Privacy Policy
Last updated: 17 July 2026
Welcome to Exhale, a mobile application by Adev ("we", "us", "our"). Exhale reads your heart data and calendar to compute a real-time stress score, warns you before likely stressful moments, and guides you back to calm with haptic breathing sessions.
Exhale handles health information, so we hold ourselves to a higher bar than a typical app. This Privacy Policy explains exactly what we collect, what stays on your device, what reaches our servers, and why. We never sell personal or health data, and we never use your health data for advertising.
If you have any questions about this Privacy Policy, contact us at [email protected].
1. Definitions
- "User" โ any individual using Exhale.
- "Application" โ the Exhale mobile application, available on iOS and Android.
- "Health Data" โ heart rate, heart rate variability (HRV), resting heart rate, and sleep data read from Apple Health or Health Connect.
- "Calendar Data" โ event titles, times, and attendee information read from your device calendar.
- "Stress Score" โ the 0โ100 score Exhale computes from your Health Data.
2. Information We Collect
Account Information
You can use Exhale anonymously, or sign in with Apple, Google, or email (via Firebase Authentication). Depending on the method, we may receive an email address, display name, and an account identifier. We never receive your Apple or Google password.
Health & Fitness Data (Apple Health / Health Connect)
With your explicit permission, Exhale reads heart rate, HRV, resting heart rate, and sleep data from Apple Health (iOS) or Health Connect (Android). This data is processed entirely on your device to compute your Stress Score, hourly trend bars, and heads-up warnings. Raw Health Data is not uploaded to our servers and is not visible to us.
Calendar Data
With your explicit permission, Exhale reads your device calendar (event titles, start/end times, and attendees) on a read-only basis. This is used entirely on your device to correlate your stress peaks with specific meetings or events ("what caused it") and to warn you before similar events in the future. Calendar Data is never uploaded to our servers.
Wellness Check-Ins & Session Data
When you complete a breathing session, Exhale may send a lightweight check-in to our backend โ for example, that a session was completed and an optional mood you selected afterward. This is used to sync your subscription-gated history across devices and is linked to your account, not to your raw Health or Calendar Data.
Subscription & Payment Information
Subscriptions are billed through the Apple App Store or Google Play Store. We use RevenueCat to manage subscription status (active, trial, expired). We never collect or store your payment card details.
Technical & Usage Information
We automatically collect limited technical data: device type, operating system, app version, crash reports, error logs, and coarse usage analytics (e.g., which screens are opened) via Firebase Analytics and Crashlytics. This technical/analytics layer never includes your Health Data or Calendar Data.
Push Notification Token
If you enable notifications, we store a device push token (via Firebase Cloud Messaging) to deliver heads-up alerts and reminders.
3. How We Use Information
We use collected information solely to: compute your Stress Score and insights, warn you of likely stressful events, authenticate you, manage your subscription, sync your session history across your devices, maintain security, diagnose technical issues, and respond to support requests.
We do not sell, rent, or trade personal or health data. We never use Health Data or Calendar Data for advertising, marketing, or any purpose other than providing Exhale's stress-tracking features to you.
4. On-Device Processing โ Your Stress Score
Exhale's core design principle is that biometric and calendar data should never leave your phone unless absolutely necessary. Your Stress Score, hourly bars, trigger detection, and heads-up forecasts are all computed locally on your device using the Health Data and Calendar Data already on it. Only the outputs you choose to act on (like logging a completed breathing session) may sync to our backend.
5. HealthKit Data โ Our Commitment
In accordance with Apple's App Store guidelines for apps using HealthKit, we commit that:
- We will never sell your Health Data to advertising platforms, data brokers, or information resellers.
- We will never use your Health Data for advertising, marketing, or any purpose other than providing you with Exhale's stress-tracking and wellness features, unless you give clear, explicit, separate consent.
- Health Data read via HealthKit is used and disclosed only for the purposes disclosed in this Privacy Policy and at the point of collection.
- You can revoke Exhale's access to Apple Health at any time in Settings โ Privacy & Security โ Health โ Exhale, or the equivalent Health Connect permissions screen on Android.
6. Data Sharing & Third-Party Service Providers
We do not sell personal or health data. Information is shared only with trusted providers necessary to operate the Service:
- Apple Health / Health Connect โ the data source; Health Data is read on-device and is not sent back to Apple/Google by us.
- Firebase (Google) โ authentication, cloud database (Firestore) for account/subscription state and check-ins, push notifications, crash reporting, and non-health usage analytics.
- RevenueCat โ subscription status management.
- Apple App Store / Google Play Store โ payment processing.
- Hosting and cloud infrastructure providers.
Information may also be disclosed if required by law, to protect rights or safety, or to investigate fraud or abuse.
7. Data Security
We implement technical and organizational safeguards including HTTPS-encrypted communications, restricted server access, authentication protections, and regular security updates. No system can guarantee absolute security.
8. Data Retention
- Health Data and Calendar Data are processed on your device and are not retained on our servers at all.
- Account information is retained while your account is active.
- Check-in / session history is retained until you delete your account or request removal.
- Technical logs are retained for up to 12 months.
- Billing records are retained by Apple/Google/RevenueCat under their own legal obligations.
You may request deletion of your account and associated data at any time via [email protected].
9. Your Rights
Depending on applicable law (including the GDPR if you are in the EU/EEA), you may have the right to access, rectify, delete, restrict, or object to the processing of your personal data, and to data portability. Submit requests to [email protected] โ we respond within a reasonable timeframe and in accordance with applicable law.
10. Children's Privacy
Exhale is not intended for children under 16. Health data is sensitive, and we do not knowingly collect it from children. If we learn that we have collected personal or health data from a child under 16, we will delete it as soon as possible. Parents or guardians may contact us at [email protected].
11. Third-Party Platforms
Exhale is an independent application and is not affiliated with, endorsed by, or sponsored by Apple, Google, or any calendar or health-data provider. "Apple Health," "HealthKit," and "Health Connect" are trademarks of their respective owners.
12. International Data Transfers
We may use infrastructure located in multiple countries for account and subscription data; personal information may therefore be transferred internationally. Where such transfers occur we implement reasonable safeguards in accordance with applicable legal requirements. Your Health Data and Calendar Data, being processed on-device, are not subject to this section.
13. Not Medical Advice
Exhale's Stress Score and insights are wellness tools, not medical devices. They are not intended to diagnose, treat, cure, or prevent any disease or medical condition, and should not replace professional medical advice. If you are experiencing a medical or mental health emergency, contact emergency services or a qualified professional immediately.
14. Analytics
The Application uses limited, non-health analytics and crash-reporting technologies (usage measurement, performance, bug detection). You can control certain permissions and tracking settings through your device's operating-system settings.
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The latest version is always available in the Application and on this page. Continued use of the Service after updates constitutes acceptance of the revised policy.
16. Governing Law
This Privacy Policy is governed by and interpreted in accordance with the laws of the Netherlands. Any dispute arising from it falls under the exclusive jurisdiction of the competent Dutch courts.
