Last updated: 2025/08/25
This Privacy Policy explains how TraumaHeal (“we”, “us”, “our”) collects, uses, and protects your information when you use the TraumaHeal mobile app and related services.
This policy is designed to meet Apple’s App Store requirements, including clear disclosure of data practices and account deletion/export options. See Apple’s App Review Guidelines: https://developer.apple.com/app-store/review/guidelines/#introduction
- We collect the minimum data needed to create an account and store your entries.
- We do not sell your data or use third‑party advertising SDKs.
- You can export your data and delete your account in‑app at any time.
- Data is encrypted in transit; tokens are stored in the device Keychain.
- Hosting providers act as data processors to run our service.
- Account information: email address, password hash (never the plaintext password).
- App content you enter: journal entries, EMDR/IFS sessions, EMDR memories, IFS parts, moods, energy levels, polyvagal states, yoga/meditation/misc activities, dates, optional titles/lengths/notes.
- Device and usage information: standard server logs (e.g., IP address, user agent, timestamps) for security and reliability.
Note: App content may include sensitive mental health information if you choose to enter it.
- Provide and maintain the app, including syncing your entries with our backend.
- Secure your account and authenticate requests.
- Respond to support inquiries and improve reliability and safety of the service.
- Comply with legal obligations.
We do not use third‑party analytics SDKs or serve third‑party ads in the app.
- Contract: to provide the app and features you request.
- Legitimate interests: app security, anti‑abuse, reliability.
- Consent: where required (e.g., if we ever request optional notifications or similar features).
- No selling or renting of personal data.
- Service providers (processors): cloud hosting and infrastructure providers (e.g., managed hosting, storage, logging necessary to run the service). They are bound by contractual obligations to process data only on our instructions.
- Legal: we may disclose if required by law or to protect rights, safety, or the integrity of our services.
- Account and content data: retained while your account is active. Deleted upon account deletion.
- Server logs: retained for a limited period for security and diagnostics, then deleted or anonymized.
- Backups: deleted on a rolling schedule.
- Export your data: Home → Settings → Export Data. A JSON export is generated for you to save/share.
- Delete your account: Home → Settings → Delete Account (with confirmation). This permanently removes your account and associated content from our servers.
- Update/correct data: edit entries directly in the app.
- Access: contact us to request a copy of your data if you cannot use the in‑app export.
California (CPRA) and other regional rights: access, deletion, correction, and portability. We do not “sell” or “share” personal information as defined by CPRA, and we do not use data for cross‑context behavioral advertising.
- Encryption in transit (HTTPS/TLS).
- Token-based authentication; tokens are stored in the iOS Keychain.
- Principle of least privilege for service components and providers.
No security can be guaranteed 100%, but we take reasonable measures to protect your data.
We may process and store data in countries other than where you reside (e.g., the United States). Where applicable, we rely on appropriate safeguards (such as standard contractual clauses) via our service providers.
The app is not directed to children under 13 (or under 16 where applicable). If you believe a child provided us personal information, contact us and we will delete it.
We may update this policy to reflect operational, legal, or regulatory changes. We will post the new effective date. Material changes will be communicated in‑app or via our site.
If you need help with the app, contact us:
- Email: zachariec1@gmail.com
- Issue tracker: https://github.com/zachchentouf/TraumaHealPrivacy/issues
Typical response time: 2–3 business days.
- Data Controller: Zacharie Chentouf (TraumaHeal)
- Email: zachariec1@gmail.com
EU/UK users may also contact their local supervisory authority regarding complaints.
Copyright © 2025 Zacharie Chentouf. All rights reserved.
“TraumaHeal” and related marks are trademarks or service marks of Zacharie Chentouf. All other product names, logos, and brands are property of their respective owners.
This Privacy Policy is provided for informational purposes and may be updated from time to time. Material changes will be noted above in “Changes to This Policy.”
Policy version: 1.0 • Last updated: 2025-08-25
- Email: zachariec1@gmail.com
- Company/App Owner: Zacharie Chentouf