POTS Check Privacy Policy

1. Introduction

This Privacy Policy describes how POTS Check ("the App," "we," "us," or "our"), developed by Cascade Agentic Labs LLC, collects, uses, stores, and protects your personal information and health data.

Key Points:

• We never sell your health data to third parties
• All data is encrypted at rest on your device
• All data remains on your local device (no cloud storage)
• You have full control over data export and deletion
• We comply with Apple's HealthKit privacy requirements
• Secure Account is now free (subscription barriers removed)

2. Information We Collect

2.1 Health Data

POTS Check collects the following health information to provide wellness tracking functionality:

Data Type	Source	Purpose	Storage
Heart Rate	Apple Watch via HealthKit (READ access)	Measure orthostatic heart rate response during test	Local device, encrypted
Blood Pressure	Manual entry by user	Track blood pressure changes during standing	Local device, encrypted
Age (Month/Year)	User input	Apply age-appropriate POTS screening thresholds	Local device, encrypted
Symptom Notes	Optional user input	Track symptoms during test (max 100 characters)	Local device, encrypted
Posture Data	iPhone Core Motion sensors	Validate standing posture during test	Local device, not persisted
Workout Session	HealthKit WRITE access	Enable continuous heart rate monitoring during test	HealthKit (Apple manages)
Health Profile	Optional Apple Health import (Secure Account only)	Baseline vitals context: BP history, HRV, resting/walking HR, respiratory rate for POTS test interpretation	Local device, encrypted

Important Notes:

• We do NOT collect full date of birth—only month and year
• We do NOT track your location during tests
• We do NOT require name, email, or other identifying information
• Health Profile import is entirely optional (Secure Account only) and requires separate permission grants
• Blood pressure can be optionally imported from third-party HealthKit devices for baseline context only - during tests, BP is still entered manually

2.2 Technical Data

We collect minimal technical data necessary for app functionality:

• Device Model: iPhone/Apple Watch model for UI optimization
• OS Version: iOS/watchOS version for compatibility
• App Version: POTS Check version for troubleshooting
• Crash Logs: Anonymized crash reports (if you opt in to share with Apple)

We do NOT collect:

• Device identifiers (UDID, advertising ID)
• IP addresses or network information
• Biometric data beyond heart rate

2.3 Anonymous Usage Analytics

Effective: Current version and later

To improve app experience and identify issues, we collect anonymous usage analytics via TelemetryDeck, a privacy-first analytics service:

What We Collect:

• App Usage Events: Onboarding steps, test starts/completions, feature usage (e.g., PDF export, Apple Health import)
• Technical Context: App version, build number, iOS/watchOS version, device model (e.g., "iPhone15,2")
• Funnel Data: Timestamps for conversion analysis (e.g., time between onboarding steps)
• Error Events: Error codes and contexts (e.g., "watch_sync_failed") for troubleshooting
• Anonymous User ID: Random UUID generated by TelemetryDeck (NOT tied to Apple ID, email, or device UDID)

What We Do NOT Collect:

• ❌ No PII: Names, emails, phone numbers, addresses, Apple IDs
• ❌ No Health Data: Heart rates, blood pressure values, symptom details, test results
• ❌ No Age Data: Only ageGroup ("pediatric" or "adult"), not actual birth date
• ❌ No Location: IP addresses, GPS coordinates, or network information
• ❌ No Identifiers: Device serial numbers, advertising IDs, or persistent identifiers

How Analytics Work:

Anonymous usage analytics are disabled by default. During onboarding, you will be asked if you want to share anonymous usage data to help improve the app. You can:

• Opt In: Choose "Share Anonymous Data" during onboarding
• Decline: Choose "No Thanks" to keep analytics disabled
• Change Later: Toggle analytics on/off at any time in Settings

How to Change Analytics Setting:

1. Open Settings in POTS Check
2. Navigate to Data & Privacy section
3. Toggle "Share Anonymous Usage Data" on or off

When disabled, no analytics events will be sent to TelemetryDeck. This does NOT affect app functionality.

Note for Existing Users: If you installed POTS Check before November 20, 2025, your current analytics setting is preserved.

Data Processor:

• Service: TelemetryDeck (privacy-first analytics platform)
• Data Residency: EU servers (GDPR-compliant)
• Retention: 30 days by default (aggregated insights retained longer)
• Privacy Policy: TelemetryDeck Privacy Policy

Purpose: Analytics help us identify onboarding drop-off points, test completion rates, watch connectivity issues, and feature adoption—allowing us to improve the app for all users.

3. How We Use Your Information

3.1 Primary Uses

Your health data is used exclusively for the following purposes:

• Test Analysis: Calculate heart rate changes and identify POTS-consistent patterns
• Results Display: Generate test summaries and posture quality scores
• Historical Tracking: Enable trend analysis across multiple tests (Secure Account only)
• Health Profile Baseline: Import and display baseline vital signs from Apple Health for clinical context and comparison (Secure Account only, optional)
• Data Export: Generate PDF reports and RDF/Turtle files for sharing with healthcare providers (can optionally include Health Profile data)

3.2 Prohibited Uses

We will NEVER use your health data for:

• ❌ Advertising or marketing purposes
• ❌ Sale to third-party data brokers
• ❌ Training machine learning models
• ❌ Profiling or behavioral analysis beyond test functionality
• ❌ Sharing with insurance companies, employers, or government agencies

4. Data Storage and Security

4.1 Two-Tier Architecture

POTS Check offers two modes with different storage approaches:

Guest Mode (Free)

• Storage: In-memory only (RAM) during active session
• Persistence: None—data automatically deleted when app closes or new test starts
• Encryption: Not applicable (no persistent storage)
• Limit: Single test only (starting new test replaces previous result)
• Export: PDF with "Guest Mode" watermark

Secure Account Mode (Free)

• Storage: Local Solid Pod on device
• Persistence: Unlimited test history stored locally
• Encryption: ChaCha20-Poly1305 authenticated encryption at rest
• Format: RDF/Turtle (TTL) following W3C Solid protocol
• Location: ~/Library/Application Support/POTSCheck/wellness/diagnostics/pots-checks/
• Health Profile: Optional import of baseline vitals from Apple Health (BP, HRV, resting/walking HR, respiratory rate)
• Backup: Local device only; cloud sync planned for future versions

Note: Secure Account is free to create and use. Subscription barriers have been removed to improve accessibility.

4.2 Encryption Details

Encryption Algorithm: ChaCha20-Poly1305 (AEAD)

• 256-bit keys generated using iOS SecureEnclave
• Authenticated encryption prevents tampering
• Nonce (96-bit) ensures unique encryption for each file

Key Storage: iOS Keychain

• Protection level: kSecAttrAccessibleWhenUnlockedThisDeviceOnly
• Keys tied to device (cannot be transferred)
• Protected by device passcode/biometric authentication
• Keys destroyed if device is erased

File Protection: iOS Data Protection

• Level: .completeUntilFirstUserAuthentication
• Hardware-backed encryption (Secure Enclave)
• Files protected when device is locked (first time after boot)

4.3 Data Residency

In the current version of POTS Check:

• ✅ All data remains on your local device
• ✅ No cloud upload or synchronization
• ✅ No server-side processing or storage
• ✅ Export is manual and user-initiated only

Future Cloud Sync: If you choose to enable cloud synchronization in future versions:

• You will select your preferred cloud Solid Pod provider
• Data will remain encrypted in transit (TLS 1.3+)
• You will control access via Solid access control policies
• You can disable cloud sync at any time

5. Data Sharing and Third Parties

5.1 No Sale of Health Data

We will NEVER sell your health data to third parties for monetary compensation. Your health information is not a commodity.

5.2 User-Initiated Sharing Only

The ONLY way your health data leaves your device is if YOU explicitly choose to:

• Export PDF: Generate a PDF report and share it with your healthcare provider
• Export Pod (TTL): Export your Solid Pod data for backup or transfer
• Enable Cloud Sync (Future): Opt in to cloud Pod synchronization with a provider of your choice (planned for future versions)

Sharing requires affirmative action—pre-checked boxes or default sharing are NOT used.

5.3 Service Providers

We may use third-party service providers for:

• Usage Analytics: TelemetryDeck for anonymous app usage tracking (opt-out available in Settings)
• Crash Analytics: Apple crash reporting (anonymized, opt-in only)
• Cloud Hosting (Future): Solid Pod providers if you enable cloud sync

Service providers:

• Are contractually prohibited from using your health data for their own purposes
• Receive only encrypted or anonymized data
• Are required to comply with HIPAA, GDPR, or equivalent privacy regulations
• TelemetryDeck specifically: Does NOT receive health data values, PII, or identifiable information (see Section 2.3 for details)

5.4 Legal Compliance

We may disclose your information if required by law, such as:

• Valid court orders or subpoenas
• Lawful requests by government authorities
• Protection of our legal rights or safety

We will notify you of such requests unless prohibited by law.

6. Your Privacy Rights

6.1 How to Exercise Your Rights

• Access Data: Open Settings → View Test History
• Export Data: Settings → Export → Choose format (PDF or TTL)
• Delete Data: Settings → Delete All Data (requires confirmation)
• Revoke HealthKit: iOS Settings → Privacy → Health → POTS Check → Turn Off
• Opt Out of Analytics: POTS Check Settings → Data & Privacy → Toggle off "Share Anonymous Usage Data"

6.2 Data Retention

Guest Mode: Data deleted immediately when app closes or new test starts

Secure Account: Data retained until you manually delete it—no automatic deletion

Backup Policy: If you delete data, it is permanently removed and cannot be recovered

7. Children's Privacy (COPPA Compliance)

7.1 Age Requirements

• Minimum Age: 13 years old
• Under 13: App cannot be used (blocked by age gate)
• Ages 13-17: Parental consent required

7.2 Parental Controls

If you are a parent or guardian consenting to a minor's use (ages 13-17):

• You have the right to review the minor's test data
• You can request deletion of the minor's data at any time
• You should supervise test sessions for safety
• You are responsible for discussing results with healthcare providers

7.3 No Collection from Children Under 13

We do not knowingly collect health information from children under 13. If we discover we have inadvertently collected such data, we will delete it immediately.

8. International Users and Data Transfers

8.1 Data Residency

All data remains on your local device. No international data transfers occur.

8.2 Future Cloud Sync

If you enable cloud synchronization in future versions:

• You choose your Solid Pod provider location
• Data transfers comply with GDPR (EU users) and CCPA (California users)
• You can request data deletion from cloud providers

8.3 GDPR Rights (EU Users)

European Union users have additional rights under GDPR:

• Right to data portability (export in machine-readable format)
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to lodge a complaint with supervisory authority

8.4 CCPA Rights (California Users)

California residents have rights under CCPA:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt out of sale of personal information (we never sell your data)
• Right to non-discrimination for exercising privacy rights

9. Security Breaches and Incident Response

9.1 Security Measures

We implement industry-standard security practices:

• Encryption at rest (ChaCha20-Poly1305)
• Secure key storage (iOS Keychain)
• No plaintext health data in logs or crash reports
• Regular security audits and updates

9.2 Breach Notification

In the unlikely event of a security breach affecting your health data, we will:

• Notify affected users within 72 hours of discovery
• Provide details on what data was compromised
• Describe steps being taken to mitigate harm
• Offer guidance on protective actions you can take

Note: All data is local-only, significantly reducing breach risk.

10. HealthKit Data Policy

10.1 Apple HealthKit Requirements

In compliance with Apple's HealthKit policies:

• HealthKit data is used solely for app functionality
• HealthKit data is NOT used for advertising or marketing
• HealthKit data is NOT shared with third parties (except via your explicit export)
• HealthKit data is NOT sold or disclosed for profit

10.2 HealthKit Permissions

Required Permissions (All Users)

These permissions are required for test functionality:

• Heart Rate (READ): Required for test execution and live heart rate monitoring
• Workout Sessions (WRITE): Required for continuous heart rate monitoring during test

Optional Permissions (Secure Account Only - Health Profile)

If you choose to import your Health Profile, you may grant access to:

• Blood Pressure (READ): Import historical BP readings from third-party HealthKit-compatible devices for baseline context
• Heart Rate Variability (SDNN) (READ): Import HRV data for cardiovascular health context
• Resting Heart Rate (READ): Import resting HR trends for baseline comparison
• Walking Heart Rate Average (READ): Import walking HR data for activity-level context
• Respiratory Rate (READ): Import respiratory rate for additional autonomic health context

Important Notes:

• Health Profile import is entirely optional - you can use full testing functionality without it
• Health Profile is only available in Secure Account mode (not Guest Mode)
• These permissions are requested only if you choose to import Health Profile from Settings
• All imported Health Profile data is encrypted at rest and never shared with third parties
• Blood pressure import is for historical baseline only - during tests, BP is still entered manually

You can revoke any of these permissions at any time in:

iOS Settings → Privacy & Security → Health → POTS Check

10.3 Health Profile Blood Pressure Import (Optional)

During Tests: All blood pressure readings are entered manually during tests. The app does not measure BP automatically.

Health Profile Import (Optional): If you have a Secure Account and choose to import your Health Profile, you can grant optional access to historical blood pressure data from third-party HealthKit-compatible devices (e.g., Omron, Withings BP cuffs that sync to Apple Health).

Purpose of BP Import:

• Provides baseline blood pressure context for POTS test interpretation
• Shows historical BP trends for clinical discussion
• Helps identify patterns of orthostatic hypotension or hypertension

What is NOT Collected:

• Apple Watch does NOT measure blood pressure (requires separate BP cuff)
• BP import is entirely optional - you can use the app without it
• Health Profile import is only available in Secure Account mode (not Guest Mode)

11. Changes to This Privacy Policy

11.1 Updates

We may update this Privacy Policy to reflect:

• Changes in app functionality or features
• Legal or regulatory requirements
• Improvements to privacy protections

11.2 Notification

We will notify you of significant changes by:

• In-app notification requiring acknowledgment
• Updating the "Effective Date" at the top of this policy
• Requiring re-acceptance of terms on first app launch after update

11.3 Version History

Previous versions of this Privacy Policy are available upon request.

12. Contact Information

13. Additional Resources

• Terms of Use - Legal terms and conditions
• POTS Data Schema - Technical data format documentation
• Apple HealthKit Privacy - Apple's health data policies
• Solid Protocol - Decentralized data ownership standard