Privacy Policy

Last updated: April 24, 2026 · Effective: April 24, 2026

1. Introduction

Filiz ("we," "us," "our") is a weight tracking application developed and operated by Wrinkled Brain LLC, a company registered in the State of Wyoming, United States.

Address: 30 N Gould St Ste R, Sheridan, WY 82801, United States
Contact: hi@wrinkledbrain.io

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Filiz iOS application. We are committed to protecting your privacy — especially your health data. Our core principle is simple: your health data stays on your device.

2. Data We Collect

2.1 Health & Body Data (On-Device Only)

The following data is collected and stored locally on your device. It is never transmitted to our servers or any third party:

  • Body weight measurements (manually entered or imported from HealthKit)
  • Body measurements (waist, hip, chest, arm, thigh circumference)
  • Body fat percentage (imported from HealthKit, if available)
  • Lean body mass (imported from HealthKit, if available)
  • Height
  • Menstrual cycle data (imported from HealthKit, if authorized)
  • Context tags associated with weight entries (e.g., sodium, alcohol, sleep, travel, exercise)
  • GLP-1 medication information (drug name, dose, injection dates, injection sites, side effects)
  • Experiment data (N-of-1 experiment type, compliance records, duration)

2.2 Profile Data (On-Device Only)

The following data is stored locally and used for calculations:

  • Date of birth (used for age-based calculations and age gate verification)
  • Biological sex (used for BMR calculations; "prefer not to say" option available)
  • Height (used for BMI and BMR calculations)
  • Activity level (used for TDEE calculations)
  • Weight goals or maintenance center
  • Selected mode (Standard, Maintenance, or GLP-1 Companion)
  • App preferences (theme, language, units, notification settings)

2.3 Subscription Data (RevenueCat)

We use RevenueCat to manage in-app subscriptions. RevenueCat processes:

  • An anonymous user identifier (derived from your Apple ID, not your actual Apple ID)
  • Subscription status (active, expired, trial)
  • Purchase history (plan type, subscription dates)

RevenueCat does not have access to your health data, weight measurements, or any personal health information. For RevenueCat's privacy practices, see RevenueCat Privacy Policy.

2.4 Diagnostic Data (Apple Native Only)

We use Apple's native diagnostic tools exclusively:

  • MetricKit: Anonymous, aggregate performance metrics (launch times, hang rates, crash reports). This data is collected by Apple and does not contain personally identifiable information.
  • OSLog: Local-only logging for debugging purposes. Log entries containing health data use Apple's .private privacy modifier, preventing them from appearing in system logs or diagnostic archives.

2.5 Data We Do NOT Collect

We want to be absolutely clear about what we do not collect:

  • ❌ No email address (unless you contact us voluntarily)
  • ❌ No name or real identity
  • ❌ No location data
  • ❌ No device advertising identifier (IDFA)
  • ❌ No browsing activity
  • ❌ No contacts or photos
  • ❌ No usage analytics beyond Apple's native MetricKit

3. Third-Party SDKs

Filiz contains only two third-party services:

  • RevenueCat — Subscription management only. No analytics, no tracking.
  • Apple CloudKit — Optional iCloud sync with end-to-end encryption.

We explicitly do not include:

  • Firebase (Analytics, Crashlytics, or any Firebase product)
  • Google Analytics
  • Sentry, Bugsnag, or any third-party crash reporting
  • Amplitude, Mixpanel, Segment, or any behavioral analytics
  • AppsFlyer, Adjust, Branch, or any attribution SDKs
  • Facebook SDK or any Meta product
  • Any advertising network or data broker

4. How We Use Your Data

Your data is used solely for the following purposes:

  • Weight trend analysis: Calculating EWMA trend lines, projections, and rate ratios
  • Explanation engine: Generating scenario-based explanation cards for weight fluctuations
  • GLP-1 tracking: Estimating plasma levels, tracking doses, and comparing to clinical benchmarks
  • Notifications: Sending locally-scheduled reminders (if enabled by you)
  • iCloud sync: Syncing your data across your own devices (if enabled by you)
  • Subscription management: Verifying your subscription status via RevenueCat

We do not sell, rent, or share your personal data with any third party for advertising, marketing, or any other purpose.

5. Data Storage & Security

5.1 Local Storage

All health data is stored on your device using Apple's SwiftData framework with NSFileProtectionComplete encryption. This means your data is encrypted whenever your device is locked.

5.2 iCloud Sync (Optional)

If you enable iCloud sync, your data is stored in Apple's CloudKit with end-to-end encryption (allowsCloudEncryption). This means:

  • Apple cannot read your health data
  • We cannot read your health data
  • Only your devices with your Apple ID can decrypt the data

5.3 Keychain

Sensitive identifiers (such as the RevenueCat user ID) are stored in the iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly protection. This data is not included in device backups.

6. Data Retention & Deletion

6.1 Retention

Your data is retained on your device for as long as you use the app. If you enable iCloud sync, a copy is maintained in your personal iCloud storage.

6.2 Deletion

You can delete all your data at any time:

  • In-app: Settings → Data → "Delete My Data" — this performs a complete wipe of all local data, iCloud data (if synced), and Keychain entries
  • By email: Contact hi@wrinkledbrain.io with the subject line "[DATA DELETION]" — we will confirm deletion within 30 days
  • Uninstalling the app: Removes all local data. iCloud data may persist until you manually delete it from iCloud settings

After deletion, no data remains on our systems. Apple's CloudKit servers may retain encrypted fragments for up to 30 days as part of Apple's standard data lifecycle.

7. HealthKit Integration

Filiz integrates with Apple HealthKit to read and write health data. This integration is entirely optional — the app functions fully without it.

We read:

  • Body mass (weight)
  • Body fat percentage
  • Lean body mass
  • Height
  • Waist circumference
  • Menstrual cycle data (for Women's Health features)

We write:

  • Body mass — when you enter a weight in Filiz, it is also written to Apple Health

HealthKit data is governed by Apple's HealthKit terms and is never transmitted outside your device (except via your own iCloud Health Data sync, which is managed by Apple).

8. Children's Privacy

Filiz is rated 17+ on the App Store. During onboarding, we verify the user's age through a date of birth picker:

  • Under 16: Cannot complete onboarding. Redirected to an age-appropriate information screen.
  • 16-17: Can use Standard and Maintenance modes. GLP-1 Companion mode is locked.
  • 18+: Full access to all features.

We do not knowingly collect personal data from children under the age of 16. If you believe a child under 16 has provided us with data, please contact us at hi@wrinkledbrain.io.

9. Your Rights

9.1 Under GDPR (EU/EEA Users)

If you are in the European Economic Area, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Export your data in a machine-readable format (CSV, JSON)
  • Restriction: Limit how we process your data
  • Objection: Object to data processing

Since your data is stored locally on your device, you have direct control over it at all times. For any requests, contact hi@wrinkledbrain.io.

9.2 Under KVKK (Turkish Users)

If you are in Turkey, the Turkish Personal Data Protection Law (KVKK, Law No. 6698) grants you additional rights:

  • Learn whether your personal data is processed
  • Request information about the purposes and results of processing
  • Request rectification of incomplete or inaccurate data
  • Request erasure or anonymization of personal data
  • Object to automated decision-making and profiling
  • Claim compensation for damages arising from unlawful processing

Data Controller: Wrinkled Brain LLC, 30 N Gould St Ste R, Sheridan, WY 82801, US
Contact: hi@wrinkledbrain.io

We will respond to KVKK requests within 30 days. Since Filiz processes health data locally on your device, most rights can be exercised directly through the app (Settings → Data).

9.3 Under CCPA (California Users)

If you are a California resident, you have the right to:

  • Know what personal data we collect and how it's used
  • Request deletion of your personal data
  • Opt out of the sale of personal data — we do not sell personal data
  • Non-discrimination for exercising your privacy rights

10. International Data Transfers

Your health data does not leave your device (unless you enable iCloud sync, which is managed by Apple under Apple's data processing agreements). RevenueCat may process subscription data on servers in the United States, subject to RevenueCat's privacy policy and appropriate safeguards.

11. Tracking & Advertising

Filiz does not track you. We do not use the iOS Advertising Identifier (IDFA). We do not request App Tracking Transparency (ATT) permission because there is nothing to track. Our iOS Privacy Manifest explicitly declares NSPrivacyTracking = false with an empty tracking domains list.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through an in-app notification and an updated "Last Updated" date at the top of this page. Continued use of Filiz after changes constitutes acceptance of the updated policy.

13. Contact

For any privacy-related questions, concerns, or data requests:

Email: hi@wrinkledbrain.io
Subject line: [PRIVACY] Your question
Postal address: Wrinkled Brain LLC, 30 N Gould St Ste R, Sheridan, WY 82801, United States

We will respond to all privacy inquiries within 30 days.