Liora

Liora Privacy Policy

Effective date: [TODO — set on publication] Last updated: July 2, 2026 (draft)

Liora ("Liora," "we," "us") is an iOS app that helps women in the menopause transition understand patterns in their own symptoms and health data. This policy explains what we collect, why, where it lives, who processes it, and the controls you have. We have tried to write it the way we write everything else: plainly.

The short version:

  • We collect only what the app needs to work: your email, your self-declared menopause stage, your symptom logs, and — with your permission — read-only daily summaries from Apple Health.
  • We never sell your data. We never share it with advertisers. There are no third-party ads or advertising trackers in Liora.
  • Apple Health access is read-only. Liora never writes to Apple Health.
  • You can export all of your data and delete your account yourself, in Settings, any time, no support ticket required.

1. Who we are

Liora is operated by [TODO — legal entity name and address; if operating as a sole proprietor pre-incorporation, state that and provide a mailing address]. Contact: hello.getliora@gmail.com.

This policy covers the Liora iOS app and the liora.openzentra.com website, including the website waitlist form.

2. Information we collect

2.1 Information you give us

  • Account information. Your email address and a password, used to sign in and for essential service messages (confirmation, password reset). Sign in with Apple is also available; if you use it, Apple shares only your email (or a private relay address).
  • Profile information. Your self-declared menopause stage (perimenopause, menopause, surgical, induced, or unsure) and the symptoms you choose to prioritize. Always editable, never required to be "accurate" — it's your description of you.
  • Symptom Logs. The symptoms you record: symptom type, a 1–5 severity, an optional free-text note, and the date/time. Free-text notes may contain anything you choose to write; please avoid including other people's personal information.
  • Waitlist email (website only). If you join the waitlist, we store your email solely to send launch notification(s), and delete it if you unsubscribe.

2.2 Information from Apple Health (with your permission)

If — and only if — you grant permission in iOS, Liora reads daily summary values from Apple Health (HealthKit): sleep duration, heart-rate variability (HRV), step count, active energy, and weight.

  • Access is read-only. Liora never writes anything to Apple Health.
  • Missing or partial values are normal and expected; we don't treat them as errors and we don't try to fill the gaps from anywhere else.
  • You can revoke this permission at any time in iOS Settings → Privacy & Security → Health. Liora keeps working; insights simply have less to draw on.
  • Per Apple's rules and our own: HealthKit data is never used for advertising or marketing, never used for data mining, and never disclosed to third parties except sub-processors acting on our instructions to provide the service to you (Section 5).

2.3 Information collected automatically

  • Subscription status. Managed via RevenueCat and Apple. We receive entitlement status (e.g., trialing, active, lapsed) and anonymized transaction identifiers. We never see or store your payment card details — payment is handled entirely by Apple.
  • Push notification token. If you enable notifications, an Expo push token that lets us deliver notifications (e.g., "your Weekly Insight is ready") to your device.
  • Basic technical data. Device model, OS version, app version, and timezone (used to deliver your Weekly Insight on Sunday morning your time), plus crash and error diagnostics [TODO — confirm final crash-reporting vendor and add to Section 5 if used].

2.4 What we deliberately do NOT collect

No advertising identifiers. No third-party analytics trackers. No location tracking. No contact-list access. No social logins other than Sign in with Apple [TODO — confirm at submission]. No data purchased from data brokers.

3. How we use your information

We use To
Email Sign you in and send essential service messages (confirmation, password reset)
Menopause stage & priority symptoms Personalize onboarding, your Baseline Reflection, and insight relevance
Symptom Logs + Apple Health daily summaries Compute your Weekly Insight: deterministic pattern statistics over your own week
Derived aggregates (see Section 4) Have an AI model phrase your insight in plain language
Subscription status Know whether your trial or membership is active
Push token Deliver the notifications you've turned on
Technical data Keep the app working, fix crashes, deliver insights in your timezone

We do not use your information for advertising, for sale or rental to anyone, for training AI models, or for any purpose incompatible with the ones above.

4. AI processing — exactly what leaves our database

Liora's insights are computed in two steps, and the distinction matters for privacy:

  1. Our own code (running on our servers) computes the statistics: which symptoms clustered with short sleep, low HRV, low activity, and so on. No AI service is involved in finding patterns.
  2. Anthropic's Claude API is then used only to phrase those findings in plain language. We send it derived aggregates — e.g., "hot flashes averaged 4/5 on nights with under 6 hours of sleep" — together with first-name-free, email-free context. We do not send your email address, your account identifiers, or your raw Apple Health data stream.

Anthropic processes this data as our service provider under its commercial terms, which by default prohibit using API inputs and outputs to train its models [TODO — attorney to verify current Anthropic Commercial Terms of Service and, if appropriate, reference a signed DPA]. Every AI-generated insight passes through our server-side Banned-Phrase Filter before it is stored or shown, which blocks diagnostic or prescriptive framing.

5. Where your data lives, and who processes it

Your data is stored in a Supabase-hosted PostgreSQL database located in the United States, encrypted in transit (TLS) and at rest. Row-level security restricts every record to your account. A local copy of your recent logs also lives on your device (so logging works offline) protected by iOS device encryption.

Sub-processors we use to provide the service:

Provider What they do for us What they process
Supabase (US-hosted) Database, authentication, server functions Account, profile, Symptom Logs, Health Metric daily summaries, insights
Anthropic AI phrasing of insights Derived, identifier-free aggregates (Section 4)
RevenueCat Subscription management Anonymized subscriber ID, entitlement and transaction status
Apple Payment, App Store distribution, HealthKit Payment details (Apple only — we never see them)
Expo (Expo Application Services) Push notification delivery Push token, notification payloads

[TODO — attorney: confirm DPAs / standard terms are in place with each provider; add crash-reporting vendor if adopted.]

We do not sell personal information, we do not "share" it for cross-context behavioral advertising (as those terms are defined by the CCPA/CPRA), and we have not done either in the preceding 12 months.

6. Your controls — built into the app

Both of these are self-service in Settings, aligned with Apple App Store Review Guideline 5.1.1(v). No email, no support ticket, no retention flow:

  • Export your data. Settings → Export my data produces a complete JSON file of your account, logs, health-metric summaries, and insights, delivered via the iOS share sheet to wherever you choose.
  • Delete your account. Settings → Delete my account permanently deletes your account and associated data from our production systems. Residual copies in encrypted backups are purged within [TODO — confirm backup retention window, e.g., 30] days. Deletion is irreversible; export first if you want a copy.

You can also: revoke Apple Health access in iOS Settings at any time; turn off notifications in iOS Settings or in-app; and manage or cancel your subscription in your Apple ID settings.

7. Your privacy rights (US state laws)

If you live in California, you have rights under the CCPA/CPRA: to know/access, to delete, to correct, to data portability, to opt out of sale or sharing (we do neither), to limit use of sensitive personal information (we use it only to provide the service you asked for, which does not require a limit request), and to non-discrimination for exercising your rights. Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and other states with comprehensive privacy laws have similar rights.

Your symptom logs and health metrics are "sensitive personal information" under these laws. We process them only to provide the service you explicitly signed up for.

How to exercise your rights: use the in-app export and deletion tools (fastest), or email hello.getliora@gmail.com. We verify requests via your signed-in account or a confirmation to your account email, respond within the statutory window (generally 45 days), and you may use an authorized agent where the law provides for one. If we decline a request, you may appeal by replying to our response [TODO — attorney: confirm appeal process language for states that require it].

We do not respond to browser "Do Not Track" signals because we do not track you across sites; the website sets no advertising or analytics cookies. If enabled, website analytics use Plausible, a cookie-free service that stores no personal data and cannot identify you across sites [TODO — attorney: if a GPC-relevant context arises, honor Global Privacy Control].

8. Retention

We keep your data while your account exists so your history and insights keep working — your years of patterns are the product. If you delete your account, production data is deleted immediately and backups are purged within [TODO] days. Waitlist emails are deleted on unsubscribe or after launch outreach completes. If your membership lapses, your data is preserved (so you can return), unless and until you delete your account.

9. Security

TLS everywhere in transit; encryption at rest; row-level security on every table; service credentials never shipped in the app; access to production limited to the operator. No system is perfectly secure — if we learn of a breach affecting your personal data, we will notify you and regulators as applicable law requires.

10. Children

Liora is designed for adults navigating the menopause transition and is not directed to anyone under 18. We do not knowingly collect data from children under 13. If you believe a child has provided us data, contact hello.getliora@gmail.com and we will delete it.

11. Not medical advice

Liora describes patterns in your own data. It does not provide medical advice, diagnosis, or treatment, and it is not a medical device. See our Terms of Service for the full disclaimer.

12. Changes to this policy

If we change this policy materially, we'll notify you in the app and/or by email before the change takes effect, with a plain-language summary of what changed. The current version always lives at liora.openzentra.com/privacy.

13. Contact

hello.getliora@gmail.com · [TODO — mailing address] [TODO — attorney: confirm whether a designated CCPA contact method (toll-free number) is required at our scale; most likely exempt below thresholds, but verify.]