Effective Date: May 4, 2026Last Updated: May 4, 2026v1.1
This Privacy Policy describes how Aplexity Limited ("we," "our," or "us") collects, uses, and protects information when you use the aiheart mobile application (the "App"). By using the App, you agree to the practices described in this Policy.
Important: aiheart is a wellness and informational app. It is not a medical device and does not provide medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional.
1. Information We Collect
1.1 Information You Provide
Wellness Profile (sent to our backend, and to OpenAI when you use the AI Assistant — see Section 3). During onboarding you provide: biological sex, age, height, weight, and self-reported answers about blood-pressure category, tachycardia, frequent stress, poor sleep, regular medication use, and history of heart problems.
Heart-Rate Records (sent to our backend, and to OpenAI when you use the AI Assistant). The BPM value, the mood/feeling tag, and the timestamp of each measurement.
AI Assistant Input (sent to our backend and to OpenAI). Any text or message you submit to the in-app AI Assistant, plus the prior turns of the same conversation for context.
On-Device-Only Data. Manually entered blood-pressure entries, diary notes, and tags are stored only on your device (in the app's local SwiftData database) and are not sent to our backend or to OpenAI unless you choose to paste them into an AI Assistant message.
Camera Input (Pulse Measurement). When you use the pulse measurement feature, the camera processes the image of your fingertip locally on your device using photoplethysmography to estimate your heart rate. Raw camera frames and the video stream are not uploaded to our servers or to OpenAI — only the resulting BPM number is.
Support Requests. Contact information and message content when you reach out to us by email.
Purchase Information. Subscription and transaction data processed by Apple and our subscription provider (we do not receive your full payment details).
1.2 Information Collected Automatically
Device Information. Device model, iOS version, language, region, and unique device identifiers (IDFA/IDFV where permitted).
Usage Data. Feature interactions, session duration, crash logs, and diagnostics.
1.3 Information from Third Parties
Analytics & Attribution. We use Firebase, AppsFlyer, and similar SDKs to measure app performance and marketing attribution.
Subscription Management. We use Adapty (and Apple's StoreKit) to manage in-app subscriptions.
2. Health Data and On-Device Processing
The pulse detection feature uses your device camera and on-device signal processing (photoplethysmography) to estimate heart rate. The raw video stream stays on your device.
Blood pressure values are self-entered by you — the App does not measure blood pressure automatically.
Health data you record is stored locally on your device. If cloud backup (e.g., iCloud) is enabled, your device OS may back this data up under Apple's terms.
The App is not a medical device. It does not diagnose, treat, cure, or prevent any disease.
3. AI Assistant — Data Sent to a Third-Party AI Service (OpenAI)
Plain-language summary. When you use the in-app AI Assistant, your messages and a snapshot of your wellness profile and recent heart-rate readings are sent from your device to our backend (aiheart.applexitystreams.com, operated by Aplexity Limited) and then forwarded to OpenAI, L.L.C. (a third-party AI service in the United States) for the sole purpose of generating a response. The App shows you an "AI Data Processing" confirmation dialog and nothing is sent until you tap "Continue". If you tap "Cancel", no data leaves your device and the dialog will appear again the next time you try to send an AI request.
3.1 Who receives the data
Aplexity Limited — our backend at https://aiheart.applexitystreams.com, which authenticates your device, stores chat history for your account, and forwards prompts to OpenAI.
Each time you send a message in the AI Assistant, the following is transmitted to OpenAI as the prompt context:
The text of your message (and the prior messages in the same conversation, so the assistant has context).
Your wellness profile collected during onboarding: biological sex, age, height, weight, and your self-reported answers about blood-pressure category, tachycardia, frequent stress, poor sleep, regular medication use, and history of heart problems.
Your most recent heart-rate measurements taken with the App: the BPM value, the mood/feeling tag you attached, and the timestamp.
A random, app-generated user identifier and dialogue identifier needed to maintain the conversation. We do not send your name, email address, phone number, Apple ID, payment data, precise location, IDFA/IDFV, or contacts to OpenAI.
3.3 What is not sent to OpenAI
Raw camera frames or video from the pulse measurement (these never leave your device).
Individual blood-pressure entries you log in the diary (stored only on your device).
Diary notes and tags that are not part of an AI Assistant message.
Subscription and payment data.
Analytics, attribution, and advertising identifiers.
3.4 How OpenAI handles the data
OpenAI processes the data only to generate a response and return it to our backend.
Per the OpenAI API policy, API inputs and outputs are not used to train OpenAI's models by default.
OpenAI may retain API data for a limited period (currently up to 30 days) solely for abuse and misuse monitoring, after which it is deleted, except where longer retention is required by law. See OpenAI API data retention.
OpenAI provides protections that we consider equivalent to those described in this Policy for the purpose of operating the AI Assistant.
3.5 Your consent and how to opt out
Before any AI request is transmitted, the App displays an "AI Data Processing" confirmation dialog that explains what data will be sent and to whom (Aplexity Limited's backend and OpenAI). The dialog offers two choices: Cancel and Continue.
Nothing is sent to our backend or to OpenAI until you tap "Continue". Tapping "Continue" is your explicit consent for that request and for subsequent AI requests in the same session.
If you tap "Cancel", the request is dropped and no data leaves your device. The same confirmation dialog will be shown again the next time you attempt to send an AI request, and will keep appearing on every attempt until you tap "Continue".
You can withdraw consent at any time in Settings → AI Assistant. Withdrawing consent disables the AI Assistant, stops further transmission to OpenAI, and re-enables the confirmation dialog for any future use.
You can also delete your locally stored chat history at any time, or remove the App to delete all on-device data.
3.6 Cautions when using the AI Assistant
Do not submit sensitive personal data (passwords, financial details, government IDs, detailed medical records of yourself or third parties, etc.) to the AI Assistant.
AI responses are informational only and are not medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional.
4. How We Use Information
Operate core features (pulse measurement, health diary, AI chat, tips);
Process subscriptions and purchases;
Improve performance, fix bugs, and prevent abuse;
Measure marketing and attribution;
Comply with legal obligations.
5. Legal Bases (GDPR/UK GDPR)
Where applicable, we process personal data on the basis of: (a) performance of a contract, (b) our legitimate interests (product improvement, security), (c) your consent (where required, e.g., tracking, sensitive data), and (d) legal compliance.
6. Sharing of Information
We do not sell your personal data. We share data only with:
Service providers — OpenAI, Firebase (Google), AppsFlyer, Adapty, Apple, and cloud infrastructure providers, strictly to deliver the App's functionality.
Legal authorities — when required by law.
Successors — in the event of a merger, acquisition, or asset sale.
We do not share your identifiable health data with advertisers.
7. Data Retention
We retain personal data only for as long as necessary for the purposes described here or as required by law. Health and diary data you enter remain on your device until you delete the data or the App. Diagnostics and analytics are typically retained for up to 24 months. AI Chat prompts sent to OpenAI are handled per OpenAI's retention policy.
8. Your Rights
Depending on your jurisdiction (EEA, UK, California, etc.), you may have the right to:
Access, correct, or delete your personal data;
Object to or restrict processing;
Withdraw consent;
Port your data;
Lodge a complaint with a supervisory authority.
You can also delete all locally stored health and chat data at any time by removing the App from your device.
The App is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will delete it.
10. Security
We use industry-standard technical and organizational measures (encryption in transit, access controls). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
11. International Transfers
Your data may be processed in countries outside your own, including the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.
12. Permissions We Request
Camera — to measure your pulse via fingertip photoplethysmography.
Notifications (optional) — to remind you to track measurements and deliver tips.
Tracking (ATT) (optional) — to allow personalized advertising and attribution, only if you consent via Apple's App Tracking Transparency prompt.
You can revoke these permissions at any time in iOS Settings.
13. Changes to This Policy
We may update this Policy from time to time. Material changes will be announced in the App or via the App Store listing. Continued use after changes means you accept the updated Policy.