Privacy Policy

We collect the following categories of information:

• –Account Information: Your phone number (used for OTP authentication), name, date of birth, and profile details you provide.
• –Health Data: Medications, symptoms, medical records, appointments, emergency contacts, and other health information you choose to enter. This constitutes special category data under Article 9 UK GDPR.
• –HealthKit Data: With your permission, we read steps, heart rate, sleep, and other health metrics from Apple HealthKit. We do not write data back to HealthKit without your explicit action.
• –Usage Data: App interactions and feature usage to improve our service. We do not use third-party analytics SDKs that track you across other apps.
• –Device Information: Device type, iOS version, and crash logs to maintain app stability.

Your privacy and security are our highest priorities:

• –Encryption: All health data is encrypted on your device using AES-256 before being stored or transmitted. Encryption keys are derived from your device and never leave it in plain form.
• –Cloud Sync: Encrypted data is securely synced to Firebase (Google Cloud, EU region – europe-west2) for backup and cross-device access. Firebase stores only encrypted ciphertext; we cannot read your health records.
• –Local-First: Sensitive data is always accessible locally. Cloud sync is a backup layer, not the primary storage.
• –Authentication: We use Firebase Authentication with OTP (one-time passwords) and optional Google Sign-In. We do not store passwords.
• –Biometric Lock: Optional Face ID / Touch ID lock prevents unauthorised access to the app on your device.
• –Data Controller: Arctic Flow AI Limited acts as the data controller for personal data processed under this policy. Contact: privacy@arcticflow.ai
• –Data Protection Officer: We have assessed our processing activities and determined that, at our current scale, a mandatory DPO appointment is not required under Article 37 UK GDPR. We review this as the service grows. All privacy queries are handled at privacy@arcticflow.ai.

ArcticFlow's AI assistant ("Arctic") is powered by Claude, an AI model developed by Anthropic, PBC. We take exceptional care to protect your privacy when using AI features.

• –Anonymised Data Only: Before any content is sent to Anthropic's API, all personally identifiable information — including your name, date of birth, contact details, and identifiers — is stripped out. Only anonymised, non-identifiable health context is ever transmitted.
• –No Model Training — Ever: We have a data processing agreement with Anthropic that contractually prohibits them from using your data to train, fine-tune, or improve their AI models. Your health information will never be used to train any AI model.
• –No Automatic Sharing: Your health data is only sent to the AI when you actively use the chat feature or explicitly attach records. Background data is never forwarded automatically.
• –You Stay in Control: Only data you choose to share in a conversation is ever analysed. You can review what you have shared with the AI at any time in Settings → Privacy Dashboard.
• –No Medical Diagnosis: AI responses are for informational purposes only and must not be treated as medical advice. The AI does not have access to your full medical history unless you choose to share it.
• –No Automated Decisions: ArcticFlow does not make solely automated decisions that produce legal or similarly significant effects about you. AI outputs are informational suggestions requiring your own judgement, not automated determinations. Your right under Article 22 UK GDPR to not be subject to solely automated decision-making is preserved.

We use your data to provide and improve the ArcticFlow service. Specifically:

• –Service Delivery: To display your health records, send medication reminders, power the AI assistant, and sync data across your devices.
• –Product Improvement: We may use anonymised, aggregated, and de-identified insights derived from usage patterns to improve ArcticFlow and to develop future health products and features. Raw identifiable health records are never used for this purpose.
• –Important: We will NEVER sell your identifiable personal or health data to third parties. We will NEVER use your raw health records to train any AI model — and our agreement with Anthropic contractually prohibits them from doing so either.
• –Future Products: If we develop new products, any use of your data for those purposes will be governed by separate, clear opt-in consent flows presented to you at the time.
• –Communications: We may send you push notifications for medication reminders and appointment alerts (which you can disable in Settings), and occasional service announcements.

ArcticFlow integrates the following third-party services, each acting as a data processor under our instruction. Each has its own privacy policy:

• –Firebase (Google): Authentication, encrypted cloud storage, push notifications, and cloud functions. Servers in EU (europe-west2). Data Processing Agreement in place with Google. google.com/firebase/privacy
• –Anthropic (Claude AI): Powers the AI assistant. Data Processing Agreement in place. Contractually prohibited from training on your data. anthropic.com/privacy
• –Stripe: Payment processing for subscriptions. Your card details are handled entirely by Stripe and are never stored by ArcticFlow. stripe.com/privacy
• –Google Sign-In: Optional authentication method. policies.google.com/privacy
• –Apple HealthKit: Read-only health metrics with your permission. apple.com/legal/privacy

We do not share your personal data with any other third parties for marketing or advertising purposes.

ArcticFlow uses services that may transfer data outside the UK. We ensure all such transfers are protected by appropriate safeguards under UK GDPR:

• –Firebase (Google Cloud, EU region europe-west2): Data is stored within the EEA. For any UK–US transfers involving Google LLC, transfers are covered by the UK–US Data Bridge (effective 12 October 2023) and the International Data Transfer Agreement (IDTA) where applicable.
• –Anthropic (Claude AI): Anthropic is based in the United States. Only anonymised data is transmitted. UK–US transfers are governed by Standard Contractual Clauses under the UK International Data Transfer Agreement (IDTA). Anthropic is contractually prohibited from training on your data.
• –Stripe: Payment data is processed in accordance with Stripe's PCI-DSS certified infrastructure. UK transfers are covered by the IDTA and UK adequacy decisions where applicable.

We take all reasonable steps to ensure that international transfers meet the requirements of UK GDPR.

You have full control over your data:

• –Access & Export: Contact us at privacy@arcticflow.ai to request a copy of all your health data at any time.
• –Deletion: You may delete individual records, profiles, or your entire account at any time. Account deletion removes all data from our servers within 30 days.
• –Rectification: You may correct inaccurate personal data at any time within the App or by contacting us.
• –Restriction & Portability: You have the right to restrict processing and to receive your data in a portable format. Contact privacy@arcticflow.ai to exercise these rights.
• –Automated Decisions: We do not make solely automated decisions with significant effects on you. You have the right under Article 22 UK GDPR not to be subject to such decisions.
• –AI Data: Review what you have shared with the AI assistant via Settings → Privacy Dashboard.
• –HealthKit Permissions: Revoke ArcticFlow's HealthKit access at any time via iOS Settings → Privacy & Security → Health.
• –Notifications: Disable push notifications at any time via iOS Settings or within the app.
• –Withdraw Consent: You may withdraw consent for health data processing at any time by deleting your data or account. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
• –ICO / Regulatory: UK residents have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. EU residents may complain to their relevant national supervisory authority. Residents of other jurisdictions with data protection rights may also contact us directly at privacy@arcticflow.ai.

ArcticFlow allows family members, including children, to be added as profiles managed by an adult account holder.

• –ArcticFlow is not directed to children under 13 years of age as independent users.
• –A child's health profile must be created and managed by a parent or legal guardian who is the primary account holder.
• –The account holder is responsible for all data entered for child profiles.
• –Child profiles benefit from the same AES-256 encryption and data protections as adult profiles. Child health data is never used for any purpose other than displaying that child's records to the account holder.
• –We do not knowingly collect personal data directly from children under 13. If you believe a child has provided data independently without parental consent, please contact us at privacy@arcticflow.ai.

• –Active Account: Your data is retained for as long as your account is active.
• –Account Deletion: When you delete your account, we permanently delete your encrypted data from our servers within 30 days.
• –Backups: Encrypted backup copies may persist in disaster-recovery systems for up to 90 days after account deletion, after which they are purged.
• –Legal Obligations: We may retain certain minimal data (e.g., transaction records) for longer periods where required by applicable law.

We may update this Privacy Policy from time to time. When we make material changes — including any change to the purposes for which we process health data — we will notify you via an in-app notification and update the "Last Updated" date at the top of this policy. Where a material change requires fresh consent, we will present a new consent request within the App before the change takes effect.

We aim to respond to all privacy-related requests within 30 days.