Privacy Policy

Last updated: March 24, 2026

Welcome to Dopafy (www.dopafy.app). We take the protection of your personal data seriously. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information.

Dopafy is operated by Alexander Alber (Einzelunternehmer), Toemlingerstr. 21, 81375 Muenchen, Germany (“we”, “us”, “our”).

1. Data Controller

The data controller responsible for your personal data is:

Alexander Alber
Toemlingerstr. 21
81375 Muenchen, Germany
Email: info@inzpyre.me

2. What Data We Collect

2.1 Account Data

When you create an account using Apple Sign-In or email-based authentication (magic link), we receive:

• Your Apple ID user identifier (a unique, anonymous token) — Apple Sign-In only
• Your name (if you choose to share it) — Apple Sign-In only
• Your email address (directly provided, or an Apple-generated relay address if you choose “Hide My Email”)

2.2 Onboarding & Profile Data

During the onboarding questionnaire, you provide information such as:

• Age, fitness level, and health goals
• Work schedule and lifestyle preferences
• Dietary preferences and restrictions
• Sleep habits and wellness interests
• Available fitness equipment
• Focus areas and personal goals
• Priority ranking across 6 life categories (sports, wellbeing, focus, nutrition, recovery, energy)
• Leisure activity preferences (nature, creativity, social, volunteering, culture, discovery, mindfulness, wellness)
• Symptom self-assessment and mental state baseline
• Wellbeing, energy, and concentration baselines (1–10)

2.3 Health Data (Apple HealthKit)

If you choose to connect Apple Health, Dopafy reads the following data from your device:

• Daily step count
• Sleep analysis (duration, sleep stages, bedtime, wake-up time, up to 7-day history)
• Workouts (type, duration, count)
• Nutrition data (calories consumed, protein, carbohydrates, sugar, water intake, caffeine intake including last intake time)
• Mindful minutes (meditation sessions)
• Resting heart rate and Heart Rate Variability (HRV)
• Weight and body fat percentage
• All available historical data for AI analysis (collected since account creation)

You can control HealthKit integration through the following toggles in Settings:

• HealthKit connection (on/off)
• Auto-track sleep
• Step bonus points
• Auto-complete workouts
• Personalized recommendations (see §6 for details on AI analysis)

Important: HealthKit data is read locally on your device. It is only transmitted to our servers if you explicitly grant consent for AI-powered health analysis (see §6).

2.4 Usage Data

As you use the App, we collect:

• Routine completion status and streaks
• Dopamine score and achievement data
• Bad habit check-in entries
• Gratitude journal entries
• Weekly reflection responses, including wellbeing, concentration, and energy scores (1–10) and free-text energizers/drains

2.5 Goals Data

If you use the Goals module, we store:

• Goal titles, descriptions, and types (metric, milestone, or binary)
• Milestones and progress entries
• Deadlines and completion status

2.6 Career Check-in Data

If you use the Career Check-in feature, we store:

• Satisfaction, fun, learning curve, and stress scores (1–10)
• Free-text problem descriptions and reflection notes
• Career baselines captured during onboarding

2.7 Calendar Integration (Local Only)

Dopafy can write your routines as events to your iOS Calendar via EventKit. This data stays entirely on your device and is never transmitted to our servers.

2.8 Technical Data

We automatically collect minimal technical data required to operate the service:

• Device type and operating system version
• App version
• Preferred language

2.9 Data We Do Not Collect

We want to be transparent about what we do not collect:

• We do not use any analytics or tracking services
• We do not collect location data
• We do not collect or store payment information (handled entirely by Apple)
• We do not use advertising SDKs or share data with advertisers
• We do not collect or transmit screen time duration data, app usage statistics, or the names of apps you select for blocking — all Screen Time data stays on your device

2.10 External Links

The app references the Arthur Brooks Happiness Scale (learn.arthurbrooks.com) as an educational resource within the Weekly Reflection feature. This link opens in Safari. We do not share any data with this website, and no information is transmitted when you visit it through the app.

2.11 Screen Time & Digital Wellness Data (Local Only)

If you enable the Screen Time management features, the following data is stored locally on your device in the App Group container:

• Opaque app and category tokens provided by Apple’s Family Controls framework (these tokens cannot reveal the names of your apps)
• Digital Sunset schedule settings (sunset and sunrise times)
• Daily screen time limit settings and threshold data
• Temporary unlock override status and expiry timestamps
• Unlock wait-timer configuration

Important: All Screen Time data remains entirely local in the App Group container shared between the main app and its on-device extensions. No Screen Time data is transmitted to our servers, Supabase, or Anthropic. The opaque tokens provided by Apple cannot be used to determine the names of your apps.

Dopafy uses four on-device App Extensions to manage Screen Time features:

• DeviceActivityMonitor: Monitors screen time thresholds and sunset schedules
• DeviceActivityReport: Generates screen time usage reports displayed within the app
• ShieldConfiguration: Customizes the appearance of app blocking screens
• ShieldAction: Handles user interaction with blocking screens (e.g., unlock requests)

3. How We Use Your Data

We use your personal data for the following purposes:

• Providing the service: Generating personalized daily and weekly routines, meal suggestions, and workout plans based on your questionnaire responses
• AI plan generation: Your onboarding data is sent to Anthropic (Claude AI) via a Supabase Edge Function to create personalized plans tailored to your goals and preferences
• AI health analysis (with consent): If you grant explicit consent, your health summaries, dopamine scores, habit entries, weekly reflections, and career baselines are sent to Anthropic (Claude AI) for personalized insights (see §6)
• AI meal suggestions: Your dietary preferences are sent to Anthropic (Claude AI) to generate personalized meal recommendations
• Progress tracking: Calculating your dopamine score, maintaining streaks, tracking goal progress, and providing statistics
• Calendar integration: Writing routine events to your local iOS Calendar (data stays on device)
• Notifications: Sending routine reminders, check-in notifications, and goal reminders (only if you grant permission)
• Digital wellness: Managing app blocking schedules, screen time limits, and temporary unlock flows based on your configured preferences (all processing happens locally on your device)
• Service improvement: Understanding usage patterns to improve the App’s features and user experience
• Account management: Managing your subscription and providing customer support

4. Legal Basis for Processing (GDPR Art. 6)

We process your personal data on the following legal bases:

• Contract performance (Art. 6(1)(b) GDPR): Processing is necessary to provide the App’s services as outlined in our Terms of Service, including AI-generated plan creation during onboarding and Screen Time management features that you actively configure and request
• Consent (Art. 6(1)(a) GDPR): For push notifications, optional data sharing during onboarding, and AI-powered health data analysis. AI health analysis requires separate, explicit consent which can be withdrawn at any time
• Legitimate interest (Art. 6(1)(f) GDPR): For service improvement, security, and fraud prevention

5. Data Storage & Security

Your data is stored using Supabase, a secure backend-as-a-service platform. Supabase stores data on servers located in the European Union.

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS/SSL)
• Encryption of data at rest
• Row-level security policies ensuring users can only access their own data
• Secure authentication via Apple Sign-In and email magic link
• JWT-based authentication on all server functions, ensuring only authenticated users can access their data
• Sensitive identifiers stored in the iOS Keychain (Apple’s hardware-backed secure enclave) rather than standard app storage
• Input sanitization on all AI-powered functions to prevent data manipulation

6. AI-Powered Analysis & Consent

6.1 Plan Generation

During onboarding, your questionnaire responses (lifestyle preferences, fitness level, dietary needs, etc.) are sent to Anthropic (Claude AI) via a Supabase Edge Function to generate your personalized routine plan. This processing is covered by the legal basis of contract performance. No health data from Apple HealthKit is included in this step.

6.2 Meal Suggestions

Your dietary preferences and restrictions are sent to Anthropic (Claude AI) to generate personalized meal recommendations. This processing is covered by the legal basis of contract performance.

6.3 Daily Work Planning

When you use the “Plan My Day” feature, your daily goal, work topics, available free time slots, sleep preference, work schedule, and existing routine schedule are sent to Anthropic (Claude AI) to generate an optimized daily work plan. This processing is covered by the legal basis of contract performance. No health data from Apple HealthKit is included.

6.4 Health & Behavioral Data Analysis (Requires Explicit Consent)

If you choose to use the AI health analysis feature, the following data is sent to Anthropic (Claude AI) for analysis:

• Health summaries (steps, sleep, workouts — all available history)
• Nutrition summaries (calories, protein, carbohydrates, sugar, water, caffeine)
• Vitals (resting heart rate, HRV)
• Body metrics (weight, body fat percentage)
• Dopamine scores
• Bad habit check-in entries
• Routine completion data
• Weekly reflection responses (wellbeing, concentration, energy scores and free-text entries)
• Career check-in baselines (if available)
• User priority rankings

Before the first AI analysis, you will see an explicit consent dialog explaining what data is sent. You must actively agree before any data is transmitted. You can withdraw consent at any time in Settings > Apple Health > “AI Data Analysis Consent”.

6.5 How Anthropic Processes Your Data

• Data is processed per request and is not stored by Anthropic after processing
• No personally identifiable information (name, email address, Apple ID) is sent to Anthropic
• Anthropic does not use your data for model training
• All data is transmitted via TLS-encrypted connections

7. Data Sharing & Subprocessors

We do not sell, rent, or trade your personal data. We share data only with the following subprocessors, strictly for operating the App:

• Supabase (Supabase Inc.): Backend infrastructure, database hosting, authentication, and Edge Functions. Data is stored on servers in the European Union
• Apple (Apple Inc.): Authentication via Apple Sign-In, email-based magic link authentication, payment processing via the App Store, push notifications via Apple Push Notification service (APNs), HealthKit data access on device, and Family Controls framework for on-device Screen Time management (no data is transmitted to Apple servers)
• Anthropic (Anthropic PBC): AI-powered plan generation, meal suggestions, and health analysis (consent-only). Data is transmitted via Supabase Edge Functions, processed per request, not retained by Anthropic, and no personally identifiable information is shared

We do not share your data with any other third parties, advertisers, or analytics providers.

8. Buddy / Accountability Partner

Dopafy offers an optional Buddy feature that allows you to invite an accountability partner:

• You provide your buddy’s email address for the purpose of sending an invitation
• Routine completion data may be shared with your buddy to enable mutual accountability
• The buddy’s email address is stored solely for the invitation purpose and can be removed at any time in your profile settings

9. Data Retention

We retain your personal data for as long as your account is active and you maintain an active subscription. Specifically:

• Account data: Retained until you request account deletion
• Usage data (routines, streaks, scores): Retained for the duration of your account
• Questionnaire responses: Retained to enable ongoing plan generation
• Goals data: Retained for the duration of your account
• Career check-in data: Retained for the duration of your account
• AI analysis results: Stored locally on your device and not retained on our servers
• Screen Time data: Stored locally on your device only; automatically cleared when you disable the feature, revoke Family Controls authorization, or delete your account

When you delete your account through the App, all your data on our servers is permanently removed. Additionally, all data stored locally on your device (routine history, scores, goals, reflections, and cached identifiers) is immediately and automatically cleared. Any data not yet deleted will be removed within 30 days, except where retention is required by law (e.g., for tax or accounting purposes).

10. Your Rights Under GDPR

As a data subject in the European Union, you have the following rights:

• Right of access (Art. 15 GDPR): You can request a copy of your personal data at any time
• Right to rectification (Art. 16 GDPR): You can request correction of inaccurate data
• Right to erasure (Art. 17 GDPR): You can request deletion of your personal data (“right to be forgotten”)
• Right to restriction of processing (Art. 18 GDPR): You can request that we limit how we use your data
• Right to data portability (Art. 20 GDPR): You can export your data directly from the App in a structured, machine-readable JSON format via Settings, or request it by contacting us
• Right to object (Art. 21 GDPR): You can object to processing based on legitimate interests
• Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at info@inzpyre.me. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

Bayerisches Landesamt fuer Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de

11. Children’s Privacy

Dopafy is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe that a child under 16 has provided us with personal data, please contact us immediately at info@inzpyre.me, and we will take steps to delete such data.

12. Push Notifications

Dopafy may send push notifications for routine reminders, check-in prompts, goal reminders, and motivational messages. You can enable or disable notifications at any time through your device settings. We use Apple Push Notification service (APNs) to deliver these notifications.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the “Last updated” date at the top of this page
• Notify you through the App where appropriate
• Provide a reasonable notice period before changes take effect

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

14. Contact

If you have any questions about this Privacy Policy or your personal data, please contact us:

Alexander Alber (Einzelunternehmer)
Toemlingerstr. 21
81375 Muenchen, Germany
Email: info@inzpyre.me
Website: www.dopafy.app