Privacy Policy

This Privacy Policy describes how EQ Flow ("we," "our," or "the Service") collects, uses, protects, and shares your information when you use our emotional wellness platform. We are committed to protecting your privacy and giving you control over your data.

By using EQ Flow, you agree to the collection and use of information as described in this policy.

1.1 Information You Provide

Account information:

• Email address, name, and password (hashed with bcrypt)
• Optional: profile photo, notification preferences

Emotional and wellness data:

• Check-in entries: emotions, intensity ratings (1-10), somatic awareness data (breathing, body, mind, energy scales), context categories, free-text notes
• Journal entries: free-text content and AI-generated theme analysis
• Vision statements: titles, descriptive text, target emotions
• Meditation sessions: duration, completion status, personal notes
• Pattern data: emotional sequences, triggers, trends detected by our system

Health & biometric data (optional, iOS only):

• If you enable Apple Health integration, EQ Flow reads: heart rate variability (HRV), resting heart rate, walking heart rate, heart rate, blood oxygen (SpO2), sleep analysis, step count, active energy burned, and exercise minutes
• Raw health values are processed entirely on your device — only qualitative interpretations (e.g., "HRV below your personal baseline") are sent to our servers
• This feature requires your explicit opt-in in Settings and consent via the iOS Health permissions dialog
• You can disable Apple Health access at any time in Settings — check-ins continue to work without it

1.2 Information Collected Automatically

• Usage analytics: screen views, session duration, feature interactions
• Device information: platform (iOS, Android, web), app version
• Error and performance data via Sentry (crash reports, stack traces)
• Check-in timestamps and frequency patterns

1.3 Information We Do NOT Collect

• GPS location or precise geolocation data
• Contacts, photos, or files from your device
• Browsing history or activity outside of EQ Flow
• Advertising identifiers or tracking pixels
• Raw health measurements from Apple Health — numeric values (heart rate, HRV, steps, etc.) never leave your device

Your most sensitive data is protected with AES-256-GCM server-side encryption, the same standard used by banks and governments.

Encrypted (unreadable without your key):

• Journal entry text
• Check-in free-text notes and triggers
• Vision description fields (how it feels, experiences, things, imagery)
• Meditation session personal notes
• Sensitive AI analysis fields (insights, alignment notes, protective language notes)

Not encrypted (used to provide insights):

• Emotion selections from our predefined taxonomy
• Intensity ratings, base type (expansive/contractive)
• Context categories (work, relationships, health, etc.)
• Somatic data scales, word counts, timestamps
• AI-generated metadata: key themes, emotional tone, detected emotions, confidence scores
• Biometric interpretations from Apple Health (qualitative signals only, no raw values)

2.2 Health Data Protection

• Raw biometric values from Apple Health are processed entirely on your device and never transmitted to our servers
• Only qualitative interpretations (e.g., "below baseline," "elevated") are stored server-side alongside your check-ins
• Health data is not stored in iCloud
• Health data is never used for advertising, marketing, or data mining
• Biometric interpretations follow the same retention and deletion policies as other check-in data

2.3 Key Derivation

• A master encryption key generates per-user keys via HMAC-SHA256
• Each user's data is encrypted with a unique key — compromising one key does not expose other users
• We cannot decrypt your content without the master key and your user identity

2.4 Additional Security Measures

• All connections encrypted with SSL/TLS (HTTPS)
• Hosted on SOC 2 compliant infrastructure
• Passwords hashed with bcrypt (never stored in plain text)
• JWT authentication tokens with 7-day expiry
• Optional biometric authentication and passkey (WebAuthn) support
• Optional two-factor authentication (TOTP) with backup codes

3.1 To Provide the Service

• Display your emotional check-in history and patterns
• Generate AI-powered insights, pattern detection, and emotional maps
• Track growth, streaks, and progress toward your visions
• Personalize recommendations and meditation suggestions

3.2 AI Processing

We use Anthropic's Claude AI to analyze your emotional data:

• Check-in text is temporarily decrypted for analysis, then re-encrypted
• When Apple Health is enabled, qualitative biometric interpretations (not raw values) may be included to detect mismatches between your reported emotional state and body signals
• Raw health measurements (heart rate numbers, exact sleep hours, step counts) are never sent to any AI provider
• User identifiers are anonymized via SHA-256 hashing before being sent to AI
• Anthropic does not use your data to train their models
• Anthropic does not retain your data beyond the processing window

3.3 To Improve the Service

• Aggregated, anonymized usage analytics to understand feature adoption
• Error tracking (Sentry) to fix crashes and bugs
• No individual user data is used for marketing or advertising

4.1 What We Never Do

• Sell your personal data to third parties
• Share your data with advertisers
• Use tracking pixels or ad networks
• Share identifiable data without your explicit consent
• Share raw Apple Health data with any third party — raw values never leave your device
• Use health or biometric data for advertising, marketing, or data mining

4.2 Limited Sharing

We may share data only in these circumstances:

• With Anthropic (AI provider) — anonymized emotional data for analysis only
• With Sentry — anonymous error and crash reports
• With email service (Resend) — your email address for transactional emails only
• If required by law — in response to valid legal process (subpoena, court order)

5.1 Access & Export

• Export all your data anytime from Settings in JSON format
• View all stored check-ins, journals, patterns, and insights in-app
• Request a copy of your data by emailing privacy@eqflow.app

5.2 Correction & Deletion

• Edit your profile information from Settings
• Delete individual check-ins, journal entries, or visions
• Delete your entire account — all data permanently removed within 30 days
• Data removed from backups within 90 days of deletion

5.3 Consent & Opt-Out

• Toggle anonymous data contributions on or off in Settings
• Disable notifications and reminders anytime
• Revoke access by logging out — JWT tokens expire after 7 days

• Active accounts: data stored as long as your account is active
• Inactive accounts: we may delete accounts inactive for 24+ months after notice
• Deleted accounts: all data permanently removed within 30 days of deletion request
• Backups: removed from backup systems within 90 days of deletion
• AI processing logs: anonymized, no personal data retained by AI provider

EQ Flow is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child under 18 has provided us with personal data, please contact us at privacy@eqflow.app and we will promptly delete it.

Your data may be processed and stored in the United States. By using EQ Flow, you consent to the transfer of your information to the United States and other jurisdictions where our service providers operate. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

• We use local storage (AsyncStorage) to store your authentication token and app preferences
• We do not use tracking cookies or third-party analytics cookies
• Session data is stored locally on your device and not shared

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification at least 30 days before they take effect. Continued use after changes constitutes acceptance of the updated policy. The "Last Updated" date at the top reflects the most recent revision.

If you have questions about this Privacy Policy or your data, contact us at:

privacy@eqflow.app

By using EQ Flow, you acknowledge that you have read, understood, and agree to this Privacy Policy.