Privacy Policy — Heal

1. Introduction

Heal is designed with a privacy-first approach. We collect only the strict minimum necessary for the application to function correctly and to improve your experience.

This policy explains what data is collected, why, and your rights regarding it.

Data Controller:

MATIS ENZO MALANDRINO

69 AVENUE DE LA REPUBLIQUE, SEYSSINET BP, 38173 SEYSSINET PARISET CEDEX, FRANCE

Email: contact@healdaily.app

2. What we do NOT collect

To be transparent:

❌ No name, first name or email

❌ No user account

❌ No location

❌ No health data

❌ Advertising identifier (IDFA): we do not access the Apple advertising identifier unless you grant permission through Apple’s App Tracking Transparency prompt. If you decline, we do not use the IDFA for advertising tracking.

❌ We do not intentionally send sensitive personal content, such as personal affirmations, journal-style text, emotional notes, health information, or mental health-related content, to TikTok or any other partner for advertising measurement.

❌ No custom backend — your data does not transit through our servers

3. What we collect

3.1 Anonymous Analytics — PostHog

We use PostHog to understand how users progress through onboarding and to improve the application.

• Onboarding events: Anonymous (Measure retention, identify friction points)

• Response to the onboarding field 'How did you hear about Heal?': Free text, not linked to a profile (Understand our acquisition channels)

This data does not allow us to personally identify you. PostHog assigns a random technical identifier to each session. This identifier is not linked to your identity and is reset with each new installation.

Legal basis (GDPR): Legitimate interest (Article 6.1.f) — service improvement via anonymous analytics.

Processor: PostHog, Inc. (San Francisco, USA). Privacy Policy: https://posthog.com/privacy. Transfer outside the EU governed by the European Commission's Standard Contractual Clauses (SCC).

3.2 Apple Data

Apple independently collects certain data via the App Store: downloads, purchases, crash reports. We only have access to aggregated and anonymised statistics via App Store Connect.

Apple Privacy Policy: https://www.apple.com/privacy

3.3 In-App Purchases — RevenueCat

Payments are fully managed by Apple. We use RevenueCat to manage subscriptions and verify your access to premium features (themes, categories).

Data processed: Purchase history and a unique anonymous identifier.

Why: To ensure you have access to the content you paid for across your devices.

Note: We never see your bank or credit card information.

Processor: RevenueCat, Inc. (USA). Privacy Policy: https://www.revenuecat.com/privacy

3.4 App Events and TikTok App Events SDK

We collect app usage events, product interactions, purchase and subscription events, trial start events, app install and open events, as well as technical or device identifiers where applicable.

We use the TikTok App Events SDK to measure the performance of our TikTok advertising campaigns and understand whether our ads lead to app installs, app launches, free trial starts, purchases, or subscriptions.

Depending on your consent and device settings, TikTok may receive limited app event data, technical information, and advertising identifiers such as the IDFA only if you have allowed tracking through Apple’s App Tracking Transparency prompt.

This data is used solely for advertising attribution, to measure the effectiveness of our TikTok ads and improve our campaigns. It is not used to sell user data, and our app does not display any third-party advertisements.

4. Retention period

PostHog analytical data is kept for 1 year from collection, then automatically deleted.

5. Data sharing

We do not sell your personal data. We may share limited app event data with service providers and advertising measurement partners, such as TikTok, only to measure and improve our own advertising campaigns, where permitted by your consent and applicable law.

The only processors involved are:

• Apple Inc. (App Store, payments, subscriptions, device/platform services, USA - SCC)

• RevenueCat, Inc. (Subscription management and purchase validation, USA - SCC)

• PostHog, Inc. (Product analytics and app usage analytics, USA - SCC)

• TikTok / TikTok For Business (Advertising attribution, campaign measurement, and campaign optimization, only as described in this policy and subject to Apple’s App Tracking Transparency permissions where required)

6. App Tracking Transparency

On iOS, we may ask for your permission through Apple’s App Tracking Transparency prompt before using data to track you across apps or websites owned by other companies.

If you allow tracking, we may use limited identifiers and app event data to measure the effectiveness of our TikTok advertising campaigns.

If you decline, we will not use the IDFA for advertising tracking, and you can still use the app normally.

You can change your choice at any time in your iOS Settings.

7. Your rights

European Union Users (GDPR):

You have the following rights: Access, Rectification, Erasure, Objection, Portability, Limitation.

Since the data collected is anonymous, it is technically impossible to link it to your identity. If you wish to exercise your rights or have a question, contact us at contact@healdaily.app.

You can also file a complaint with your local data protection authority.

California Users (CCPA):

You have the right to know what personal information is collected and to request its deletion. Heal does not sell personal data. Contact us at contact@healdaily.app for any request.

Your choices regarding tracking:

• You can decline Apple's App Tracking Transparency prompt.

• You can change your tracking choices at any time in your iOS Settings.

• You can contact us for any privacy-related requests.

8. Security

Although we do not manage any custom servers, we ensure that our processors (PostHog, Apple) apply appropriate security measures in line with industry standards.

9. Minors

Heal is not intended for children under 13 (or 16 in the EU). We do not knowingly collect any data regarding minors. If you think a minor has used the application, contact us at contact@healdaily.app.

10. Changes

In the event of a substantial change to this policy, you will be informed via the application or the App Store. The update date at the top of this document always indicates the version in effect.

11. Contact

MATIS ENZO MALANDRINO

Email: contact@healdaily.app

Address: 69 AVENUE DE LA REPUBLIQUE, SEYSSINET BP, 38173 SEYSSINET PARISET CEDEX, FRANCE

Policy written in French. In case of translation, the French version prevails.