Privacy Policy

1. Information We Collect

A. Health & Fitness Data (Apple HealthKit)

With your explicit permission, Forge reads your step count from Apple HealthKit. Step data is used to calculate discipline scores, daily activity metrics, and 14-day rolling averages. Background delivery is enabled so the app can respond to new step updates.

Forge does not write any data to HealthKit, and no HealthKit data ever leaves your device. You can revoke this permission at any time via iOS Settings → Health → Data Access & Devices → Forge.

B. User-Created Content (Stored Locally Only)

• Habit data: name, description, icon, category (Body / Mind / Discipline), type (good or bad), tracking style (simple, count, duration, or quality), target values, daily completion logs, and streaks.
• Exercise and workout data: workout type (strength, running, cycling, swimming, yoga, HIIT, walking, custom), planned exercises, sets, reps, weight, distance, duration, notes, strain rating, and weekly plan.
• Mood data: daily mood level (Very Low through Excellent), synonym selection, and weighted numeric score (-2.0 to +2.0).
• Discipline scores: daily composite score (0–100) with exercise, habit, and mood components.

C. Derived Analytics (Computed Locally)

Forge computes analytics on-device from your own data. These include habit consistency metrics, clean and slip rates, exercise completion rates, mood trends (per-weekday and 7/30/90-day averages), behavioural insights ("willpower leak" analysis, "relapse gap" analysis, "movement floor" correlation, "iron days," "laurel days," "apex days"), mood momentum, virtue trajectory, consistency scores, and step-count correlations with mood and discipline.

D. App State and Device Data

• Onboarding completion flag (a single boolean).
• Subscription status (active or inactive), stored locally.
• Promotional code validation: codes are stored only as a SHA-256 hash, never in plaintext.
• A random device UUID, generated once on install. This identifier is not linked to your Apple ID or any personal identity and is reserved for potential future aggregate analytics.
• App version and install date.

E. Information We Do Not Collect

• No name, email address, phone number, age, birthday, or gender.
• No location or GPS data.
• No Apple ID or advertising identifier (IDFA).
• No social media profiles, photos, contacts, microphone, or camera data.
• No tracking for advertising purposes. The app's privacy manifest declares NSPrivacyTracking = false.

2. How We Store Your Data

A. Storage Mechanisms

• Core Data (SQLite): the primary local database, held inside the app's sandboxed Application Support directory.
• JSON mirror files: human-readable copies organised by category (habits, exercises, moods, discipline, analytics).
• UserDefaults: used only for subscription status, the onboarding flag, and the random device UUID.

All data is sandboxed within the iOS app container and protected by iOS filesystem encryption.

B. Data Retention

Your data remains on your device indefinitely until you delete it. There is no automatic purging or expiration, and because there is no server-side storage, there is no server-side retention policy. Deleted habits are archived on-device with their deletion reason, deactivation date, and reactivation count so that long-term analytics remain continuous.

C. Data Security

Forge relies on iOS filesystem encryption (applied automatically to sandboxed apps), SHA-256 hashing for sensitive values such as promotional codes, and in-memory caching protected by locks. No plaintext passwords, API keys, or tokens are stored, because the app does not use any.

3. Third-Party Services

A. Apple HealthKit

Used to read step count data (read-only) for discipline scoring and activity analytics. Managed via iOS Settings → Health → Forge. In line with Apple's HealthKit policy, HealthKit data is never shared with third parties, never used for advertising, and never transmitted off your device.

B. Apple StoreKit 2 (In-App Purchases)

Used to manage premium subscriptions. Transaction verification happens through Apple's infrastructure only. Subscriptions are managed via iOS Settings → Apple ID → Subscriptions.

C. Apple UserNotifications (Local Only)

Used to schedule local notifications for reminders and insights. There is no remote notification server — all notifications are generated and scheduled on-device from your own data. Managed via iOS Settings → Notifications → Forge.

D. No Other Third-Party Services

Forge does not integrate Firebase, Google Analytics, Mixpanel, Amplitude, Segment, AppsFlyer, the Facebook SDK, or any other external analytics provider. There is no iCloud, CloudKit, or third-party backend integration, and no tracking domains are declared in the app's privacy manifest.

4. Data Sharing and Transmission

No behavioural, health, or analytics data is transmitted to external servers at any time. The only network communication the app performs is with Apple's servers for subscription verification via StoreKit 2, which is encrypted and managed entirely by Apple. All analytics are computed locally on your device, and there is no cloud backup or sync functionality. We do not share your data with any third parties.

5. Data Export and Your Rights

A. Data Export

Settings → Export Data generates a human-readable JSON file containing your active and archived habit definitions and logs, exercise logs, mood logs (with synonyms and weighted scores), discipline score history, and an analytics summary (streaks, completion rates), along with schema version, export timestamp, and app version. The file is shared via the iOS share sheet, so you choose the destination. Export only happens when you request it.

B. Data Deletion

You can delete individual habits, logs, and workouts at any time from within the app. Uninstalling Forge removes all locally stored data. Because no data is held on our servers, there is no server-side data to request deletion of.

C. Data Access

All data collected by the app is directly viewable within the app's dashboard, analytics, and history screens, and a full export is available as described above.

6. Children's Privacy

Forge is not intended for children under the age of 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect data from children. The app collects no age information, so parental guidance is recommended. If you believe a child has used the app, please contact us and we will assist as appropriate.

7. Apple Privacy Manifest Disclosures

• Collected data type: Health & Fitness (step count only).
• Purpose: app functionality only.
• Not linked to your identity.
• Not used for tracking.
• Accessed API: UserDefaults, declared under reason code CA92.1.

8. Your Rights

You have the right to:

• Access all of your data directly within the app.
• Export your data as a JSON file at any time.
• Delete your data by removing individual entries or uninstalling the app.
• Revoke HealthKit permissions at any time via iOS Settings.
• Manage or cancel subscriptions via iOS Settings → Apple ID → Subscriptions.

Because Forge is local-first and collects no personal identifiers, rights under GDPR (such as data portability) and CCPA (such as the right not to have personal information sold) are structurally satisfied: we hold no personal data on our servers, and we never sell data.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through an app update or an in-app notice. The effective date at the top of this page will always reflect the most recent version. Continued use of the Service after an update constitutes acceptance of the revised policy.

10. Contact

For privacy-related enquiries, please contact us at 4beeshealth@gmail.com.