clarke is the responsible individual for privacy matters at HealSpace AI. You may contact us at any time with privacy-related queries or complaints at support@healspaceai.com.
If you are not satisfied with our response to a privacy complaint, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
15. Additional Rights for EU/EEA Users (GDPR)
If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) applies to our processing of your personal data. In addition to the rights listed in Section 10, you have the right to:
- Know the legal basis for each processing activity (see Section 4);
- Data portability in a structured, commonly used, machine-readable format;
- Not be subject to solely automated decision-making that produces significant legal or similar effects (we do not engage in such processing);
- Lodge a complaint with your local supervisory authority (a list is available at edpb.europa.eu).
The legal bases for our processing of health data are: (a) your explicit consent (Article 9(2)(a) GDPR) at account registration and before AI processing; and (b) the performance of a contract (Article 6(1)(b)) for core app functionality. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page;
- Display a notification within the app;
- Where required by law (e.g. for significant changes to how we process sensitive data), seek your renewed consent.
We encourage you to review this policy periodically. Continued use of HealSpace AI after the effective date of a revised policy constitutes your acceptance of the revised terms (to the extent permitted by applicable law).
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:
Developer: Michael Clarke
Location: Australia
Email: support@healspaceai.com
Website: healspaceai.com
We aim to respond to all privacy enquiries within 30 days of receipt.