Privacy Policy for STUDL.IO

Last Updated: August 2025

Introduction

STUDL.IO ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Biohack mobile application (the "App").

Information We Collect

Personal Information

• Account Information: When you create an account, we collect your email address and username
• Profile Information: Your full name and any additional profile details you choose to provide
• Authentication Data: Login credentials and session information

Health and Wellness Data

• Protocol Information: Biohacking protocols you create or sync, including supplement dosages, tracking parameters, and intervention details
• Health Metrics: Data from Apple HealthKit that you authorize us to access, including:
  • Heart rate and resting heart rate
  • Step count and activity data
  • Sleep analysis
  • Body mass and composition
  • Blood pressure readings
  • Blood glucose levels
  • Oxygen saturation
  • Respiratory rate
  • Body temperature
  • And other health metrics you choose to share

Usage Information

• App Usage: How you interact with the App, including features used and time spent
• Device Information: Device type, operating system version, and app version
• Technical Data: Crash reports, performance data, and error logs

How We Use Your Information

Primary Uses

• App Functionality: To provide and maintain the App's core features
• Protocol Management: To store and sync your biohacking protocols across devices
• Health Tracking: To display your health metrics and progress data
• Progress Analysis: To generate charts and insights about your health optimization journey

Secondary Uses

• App Improvement: To enhance user experience and fix technical issues
• Customer Support: To respond to your questions and provide assistance
• Security: To protect against fraud and ensure account security

Data Storage and Processing

Local Storage

• Health Data: All Apple HealthKit data remains on your device and is never uploaded to our servers
• Protocol Data: Your custom protocols are stored locally and synced to our secure cloud database
• App Settings: Your preferences and settings are stored locally on your device

Cloud Storage

• Protocol Definitions: Only protocol metadata (names, descriptions, parameters) is stored in our cloud database
• User Accounts: Your account information is stored securely using Supabase authentication
• No Health Data: We do not store, transmit, or process your actual health metrics on our servers

Data Sharing and Disclosure

We Do Not Share:

• Health Data: Your Apple HealthKit data is never shared with third parties
• Personal Health Information: Individual health metrics remain private and local to your device
• Protocol Details: Your specific protocol implementations are not shared

We May Share:

• Aggregated Data: Anonymous, aggregated usage statistics for app improvement
• Legal Requirements: Information when required by law or to protect our rights
• Service Providers: Limited data with trusted third-party services (e.g., Supabase for authentication and data storage)

Apple HealthKit Integration

Health Data Access

• Explicit Permission: We only access HealthKit data with your explicit consent
• Granular Control: You can choose which health metrics to share with the App
• Revocable Access: You can revoke HealthKit permissions at any time through iOS Settings
• Local Processing: All health data processing occurs locally on your device

Health Data Privacy

• No Cloud Storage: Health metrics are never uploaded to our servers
• No Third-Party Sharing: We do not share your health data with any third parties
• Secure Transmission: Health data is transmitted securely between your device and Apple HealthKit

Data Security

Security Measures

• Encryption: All data transmission is encrypted using industry-standard protocols
• Secure Authentication: User authentication is handled securely through Supabase
• Local Processing: Health data is processed locally to minimize exposure
• Regular Updates: We regularly update security measures and app security

Data Retention

• Account Data: Retained as long as your account is active
• Protocol Data: Retained until you delete your account or specific protocols
• Health Data: Controlled entirely by you through Apple HealthKit settings
• Usage Data: Retained for app improvement purposes, typically for 12 months

Your Rights and Choices

Access and Control

• View Your Data: Access your account information and protocol data through the App
• Update Information: Modify your profile and protocol information at any time
• Delete Account: Request deletion of your account and associated data
• Export Data: Export your protocol data in a portable format

Health Data Control

• Permission Management: Control which health metrics the App can access through iOS Settings
• Revoke Access: Remove HealthKit permissions at any time
• Data Deletion: Delete health data through Apple HealthKit settings

International Data Transfers

Your data may be processed and stored in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy in the App
• Updating the "Last Updated" date
• Sending you a notification if the changes are significant

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

• Email: hello@studl.io
• Address: [Your Business Address]

Legal Basis for Processing (EU Users)

If you are located in the European Union, our legal basis for processing your personal data includes:

• Consent: For health data access and optional features
• Contract Performance: To provide the App's core functionality
• Legitimate Interest: For app improvement and security purposes