Privacy Policy

Introduction

Deep Core ("the App") is a fitness application that guides users through deep-core breathing exercises. The App is developed and operated by Jonathan Buchan and Michele Marques under Mossy Arch Digital ("we", "us", "our").

This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. We are committed to protecting your privacy and being transparent about our data practices.

Contact: info@mossyarchdigital.com · Website: deepcore.mossyarchdigital.com

What data we collect

1. Exercise and streak data

We collect data about your use of the App's exercise features, including:

• Exercise completion records
• Streak counts and history
• Session timestamps

This data is stored locally on your device and synced via Apple iCloud to your other devices signed into the same Apple ID. We do not have direct access to your iCloud-synced data, it is controlled by Apple and protected by your Apple ID credentials.

2. Analytics data (with your consent)

If you opt in to analytics, we collect usage data through PostHog, a third-party analytics service. This may include app open/close events, screen views, feature usage (e.g. which exercises are started, completed or abandoned, session duration, streak milestones), device type and OS version, app version, and general country-level region, never precise location.

If you are not signed in, this data is collected anonymously against a random device identifier and is not linked to your real identity. If you sign in with Apple, we associate your analytics with your Sign in with Apple identifier (and your name/email if you shared them). Analytics are only collected after you give explicit consent, you're asked once during onboarding, and nothing is sent if you decline. You can change this anytime via the "Share Usage Data" toggle in Settings.

3. Authentication data (Sign in with Apple)

When you sign in with Apple, Apple provides us with a unique user identifier (specific to your Apple ID and our app) and, only if you choose to share them, your name and email address (Apple lets you hide your email behind a private relay). We store this on your device to personalise your experience and associate your progress with your account. We use it only for account creation and authentication, and never share it with third parties. You can clear it any time using "Clear All Data" in Settings.

4. Push notification token

If you enable push notifications, Apple provides us with a device token to deliver reminders. This token does not identify you personally. You can disable notifications at any time through your device's Settings.

5. Website waitlist (email address)

If you join the launch waitlist on this website, we collect the email address you submit. This is optional and only happens if you choose to sign up. We use it for one purpose: to email you when Deep Core launches on the App Store (plus a welcome confirmation). We store and send waitlist emails through Buttondown, our email service provider (see Third parties below). We do not sell or share waitlist emails, and we do not use them for unrelated marketing. You can unsubscribe any time via the link in any email, or by contacting info@mossyarchdigital.com. The waitlist lives only on the website and is not linked to your in-app data or Apple account.

How we use your data

We do not use your data for advertising or ad targeting, selling to third parties, profiling or automated decision-making, or marketing communications (unless you explicitly opt in).

Third parties

We share data only with the following services, and only as described:

Apple / iCloud

Exercise and streak data, to sync your progress across your Apple devices. Governed by Apple's Privacy Policy.

PostHog

Anonymous analytics events, only with your consent, to understand usage and improve the App. Data is processed and stored on PostHog EU Cloud, within the European Union. Governed by PostHog's Privacy Policy.

Apple Push Notification Service (APNs)

A device notification token, to deliver push reminders. Governed by Apple's Privacy Policy.

Buttondown (website waitlist)

The email address you submit to the website launch waitlist, if you choose to sign up, to store the waitlist and send you a launch notification. Governed by Buttondown's Privacy Policy.

We do not share data with any advertising networks, data brokers, or other third parties.

Data storage and security

• Exercise data is stored locally on your device and in your personal iCloud. We do not operate servers that store your exercise data.
• Analytics data is stored by PostHog on their EU cloud infrastructure. It is anonymous and cannot be used to identify you.
• Authentication data is stored locally on your device. Any transmission to Apple's authentication services occurs over encrypted connections (HTTPS/TLS).

Data retention

• Exercise / streak data: retained on your device and in iCloud for as long as you use the App. Deleting the App removes local data; iCloud data can be managed through your Apple ID settings.
• Analytics data: retained by PostHog according to their retention policies. We periodically review and purge analytics we no longer need.
• Authentication data: retained for as long as your account exists, and deleted upon an account-deletion request.

Your rights

For all users

• Opt out of analytics at any time via the App's Settings
• Disable push notifications via your device settings
• Delete local data by deleting the App
• Delete iCloud data via your Apple ID iCloud storage settings
• Request account deletion by contacting us

GDPR rights (EEA, UK, Switzerland)

Under the GDPR you have the right to access, rectification, erasure ("right to be forgotten"), data portability, restriction of processing, objection, and to withdraw consent at any time without affecting the lawfulness of prior processing. Legal basis for processing: consent (analytics), legitimate interest (app functionality), and contract performance (account management). To exercise any of these rights, contact us at info@mossyarchdigital.com. We respond to GDPR requests within 30 days.

CCPA rights (California residents)

Under the CCPA you have the right to know what personal information we collect and how it's used, to delete your personal information, to opt out of the sale of your personal information (we do not sell your personal information), and to non-discrimination for exercising your rights. To exercise these rights, contact us at info@mossyarchdigital.com. We respond to CCPA requests within 45 days.

Children's privacy

Deep Core is rated 4+ and is suitable for all ages. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA). The analytics consent flow requires affirmative action. If we learn we have collected personal data from a child without appropriate consent, we will delete it promptly. If you are a parent or guardian and believe your child has provided personal data to us, please contact us at info@mossyarchdigital.com.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this policy and notify users through the App where appropriate. We encourage you to review this policy periodically.

Contact us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

• Email: info@mossyarchdigital.com
• Website: deepcore.mossyarchdigital.com
• Developer: Jonathan Buchan / Michele Marques, Mossy Arch Digital

App Store privacy disclosures

This summarises how Deep Core's data practices map to Apple's App Store privacy categories.

Data used to track you

None. Deep Core does not track users across other companies' apps or websites.

Data linked to you

*Only if shared via Sign in with Apple. For guest users, analytics events are anonymous.

Data not linked to you

Data not collected

Precise location, financial information, contacts, browsing history, search history, HealthKit data, photos or videos, audio data, and advertising data are not collected by Deep Core.