Privacy Policy

1. No Cloud, No Accounts, No Tracking

Flair is fully offline-first.

• We never require an account, email, or phone number.
• Your journal entries, habits, scores, and AI insights live only on your device.
• We do not have a backend database for your personal data.
• We do not sell, share, or monetize your information.
• The only exception is when you explicitly invoke an AI feature (Level Up, Magic Lens, Eat Now, Document Scanner, Body Age, Daily Quests, Inspire Me, or Weekly Report). Each feature requires your explicit approval via an in-app consent prompt before any data is transmitted. See Section 5. Flair makes no network request on app launch — the first server contact only occurs when you actively use an AI feature and have provided explicit consent.
• A randomly-generated, non-identifiable token is included with AI requests solely for rate-limiting. It is not linked to you, your device, or your health data.

Smart Habits: Flair learns your recurring wellness patterns (such as meals, supplements, or workouts) by analysing the timing and content of your journal entries. This analysis is performed entirely on your device. No habit data, patterns, or predictions are transmitted to any server. You can confirm or dismiss any predicted entry, and patterns that are consistently dismissed are automatically deactivated.

Voice Input: Flair offers optional speech-to-text input for journal entries. Speech recognition is performed by your device's operating system (Apple Speech Recognition). Flair does not record, store, or transmit audio. On newer devices, speech recognition is processed entirely on-device. On older devices, your operating system may send audio to Apple for processing under Apple's own privacy policy.

Phone Sleep Tracking: During Focus Mode sleep sessions, Flair uses your device's accelerometer to measure restlessness while your phone is on your mattress. Optionally, Flair analyses ambient sound through your device's microphone to detect snoring patterns. All accelerometer and audio processing is performed entirely on-device — no motion data or audio recordings are stored by Flair or transmitted to any server. Sleep quality metrics derived from these sensors (duration, restlessness score, wake events, and snoring indicators) are stored locally in your journal and may be included in AI feature payloads (such as Level Up and Weekly Report) with your explicit consent.

Siri Shortcuts: Flair supports Siri Shortcuts for hands-free journal entry logging. Siri interactions are processed by your device's operating system (Apple Siri). Flair does not access Siri audio or transcripts beyond the text content you choose to log as a journal entry.

2. Your Control Over Your Data

No data leaves your device without your explicit, per-feature consent.

• Each AI feature requires individual consent before activation. You decide which features may transmit data — and which may not.
• Before any data is sent, Flair displays a consent form showing every specific data field that will be shared. This field-level transparency lets you see exactly what is being transmitted and why.
• If data requirements for a feature change in a future update, Flair shows you exactly what changed (a diff of the previous and updated data fields) and requires you to re-approve before any data is sent under the new terms.
• You can revoke consent for any feature at any time in Settings → Privacy & Security → Data Sharing Agreements. Revoking consent immediately stops that feature from transmitting data.
• An "Always show this prompt" option is available if you prefer to review and approve data sharing every time you use a feature, rather than granting standing consent.

3. Local Encryption & Ownership ("The Sovereign")

If you enable "The Sovereign" in Settings → Data Ownership:

• We generate a 12-word backup phrase that only you control.
• This phrase derives the encryption key that protects your entire journal on disk.
• Your data is stored within the Health Passport — an encrypted container on your device (previously referred to as "The Vault" in earlier versions of Flair).
• We never see, store, or back up your phrase or key.
• If you lose your phrase or device, your encrypted data cannot be recovered — even by us.

4. Biometric Lock

If you enable biometric locking (Face ID / Touch ID / device passcode) in Settings → Privacy & Security:

• Authentication is handled entirely by your device's operating system.
• Flair never accesses or stores your biometric data.

5. Artificial Intelligence & Third-Party API Processing

Flair includes several AI-powered features. Each feature requires your explicit in-app consent before any data leaves your device.

• Level Up sends a structured summary of your day's journal entries, anonymous health profile buckets (age range, sex, BMI category), your stated health objective, active wellness protocol targets, medical conditions (such as diabetes, hypertension, thyroid, kidney, or liver conditions), Fitzpatrick skin type, behavioural patterns (7-day activity breakdown), and — if available from scanned documents — lab biomarker values to our serverless routing layer over HTTPS. No names, exact biometrics, or account identifiers are transmitted.
• Magic Lens sends a compressed copy of your meal photo for nutritional analysis. No metadata, location, or identifying information from the photo is transmitted.
• Eat Now sends your restaurant name, approximate location (street or mall), country, and meal intention alongside your anonymous health profile, dietary preferences, food allergies, fasting mode, medical conditions, today's food log entries, and 7-day rolling nutrient averages to generate personalised meal recommendations. This feature uses Google Gemini, which searches for nearby restaurants in real time to generate location-aware suggestions. No names, exact biometrics, or account identifiers are transmitted.
• Document Scanner processes your health report photo entirely on-device using optical character recognition (OCR). Personal identifiers (names, dates of birth, ID numbers, phone numbers, email addresses, and national IDs) are detected and stripped locally using on-device pattern matching. Before sending, Flair displays the specific items that were detected and removed, and requires your explicit approval to proceed. Only the anonymised, redacted clinical text is sent to our routing layer for biomarker extraction. The original photo is never stored by Flair and never transmitted to any server.
• Daily Quests sends your anonymous health profile and stated health objective to generate a personalised wellness protocol. No names, exact biometrics, or account identifiers are transmitted.
• Body Age sends your anonymous health profile — age, sex, height, weight, BMI, ethnicity (a sensitive data category under PDPA, transmitted only with your explicit per-session consent) — vital signs (resting heart rate, HRV, blood oxygen, respiratory rate, VO₂ max), blood pressure, body composition (body fat percentage, visceral fat, BMI), available lab biomarkers from scanned documents (such as HbA1c, total cholesterol, triglycerides, eGFR, creatinine, haemoglobin, TSH, liver enzymes, uric acid, ferritin, and vitamin D levels), Fitzpatrick skin type, bone and joint conditions, smoking status, sleep quality summary, medical conditions, lifestyle factors, and a 30-day journal activity summary to estimate your biological age. All data is pseudonymised using a weekly-rotating identifier — no names, exact birth dates, or account identifiers are transmitted.
• Inspire Me sends your active quest (title, category, and rationale), today's journal entries (up to 10), your stated health objective, medical conditions, and — depending on the task category — dietary preferences, food allergies, fasting mode, preferred exercises, or injuries to generate personalised activity suggestions. Your country is included for location-aware recommendations. No names, exact biometrics, or account identifiers are transmitted.
• Weekly Report sends a structured 7-day summary to our routing layer, including: daily journal entries, workout summaries, sleep summaries (including phone-based sleep quality metrics such as restlessness, wake events, and snoring indicators, if available), meal times, mood entries, daily biometric readings (HRV, resting heart rate, blood oxygen, steps), nutrition summaries, hydration intake, environmental conditions (temperature, humidity, UV index, air quality), habit names and frequencies, Health Wallet net delta for the week, and — if available — your previous report's advice for continuity. Your age and sex are included for age-appropriate context. All data is pseudonymised using a weekly-rotating identifier — no names, exact birth dates, or account identifiers are transmitted. Weekly Report requires your explicit consent before activation.
• AI Providers: AI inference is performed via Google's Gemini API, xAI's Grok API, or OpenAI's GPT-4o-mini API, selected automatically by our routing layer based on availability. Certain features, such as Eat Now, exclusively use Google Gemini because they require real-time search capabilities only available through this provider. All providers process data for inference only, under their respective API terms of service. We do not share personally identifiable information with any provider.
• No Persistence: Our routing layer processes data in memory and does not log, store, or retain your data after the request is complete. AI providers process your data under their own API terms. For reference: Google Gemini, xAI Grok, OpenAI GPT-4o-mini.
• No Training: Your data is not used by our routing layer or by any AI provider to train models.
• Anonymous Telemetry: AI requests include a pseudo-anonymous identifier used for three purposes only: (1) per-provider cost tracking, (2) API latency monitoring, and (3) error rate analysis. Most features use a weekly-rotating hash that cannot be correlated across weeks. Level Up telemetry uses a persistent per-install token for longitudinal cost tracking; this token is a random UUID not linked to your name, device, or Apple ID. No health data, journal content, or personally identifiable information is included in telemetry. Body Age assessments additionally contribute a pseudonymised age delta (estimated biological age minus chronological age) and confidence score to aggregate model performance monitoring. No raw age values or personal identifiers are included. When you run Level Up, Flair additionally includes the brand categories of connected health apps detected in Apple Health (e.g. "Garmin", "Oura", "Apple Watch") in aggregate to inform product development. No device model, firmware version, or personally identifiable information is included. This field is subject to the same 90-day retention limit as all other telemetry.
• Sensitive Medical Context: If you optionally provide medical conditions (such as diabetes, hypertension, kidney or liver conditions, or injuries) or fasting states, this information is transmitted to the AI provider for inference and is not stored by Flair. It is used solely to ensure that generated recommendations do not suggest activities that could be harmful to you. This data is never stored on our servers, never retained after your request is processed, and is treated as sensitive health data under applicable law.
• In-App Consent: Before any AI feature transmits data for the first time, Flair displays a consent prompt disclosing the service, purpose, active AI provider, and every specific data field involved (field-level transparency). If the data fields required by a feature change in a future update, Flair displays a diff showing exactly what changed and requires you to re-approve before proceeding. You may approve or reject each feature independently. Your preference is stored locally and can be revoked at any time in Settings → Privacy & Security → Data Sharing Agreements.

6. Apple Health & Google Health Connect

To power automated tracking, Flair requests read-only access to the following data categories:

Vitals:

• Heart Rate
• Resting Heart Rate
• Heart Rate Variability (HRV / SDNN)
• Blood Oxygen Saturation (SpO₂)
• Respiratory Rate
• VO₂ Max

Activity:

• Daily Step Count
• Workouts
• Workout GPS Routes

Sleep:

• Sleep Sessions (including sleep stage breakdowns)

Environment:

• Time in Daylight (iOS 17+)
• Environmental Audio Exposure

Wellness:

• Mindful Minutes

This data is pulled directly into your local journal and never leaves your device. We do not transmit raw health data to any server. We do not write to Apple Health or Google Health Connect. Workout route data (GPS), if synced, is stored only on your device and is never transmitted to our servers.

With your permission, Flair imports the data categories listed above from Apple Health. This data is stored locally on your device and is never transmitted to any server unless you explicitly invoke an AI feature that includes it (such as Body Age). Flair also reads which apps or wearable devices have written data to Apple Health (for example, Garmin Connect or Oura) to detect your connected devices. This information is stored locally and only the brand category (e.g. "Garmin", "Oura") — not the device model or firmware version — is included in Level Up requests with your explicit consent.

7. Health Wallet

Health Wallet estimates the long-term economic implications of daily health behaviours using population-level epidemiological data.

• Values are expressed in a fictional dollar currency. Health Wallet is not real money, not financial advice, and not a financial product.
• All computation occurs exclusively on your device. Health Wallet makes zero network calls — no data is sent to any server for processing.
• Cost tables, regional scalars, and epidemiological constants are embedded in the app binary and do not require a network connection.
• Health Wallet transaction history is stored on-device within the encrypted Health Passport.
• Health Wallet data is included in encrypted .flair backup snapshots.

8. Flair Services

The app connects to api.flairhealth.app for certain non-AI functions:

• Latency Estimates: The endpoint api.flairhealth.app/api/stats provides latency estimates used for progress bars during AI requests. This endpoint receives only a feature identifier. It is stateless — no user data is sent, retained, or logged.
• Weekly Report: The endpoint api.flairhealth.app/api/weekly-report generates an AI-powered 7-day lifestyle summary. See Section 5 for the data fields transmitted.

Health Wallet makes zero network calls. All wallet computation is performed entirely on-device.

9. Location & Environment Data

With your permission, Flair uses your approximate location to request local weather, air quality (AQI), and UV index data from third-party environment services. The providers currently in use are:

• OpenWeatherMap — weather conditions and air quality data (Privacy Policy)
• Singapore National Environment Agency (NEA) via data.gov.sg — UV index and Pollutant Standards Index for Singapore users (Privacy Policy)

Your coordinates are sent directly from your device to these providers to resolve the environmental reading. No health data is included in these requests. Your coordinates are not stored by Flair or linked to any identity. You can disable environment data in Settings.

Flair may request "Always" location access to import workout GPS routes from Apple Health. Route data is stored locally on your device and is never transmitted to any server. You can choose "While Using the App" location access if you prefer not to import route data.

10. Crash Reports & Anonymous Analytics

To maintain stability, Flair may collect anonymized crash logs (stack traces only). These contain no health data, no journal content, and no personally identifiable information. If specific crash reporting tools are integrated, they will be named here.

11. Your Rights & Data Deletion

You have full control:

• Delete everything at any time via Settings → Reset App.
• Or simply uninstall Flair — your local data disappears with the app.
• Note: Data that originates from Apple Health or Google Health Connect is managed through those platforms and is not deleted by uninstalling Flair.

12. Data Ownership & Portability

• You own all of your health data. Flair makes no claim to any data stored on your device.
• You can export your data as an encrypted .flair file at any time.
• .flair files are encrypted using AES-256-GCM.
• Flair cannot recover your data if your seed phrase is lost — no server-side backup exists. There is no password reset mechanism.

13. PDPA Compliance

Flair Health is operated by Regal Pines Pte. Ltd., a company registered in Singapore. We comply with the Personal Data Protection Act 2012 (PDPA).

• For data protection enquiries, contact: support@flairhealth.app
• Data Protection Officer: Regal Pines Pte. Ltd.

14. Contact Us

Questions? Reach out at support@flairhealth.app.