Legal

Privacy Policy

Last updated: May 12, 2025 · Your privacy is not negotiable.

1.The short version2.What we collect3.Health data4.Log data5.Analytics6.Service providers7.Security8.Cookies9.External links10.Your rights11.Changes to this policy12.Contact

We don't collect your personal data. Your health data stays on your device and in your iCloud. Full stop.

1. The short version

Beyond Form built Breathe with privacy as a first principle, not a compliance checkbox. We don't run servers that store your data. We don't sell data to advertisers. We don't know who you are unless you contact us directly. By using the App, you agree to the practices described in this policy.

2. What we collect

We collect nothing that identifies you personally. The App does not require an account, does not ask for your name or email, and does not track your location.

Session data (duration, pattern, mood)On-device only
HealthKit data (heart rate, HRV, mindful minutes)Your iCloud only
App preferences & settingsOn-device only
Name, email, location, contacts, identifiersNot collected

3. Health data

Breathe can optionally read and write to Apple HealthKit (mindful minutes, heart rate during sessions). This data is governed entirely by Apple's HealthKit privacy framework and stored in your personal iCloud. We never upload it to any server. We never share it with third parties. You can revoke HealthKit access at any time in iOS Settings → Privacy & Security → Health.

4. Log data

In the event of an error or crash, the App may generate diagnostic log data through Apple's native crash reporting system. This may include information such as your device model, operating system version, App version, and the time and date of the crash. This data is collected anonymously and in aggregate by Apple. We receive no personally identifiable information from it. You can opt out of sharing diagnostics with developers in iOS Settings → Privacy & Security → Analytics & Improvements.

5. Analytics

In the app. We use Apple's App Store Connect for aggregate, anonymised download statistics and crash reports. The Breathe app contains no third-party analytics SDK: no Firebase, no Mixpanel, no Amplitude, no Sentry. What you do inside the App stays inside the App.

On this website. beyondform.co uses Vercel Analytics, a privacy-first web analytics service. It collects anonymised page-view data: which pages were visited, how long the session lasted, the referring URL, your country (derived from IP; the IP itself is never stored), browser, OS, and device type. No cookies are used. No personally identifiable information is collected. No cross-site tracking occurs. You can review Vercel's data practices at vercel.com/legal/privacy-policy.

6. Service providers

The App uses the following service providers. Where a provider receives any data, it is limited to what is strictly necessary to perform that function, and they are contractually obligated not to use it for any other purpose.

ProviderPurposeData received
Apple HealthKit
Health data storage & syncNone (on-device)
RevenueCat
PrivacyTerms
Subscription & purchase managementAnonymous user ID, purchase history
Apple StoreKit
Payment processing via App StoreNone (Apple only)
Apple CloudKit
iCloud sync (optional)None (your iCloud)
Apple App Store Connect
Anonymised crash reports & download statsAnonymised only
Vercel Analytics
Privacy
Website analytics (beyondform.co)Page views, country, browser, OS, device type, referrer (anonymised; no cookies, no PII)

About RevenueCat: RevenueCat receives an anonymous app user ID (not linked to your name, email, or Apple ID) and your in-app purchase history to manage subscription state. They do not receive any health data, session data, or personally identifying information. RevenueCat acts as a data processor under our instruction. You can review their privacy practices at revenuecat.com/privacy and their terms at revenuecat.com/terms.

There are no advertising networks, social SDKs, or data brokers integrated into the App.

7. Security

Because your data never leaves your device or your personal iCloud account, it is protected by Apple's device encryption (including Secure Enclave for biometric data) and iCloud's end-to-end encryption. We do not operate any servers that could be breached. That said, no method of digital storage is 100% secure. We encourage you to keep your device and iCloud account protected with a strong passcode and two-factor authentication.

8. Cookies

The App is a native iOS application and does not use cookies. This website (beyondform.co) does not use tracking cookies or advertising cookies. The website analytics we use (Vercel Analytics) is cookieless by design: it does not set or read any cookies, and it does not use fingerprinting or cross-site tracking.

The App and this website may contain links to external sites such as the Apple App Store or support resources. These sites are not operated by us and have their own privacy policies. We have no control over and assume no responsibility for the content or privacy practices of any third-party sites. We recommend reviewing their policies before interacting with them.

10. Your rights

Because we don't collect personal data, there is nothing held by us to delete, export, or correct. All app data (session history, preferences) can be erased by deleting the App from your device. HealthKit data can be managed or deleted directly in the iOS Health app. If you are in the EU or California and have additional rights questions, please contact us and we will respond promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the effective date at the top of this page. We encourage you to review this page periodically. Your continued use of the App after any changes constitutes your acceptance of the updated policy.

12. Contact

Got a question or just something on your mind? We'd love to hear from you.

hi@beyondform.co