Flarity logo Flarity
← Back to Home

Flarity – Privacy Policy

Last Updated: November 4, 2025

πŸ“‹ What's New: Added detailed information about doctor portal data sharing, Supabase infrastructure provider disclosure, and explicit user controls for managing shared health data.

TL;DR (Quick Summary)

  • Your health data stays on your device. We process everything locally whenever possible.
  • We don't sell your data. Ever. Your health information is yours.
  • HealthKit data is private. Only used to provide app features, never shared with third parties.
  • Doctor portal is optional. You must enter a referral code from your doctor to enable sharing. You can unlink anytime.
  • Doctors see trends, not details. Aggregated risk scores and HBI patterns, not raw heart rate data or personal notes.
  • Supabase stores doctor portal data. HIPAA-compliant cloud infrastructure, encrypted in transit and at rest.
  • Minimal data collection. We only collect what's necessary to run the app.
  • You control sharing. Decide exactly what your doctor sees and revoke access anytime.
  • Delete anytime. You can delete your account and all associated data.

Full Privacy Policy

This Privacy Policy describes how Flarity ("we", "us", or "our") collects, uses, and protects your information when you use our mobile application (the "App"). By using Flarity, you agree to the practices described in this policy.

1. Information We Collect

1.1 Health Data

When you grant permission, we access health information from Apple HealthKit, including:

  • Biometric data: Heart rate, heart rate variability (HRV), resting heart rate, wrist temperature, sleep analysis, respiratory rate
  • Activity data: Steps, active energy, exercise minutes, stand hours, walking speed
  • Symptom tracking: Harvey-Bradshaw Index (HBI) scores, bowel movement frequency, abdominal pain levels, general well-being ratings
  • Medication logs: Medication names, dosages, schedules, and adherence patterns you manually enter

Important: HealthKit data is processed locally on your device whenever possible. We do not upload raw HealthKit data to our servers. Only aggregated, anonymized patterns may be shared if you explicitly enable doctor portal integration.

1.2 Account Information

  • Email address: Optional, used only for doctor portal linking and support communication
  • Anonymous user ID: Generated automatically for app functionality and doctor portal linking
  • Referral code: If provided by your doctor, used to link your account to their clinic (one-time use, not stored after verification)
  • Device information: iOS version, device model (for compatibility and crash reporting)

1.3 Usage Data

  • Analytics: App feature usage, performance metrics, crash reports (all anonymized)
  • Notifications: Delivery status, interaction rates (aggregated, not individual messages)

1.4 Data We Do NOT Collect

  • ❌ Location data
  • ❌ Contacts or photos
  • ❌ Third-party tracking pixels or ad networks
  • ❌ Browsing history or keyboard input outside the app

2. How We Use Your Information

2.1 Core App Features

  • Flare prediction: Analyzing health patterns to calculate risk scores and detect early warning signs
  • Personalized insights: Generating AI-powered coaching and recommendations based on your data
  • PDF reports: Creating clinical summaries for your healthcare providers
  • Medication tracking: Logging doses and analyzing adherence patterns

2.2 Doctor Portal Integration (Optional)

Flarity offers a physician portal that allows you to share health insights with your gastroenterologist. This feature is entirely optional and requires explicit consent through a referral code provided by your doctor.

How Doctor Portal Linking Works:

  • Referral code entry: Your doctor provides a unique referral code that you enter in the app
  • Anonymous linking: Your account is linked to your doctor's clinic using an anonymous patient ID (not your name or email)
  • Secure transmission: Data is encrypted in transit (TLS 1.3) and stored on HIPAA-compliant infrastructure (Supabase)

What Data Your Doctor CAN See:

  • βœ… Aggregated risk score trends (e.g., "Risk has been 2-3 for the past week")
  • βœ… Harvey-Bradshaw Index (HBI) scores and symptom patterns
  • βœ… Medication adherence rates (e.g., "85% adherence to prescribed schedule")
  • βœ… Flare event timeline (dates and severity, not detailed symptoms)
  • βœ… Summary statistics (average sleep hours, activity levels)

What Data Your Doctor CANNOT See:

  • ❌ Raw HealthKit data (individual heart rate readings, step counts, etc.)
  • ❌ Personal notes or journal entries
  • ❌ Specific meal logs or trigger details (unless you explicitly share via PDF)
  • ❌ Your exact location or device information
  • ❌ Any data from before you linked your account

Doctor Portal Features:

  • Trial extensions: Your doctor can extend your free trial period as part of their care program
  • Risk alerts: Your doctor may receive notifications if your risk score reaches critical levels (only if you enable this feature)
  • Pre-visit summaries: Automatically generated reports are available to your doctor before appointments

Your Controls:

  • βœ… Unlink from your doctor's portal at any time in Settings β†’ Doctor Portal β†’ Disconnect
  • βœ… Revoke specific data access permissions (e.g., disable medication sharing while keeping HBI visible)
  • βœ… View a log of what data has been shared and when
  • βœ… Download a copy of all data shared with your doctor

Third-Party Service Provider:

Doctor portal data is stored and processed by Supabase, a HIPAA-compliant PostgreSQL database service. Supabase acts as a data processor on our behalf and does not use your health data for any purpose other than providing the doctor portal service. For more information, see Supabase's Privacy Policy.

2.3 App Improvement

  • Performance optimization: Analyzing crash reports and memory usage patterns (anonymized)
  • Feature development: Understanding which features are most valuable to users
  • Research: Aggregated, de-identified data may be used to improve flare prediction algorithms (requires explicit consent)

3. Data Storage and Security

3.1 Local Storage

  • All health data is stored locally on your device using iOS's secure storage (Keychain, Core Data)
  • Files are encrypted with NSFileProtectionComplete (inaccessible when device is locked)
  • Data is backed up to iCloud if you enable iCloud Backup (encrypted end-to-end by Apple)

3.2 Cloud Storage (When Applicable)

  • Doctor portal data is stored on HIPAA-compliant infrastructure (Supabase with PostgreSQL)
  • Data in transit is encrypted using TLS 1.3
  • Data at rest is encrypted using AES-256
  • Access is logged and monitored for security

3.3 Third-Party Service Providers

We do NOT share your personal health information with:

  • ❌ Advertisers or data brokers
  • ❌ Insurance companies
  • ❌ Pharmaceutical companies
  • ❌ Social media platforms

Limited Service Provider Exception:

When you use the doctor portal feature, we use Supabase as our database infrastructure provider. Supabase acts solely as a data processor on our behalf and is contractually prohibited from using your data for any other purpose. Supabase complies with HIPAA security standards.

Other Exception: We may share anonymized, aggregated data with research institutions (with your explicit consent) or as required by law.

4. Your Rights and Controls

4.1 Access and Portability

  • View your data: All logged symptoms, medications, and reports are accessible in the app
  • Export your data: Generate PDF reports or export raw data to CSV (future feature)

4.2 Correction and Deletion

  • Edit entries: Modify or delete any manually logged data
  • Revoke HealthKit access: Go to iPhone Settings β†’ Health β†’ Data Access & Devices β†’ Flarity β†’ Turn Off All
  • Delete account: Contact support@getflarity.ai to permanently delete your account and all associated cloud data

4.3 Communication Preferences

  • Control notification types in app Settings (morning check-ins, risk alerts, medication reminders)
  • Opt out of promotional emails (if we ever send anyβ€”we won't unless you ask)

5. Data Retention

  • Local data: Stored indefinitely on your device until you delete the app or manually clear it
  • Cloud data (doctor portal): Retained for 2 years after last login, or until you request deletion
  • Crash reports: Retained for 90 days
  • Account data: Deleted within 30 days of account deletion request

6. Children's Privacy

Flarity is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact support@getflarity.ai immediately.

7. International Users

If you are outside Canada, your data may be transferred to and processed in Canada. By using Flarity, you consent to this transfer. We comply with applicable data protection laws, including GDPR where required.

8. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the app after changes constitutes acceptance of the revised policy.

9. Compliance

  • HIPAA: Our infrastructure follows HIPAA best practices for data handling (note: we are not a Covered Entity, so HIPAA does not directly apply, but we use HIPAA-grade security)
  • PIPEDA: We comply with Canada's Personal Information Protection and Electronic Documents Act
  • GDPR: For European users, we provide data portability, erasure, and access rights

Contact Us

Questions, concerns, or data requests? Reach us at:

See also our Terms of Use.