Privacy Policy

Last updated: May 12, 2026

Welcome to Dopafy (www.dopafy.app). We take the protection of your personal data seriously. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information.

Dopafy is operated by Alexander Alber (Einzelunternehmer), Toemlingerstr. 21, 81375 Muenchen, Germany (“we”, “us”, “our”).

1. Data Controller

The data controller responsible for your personal data is:

Alexander Alber
Toemlingerstr. 21
81375 Muenchen, Germany
Email: info@inzpyre.me

2. What Data We Collect

2.1 Account Data

When you create an account using Apple Sign-In or email-based authentication (magic link), we receive:

Your Apple ID user identifier (a unique, anonymous token) — Apple Sign-In only
Your name (if you choose to share it) — Apple Sign-In only
Your email address (directly provided, or an Apple-generated relay address if you choose “Hide My Email”)

2.2 Onboarding & Profile Data — Stored on your device only

During the onboarding questionnaire, you provide information such as:

Age, fitness level, and health goals
Work schedule and lifestyle preferences
Dietary preferences and restrictions
Sleep habits and wellness interests
Available fitness equipment
Focus areas and personal goals
Priority ranking across 6 life categories (sports, wellbeing, focus, nutrition, recovery, energy)
Leisure activity preferences (nature, creativity, social, volunteering, culture, discovery, mindfulness, wellness)
Symptom self-assessment and mental state baseline
Wellbeing, energy, and concentration baselines (1–10)

Where it lives: Your full questionnaire response is stored exclusively in SwiftData on your iPhone. It is never transmitted to our servers. When you use AI-powered plan generation, the relevant subset is sent ad hoc to Anthropic (Claude) via our Edge Function and not persisted server-side — see §6.

2.3 Health Data (Apple HealthKit)

If you choose to connect Apple Health, Dopafy reads the following data from your device:

Daily step count
Sleep analysis (duration, sleep stages, bedtime, wake-up time, up to 7-day history)
Workouts (type, duration, count)
Nutrition data (calories consumed, protein, carbohydrates, sugar, water intake, caffeine intake including last intake time)
Mindful minutes (meditation sessions)
Resting heart rate and Heart Rate Variability (HRV)
Weight and body fat percentage
All available historical data for AI analysis (collected since account creation)

You can control HealthKit integration through the following toggles in Settings:

HealthKit connection (on/off)
Auto-track sleep
Step bonus points
Auto-complete workouts
Personalized recommendations (see §6 for details on AI analysis)

Important: HealthKit data is read locally on your device. It is only transmitted to our servers if you explicitly grant consent for AI-powered health analysis (see §6).

2.4 Usage Data on Our Servers

The following operational data is stored on our servers (Supabase, Ireland):

Routine completion status and streaks
Dopamine score history (aggregated daily numeric)
Achievement unlocks
Energy-driver entries (category + intensity, you choose what to log)
Weekly/daily plan structure (the routines you've set up)
Anonymized weekly usage snapshots — buckets only, no user identifier (see §2.15)

2.5 Bad-Habit Check-ins — Stored on your device only (GDPR Art. 9)

Bad-habit check-ins capture sensitive health information (smoking, alcohol, drugs, pornography, social media excess, etc.) and are explicitly classified as special category data under GDPR Article 9. We treat them accordingly:

Stored exclusively in SwiftData on your iPhone — never transmitted to our servers
Free-text notes, daily wins, daily learnings, and tomorrow’s priority remain on-device permanently
Detailed per-day entries are kept for 90 days, then automatically rolled up into weekly category counts (kept for 12 months) and finally monthly aggregates (kept indefinitely at low resolution)
When you use AI pattern analysis, only the category counts are sent to Anthropic — never the free-text fields
Behind feature flag bad_habit_tracking; off until launch

2.6 Weekly Reflections — Stored on your device only

Weekly reflections capture mental-health-adjacent content:

Wellbeing, concentration, and energy scores (1–10)
Free-text energizers, drains, and notes

All of it stays on your iPhone. Free-text fields are automatically erased after 90 days; numeric scores remain so long-term trend analysis still works. When you use AI pattern analysis, only the numeric scores are sent to Anthropic.

2.7 Career Check-ins — Stored on your device only

If you use the Career Check-in feature, we capture:

Satisfaction, fun, learning curve, and stress scores (1–10)
Free-text problem descriptions and reflection notes
Career baselines captured during onboarding

All on-device only. Numeric scores retained; free-text fields auto-erased after 90 days. Never transmitted to Anthropic or any third party.

2.8 Goals — Stored on your device only

If you use the Goals module, the following stays in SwiftData on your iPhone:

Goal titles, descriptions, and types (metric, milestone, or binary)
Milestones and progress entries (including any free-text notes you add)
Deadlines and completion status

Goal titles and notes can be highly personal (“quit drinking by July”, “therapy weekly”), so we keep them entirely off our servers.

2.9 Calendar Integration (Local Only)

Dopafy can write your routines as events to your iOS Calendar via EventKit. This data stays entirely on your device and is never transmitted to our servers.

2.10 Technical Data

We automatically collect minimal technical data required to operate the service:

Device type and operating system version
App version
Preferred language

2.11 Diagnostic Data (MetricKit)

Apple’s MetricKit framework provides crash reports and performance metrics from iOS to the app. We receive these payloads on your device and store them locally in the App Group container for in-app diagnostics. We do not transmit MetricKit data to our servers, Supabase, or Anthropic. iOS independently sends crash reports to Apple via the standard system mechanism (visible in iOS Settings → Privacy & Security → Analytics & Improvements). The data is not linked to your account.

2.12 Data We Do Not Collect

We want to be transparent about what we do not collect:

We do not use any third-party analytics or tracking SDKs (no Mixpanel, PostHog, Google Analytics, Firebase Analytics, Amplitude, etc.). Our own anonymized weekly snapshot is described in §2.15 and can be disabled in Settings.
We do not collect location data
We do not collect or store payment information (handled entirely by Apple)
We do not use advertising SDKs or share data with advertisers
We do not collect or transmit screen time duration data, app usage statistics, or the names of apps you select for blocking — all Screen Time data stays on your device

2.13 External Links

The app references the Arthur Brooks Happiness Scale (learn.arthurbrooks.com) as an educational resource within the Weekly Reflection feature. This link opens in Safari. We do not share any data with this website, and no information is transmitted when you visit it through the app.

2.14 Screen Time & Digital Wellness Data (Local Only)

If you enable the Screen Time management features, the following data is stored locally on your device in the App Group container:

Opaque app and category tokens provided by Apple’s Family Controls framework (these tokens cannot reveal the names of your apps)
Digital Sunset schedule settings (sunset and sunrise times)
Daily screen time limit settings and threshold data
Temporary unlock override status and expiry timestamps
Unlock wait-timer configuration

Important: All Screen Time data remains entirely local in the App Group container shared between the main app and its on-device extensions. No Screen Time data is transmitted to our servers, Supabase, or Anthropic. The opaque tokens provided by Apple cannot be used to determine the names of your apps.

Dopafy uses four on-device App Extensions to manage Screen Time features:

DeviceActivityMonitor: Monitors screen time thresholds and sunset schedules
DeviceActivityReport: Generates screen time usage reports displayed within the app
ShieldConfiguration: Customizes the appearance of app blocking screens
ShieldAction: Handles user interaction with blocking screens (e.g., unlock requests)

2.15 Anonymized Weekly Usage Snapshots — Opt-out available

Once per ISO week, the App posts one bucketed summary to our backend to help us understand macro-level retention and feature impact. The snapshot contains only the following bucketed values:

Routines completed this week (one of: none / 1–5 / 6–15 / 16–30 / 31+)
Current longest streak (one of: none / 1–7 / 8–30 / 31+ days)
Wellbeing, energy, and concentration self-rating averages over the last four weekly reflections, each as one of low / mid / high — never the raw 1–10 scores
Whether you have ever filled in a weekly reflection (yes/no)
Whether the Digital Sunset and Screen Time features are active (yes/no each)
ISO week and year of the snapshot
App version, iOS major version (e.g. “26”), language code (e.g. “de”), country code from device locale (e.g. “DE”)

What is deliberately not in the snapshot: your user ID, email, Apple ID, device ID, IP address, free text, exact scores, exact dates, routine titles, goal contents.

Where it lives: the analytics_snapshots table on Supabase (Ireland, eu-west-1). The table has Row-Level Security enabled with no client-readable policy — only a server-side function with the service role can write into it, and that function discards the authenticated user identity from the request before inserting.

Legal basis: GDPR Art. 6(1)(f) — legitimate interest in macro-level product improvement. Because the snapshot is anonymous and cannot be traced back to you, it is technically not “personal data” under GDPR Art. 4(1); we describe it here for transparency.

Opt-out: open the App → Profile → Privacy and toggle “Share anonymized usage data” off. From the next snapshot interval onward, no further data is sent.

3. How We Use Your Data

We use your personal data for the following purposes:

Providing the service: Generating personalized daily and weekly routines, meal suggestions, and workout plans based on your questionnaire responses
AI plan generation: Your onboarding data is sent to Anthropic (Claude AI) via a Supabase Edge Function to create personalized plans tailored to your goals and preferences
AI health analysis (with consent): If you grant explicit consent, your health summaries, dopamine scores, habit entries, weekly reflections, and career baselines are sent to Anthropic (Claude AI) for personalized insights (see §6)
AI meal suggestions: Your dietary preferences are sent to Anthropic (Claude AI) to generate personalized meal recommendations
Progress tracking: Calculating your dopamine score, maintaining streaks, tracking goal progress, and providing statistics
Calendar integration: Writing routine events to your local iOS Calendar (data stays on device)
Notifications: Sending routine reminders, check-in notifications, and goal reminders (only if you grant permission)
Digital wellness: Managing app blocking schedules, screen time limits, and temporary unlock flows based on your configured preferences (all processing happens locally on your device)
Service improvement: Understanding usage patterns to improve the App’s features and user experience
Anonymized usage statistics: Once per ISO week, the App sends a small bucketed summary to our backend — full details in §2.15. Opt-out in Profile → Privacy.
Account management: Managing your subscription and providing customer support

4. Legal Basis for Processing (GDPR Art. 6)

We process your personal data on the following legal bases:

Contract performance (Art. 6(1)(b) GDPR): Processing is necessary to provide the App’s services as outlined in our Terms of Service, including AI-generated plan creation during onboarding and Screen Time management features that you actively configure and request
Consent (Art. 6(1)(a) GDPR): For push notifications, optional data sharing during onboarding, and AI-powered health data analysis. AI health analysis requires separate, explicit consent which can be withdrawn at any time
Legitimate interest (Art. 6(1)(f) GDPR): For service improvement, security, and fraud prevention

5. Data Storage & Security

Server-stored data (account, plan structure, routine completions, streaks, dopamine score history, achievements, energy-driver entries, anonymized weekly snapshots) is hosted by Supabase Inc. on AWS infrastructure in Ireland (eu-west-1) — entirely within the European Union.

Local-only data (questionnaire response, bad-habit check-ins, weekly reflections, career check-ins, goals, wellness configuration, all free-text reflections) is stored exclusively in SwiftData on your iPhone in the iOS Application Support directory with complete-until-first-user-authentication file protection. iOS automatically backs up this store via iCloud (encrypted by Apple).

We implement appropriate technical and organizational measures to protect your data, including:

Encryption of data in transit (TLS/SSL via Apple App Transport Security)
Encryption at rest, both on Supabase’s Postgres infrastructure and on your iOS device
Row-level security policies on every server table ensuring users can only access their own data
Secure authentication via Apple Sign-In and email magic link
JWT-based authentication on all Edge Functions, ensuring only authenticated users can access their data
Sensitive identifiers (auth tokens) stored in the iOS Keychain with accessibleWhenUnlockedThisDeviceOnly protection
Input sanitization on all AI-powered Edge Functions to prevent prompt-injection
Rate limiting on AI and destructive endpoints
Service-role and AI API keys held only in Edge Function environment variables, never in the iOS app bundle
Automatic 90-day redaction of free-text fields in local weekly reflections and career check-ins

6. AI-Powered Analysis & Consent

6.1 Plan Generation

During onboarding, your questionnaire responses (lifestyle preferences, fitness level, dietary needs, etc.) are sent to Anthropic (Claude AI) via a Supabase Edge Function to generate your personalized routine plan. This processing is covered by the legal basis of contract performance. No health data from Apple HealthKit is included in this step.

6.2 Meal Suggestions

Your dietary preferences and restrictions are sent to Anthropic (Claude AI) to generate personalized meal recommendations. This processing is covered by the legal basis of contract performance.

6.3 Health & Behavioral Data Analysis (Requires Explicit Consent)

If you choose to use the AI health analysis feature, the following aggregated, anonymized data is sent to Anthropic (Claude AI) for analysis:

Health summaries (steps, sleep, workouts — available history)
Nutrition summaries (calories, protein, carbohydrates, sugar, water, caffeine)
Vitals (resting heart rate, HRV)
Body metrics (weight, body fat percentage)
Dopamine scores
Bad-habit category counts (Tier 1: per-day flags; Tier 2/3: weekly/monthly aggregates) — never the free-text fields
Routine completion data
Weekly reflection numeric scores — never the free-text notes
Energy-driver entries (date + driver_type + intensity)
User priority rankings

What is never sent to Anthropic: your name, email, Apple ID, any free-text from weekly reflections (notes/energizers/drains), bad-habit free-text (notes, daily wins, daily learnings, tomorrow’s priority), career check-in problem text, goal progress notes.

Before the first AI analysis, you will see an explicit consent dialog explaining exactly this. You must actively agree before any data is transmitted. You can withdraw consent at any time in Settings > Apple Health > “AI Data Analysis Consent”.

6.4 How Anthropic Processes Your Data

Data is processed per request; per Anthropic’s API policy it is retained for at most 30 days for trust & safety monitoring, then deleted
No personally identifiable information (name, email address, Apple ID) is sent to Anthropic
Anthropic does not use API inputs for model training (default API settings)
Data is transmitted via TLS-encrypted connections
Transfers to the USA are covered by Standard Contractual Clauses and the EU-US Data Privacy Framework
We have a Data Processing Agreement (DPA) with Anthropic Inc.

7. Data Sharing & Subprocessors

We do not sell, rent, or trade your personal data. We share data only with the following subprocessors, strictly for operating the App:

Supabase Inc. — Backend infrastructure, Postgres database, authentication, and Edge Functions. Hosting on AWS Ireland (eu-west-1), fully within the EU. DPA in place.
Apple Inc. — Authentication via Apple Sign-In, email magic link, payment processing via the App Store, push notifications via APNs, HealthKit data access on device, Family Controls framework for on-device Screen Time management, iCloud Backup of the local SwiftData store. DPA via App Store agreement.
Anthropic PBC — AI-powered plan generation, meal suggestions, and pattern analysis (consent-only for the latter). Transmitted via Supabase Edge Functions; payloads are not persisted by us. Anthropic retains inputs for at most 30 days for trust & safety, does not train on inputs, and is bound by a DPA. Transfers to the USA covered by SCCs and the EU-US Data Privacy Framework.
Netlify Inc. — Static hosting for our landing page and privacy policy. No user data is transmitted to Netlify.

We do not share your personal data with any other third parties or advertisers. We do not use any third-party analytics SDKs (no Mixpanel, PostHog, Amplitude, Google Analytics, Firebase Analytics, etc.). The anonymized weekly snapshots described in §2.15 are stored on our own Supabase instance and never shared with anyone.

9. Data Retention

Retention differs by category and storage location. Server-side data persists for the lifetime of your account; local-only data follows a tiered retention model:

Account data (server): Retained until you request account deletion
Routines, completions, streaks, dopamine scores (server): Retained for the duration of your account
Questionnaire response (local-only): Retained until account deletion
Goals + progress (local-only): Retained until you delete the goal or your account
Bad-habit check-ins (local-only, GDPR Art. 9): per-day detail kept 90 days, then automatically rolled up to weekly category counts (kept 12 months), then monthly totals (kept indefinitely at low resolution)
Weekly reflections (local-only): numeric scores kept indefinitely; free-text auto-deleted after 90 days
Career check-ins (local-only): numeric scores kept indefinitely; free-text auto-deleted after 90 days
AI analysis results: stored locally on your device; not retained on our servers; Anthropic retains inputs for at most 30 days for trust & safety
Screen Time data: stored locally only; automatically cleared when you disable the feature, revoke Family Controls authorization, or delete your account
Anonymized weekly snapshots (server): retained indefinitely for longitudinal trend analysis. Because they are anonymous, they are not affected by account deletion. You stop generating new snapshots by toggling the feature off in Settings (see §2.15).

When you delete your account through the App, all your server-side data is permanently removed (cascading through routines, completions, streaks, scores, achievements). Additionally, all local SwiftData (including the local-only categories listed above) is immediately and automatically cleared. A 30-day grace period applies for accidental deletions, after which the server records are unrecoverable. Local-only data is removed immediately and cannot be recovered. Statutory retention (e.g. for tax or accounting purposes) takes precedence where applicable.

10. Your Rights Under GDPR

As a data subject in the European Union, you have the following rights:

Right of access (Art. 15 GDPR): You can request a copy of your personal data at any time
Right to rectification (Art. 16 GDPR): You can request correction of inaccurate data
Right to erasure (Art. 17 GDPR): You can request deletion of your personal data (“right to be forgotten”)
Right to restriction of processing (Art. 18 GDPR): You can request that we limit how we use your data
Right to data portability (Art. 20 GDPR): You can export your data directly from the App in a structured, machine-readable JSON format via Settings, or request it by contacting us
Right to object (Art. 21 GDPR): You can object to processing based on legitimate interests
Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at info@inzpyre.me. We will respond to your request within 30 days.

Note on anonymized snapshots: the right of access, rectification, and erasure (Art. 15–17 GDPR) applies to personal data — i.e. data that can be linked to you. The anonymized weekly snapshots described in §2.15 contain no identifier and cannot be tied to your account, so technically these rights do not apply to them. The effective control is the opt-out toggle in Settings, which stops new snapshots from being generated.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

Bayerisches Landesamt fuer Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de

11. Children’s Privacy

Dopafy is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe that a child under 16 has provided us with personal data, please contact us immediately at info@inzpyre.me, and we will take steps to delete such data.

12. Push Notifications

Dopafy may send push notifications for routine reminders, check-in prompts, goal reminders, and motivational messages. You can enable or disable notifications at any time through your device settings. We use Apple Push Notification service (APNs) to deliver these notifications.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the “Last updated” date at the top of this page
Notify you through the App where appropriate
Provide a reasonable notice period before changes take effect

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

14. Contact

If you have any questions about this Privacy Policy or your personal data, please contact us:

Alexander Alber (Einzelunternehmer)
Toemlingerstr. 21
81375 Muenchen, Germany
Email: info@inzpyre.me
Website: www.dopafy.app