Undercurrent is built on a simple principle: your health data belongs to you and only you. This Privacy Policy explains how we handle information in the Undercurrent app, published by Grayforge Labs ("we", "us", "our").
1. Information We Collect
Information stored on your device
Undercurrent stores all user-entered data locally on your device in a private SQLite database. This includes:
- Health events you log (symptoms, food, medications, activities, observations)
- Severity ratings, timestamps, and notes associated with events
- Markers, threads/profiles, and custom categories you create
- App preferences and settings
- Apple Health data you choose to sync (workouts, mindfulness sessions)
- Environmental data (weather, barometric pressure, air quality) fetched to correlate with your events
This data never leaves your device unless you explicitly choose to export or back it up.
Location data
If you enable the environmental correlation feature, the App requests access to your device's location to fetch local weather and air quality data. Your location coordinates are stored locally on your device and are also sent to our backend server, which proxies the request to a third-party weather service (Weather-Stack) on your behalf. This proxy keeps the weather API key secure and uses device attestation to verify requests come from legitimate app instances. Your coordinates are used only to retrieve weather data and are not persisted on our server. Location data is not included in iCloud backups. You can disable this feature at any time in the App's settings.
Information we do NOT collect
We do not collect, transmit, or store on our servers:
- Your name, email address, or any personally identifiable information
- Account credentials (no account is required)
- Device identifiers or advertising IDs
- Analytics, telemetry, or usage tracking data (note: Apple may collect standard App Store analytics such as crash reports and aggregate usage statistics through App Store Connect; this is governed by Apple's own privacy policy and your device settings)
- Any health data you log in the app
2. How Your Data Is Used
All data processing happens entirely on your device. Your logged events are used locally to:
- Display your timeline, calendar, and event history
- Detect patterns and correlations between events
- Generate insights about your health patterns
- Produce PDF reports you can share with your healthcare provider
- Power the on-device AI assistant (Curry), which uses Apple Intelligence with no server communication
3. Data Sharing and Third Parties
We do not share, sell, rent, or transmit your health data to any third party. There are no third-party analytics SDKs, advertising networks, or tracking services in Undercurrent. Apple may collect standard App Store analytics (such as crash reports and aggregate usage data) through App Store Connect, governed by Apple's own privacy policy.
The only circumstances where data leaves your device are ones you initiate or that support app functionality:
- In-app purchases (RevenueCat): We use RevenueCat to manage purchase verification and entitlements. RevenueCat communicates with Apple to confirm your purchase status. It receives transaction data from Apple (such as purchase receipts and product identifiers) but does not receive any of your health data, logged events, or personal content. See RevenueCat's Privacy Policy for details.
- iCloud backup: If you use the optional backup feature (Pro), your logged events and app data are stored in your personal iCloud account using Apple's built-in encryption. Raw Apple Health data (aggregate metrics) is not included in backups and can be re-imported from Apple Health. We do not have access to your iCloud data.
- PDF report export: When you generate and share a report, the PDF is created on your device and shared through the standard iOS share sheet.
- Environmental data: If enabled, the App sends your location coordinates to our backend server, which proxies the request to a third-party weather service to retrieve weather and air quality data. Our server uses device attestation to verify requests but does not store your coordinates or any personal or health data.
Any third party with whom limited data is shared (such as RevenueCat for purchase verification) is required to provide the same or equivalent level of data protection as described in this Privacy Policy.
4. Apple Health Integration
If you grant permission, Undercurrent can read the following specific data types from Apple Health:
- Workout sessions (type, duration, and energy burned)
- Mindful sessions (meditation and mindfulness)
This data is:
- Read only with your explicit permission via the iOS Health authorization prompt
- Stored and processed locally on your device
- Never transmitted to any server or third party
- Used solely to correlate health metrics with your logged events
- Never used for advertising, marketing, or data mining purposes
You can revoke Health access at any time through iOS Settings > Health > Data Access & Devices. Revoking access stops all future data reads; previously imported data can be deleted within the App.
5. On-Device AI
Undercurrent's AI features (including the Curry chat assistant and AI-generated insights) run entirely on your device using Apple Intelligence. Your data is never sent to OpenAI, Google, or any external AI service. The AI model processes your data in-memory on your device and has no network connectivity.
6. Data Retention and Deletion
Since all data is stored locally on your device:
- Your data persists as long as the app is installed
- You can delete individual events, threads, or markers at any time within the app
- Uninstalling the app permanently deletes all locally stored data
- iCloud backups can be managed or deleted through your iCloud account settings at any time
Revoking Consent
You can revoke consent for specific data access at any time:
- Apple Health: Revoke access via iOS Settings > Health > Data Access & Devices > Undercurrent
- Location / Environmental data: Disable in the App's Environmental Settings or via iOS Settings > Privacy & Security > Location Services > Undercurrent
- iCloud backup: Disable in the App's Backup Settings
- Complete data deletion: Uninstall the App to permanently remove all local data
7. Children's Privacy
Undercurrent does not collect personal information from anyone, including children. The app can be used by parents and caregivers to track health patterns for their children using the multi-profile feature. All such data is stored locally on the parent's or caregiver's device and is not transmitted anywhere.
8. Security
We take reasonable measures to protect your data:
- All data is stored in a private app sandbox accessible only to Undercurrent
- Optional backups are stored in your personal iCloud account, protected by Apple's encryption
- No network transmission of health data means no risk of interception
- The app does not require or store any authentication credentials
9. Your Rights
Because your data is stored locally and we have no access to it, you have full control at all times. You can:
- View all your data within the app
- Delete any or all data within the app
- Export your data as a PDF report
- Remove the app and all data by uninstalling
10. In-App Purchases
Undercurrent offers a one-time Pro purchase through Apple's App Store. Payment is processed by Apple. We use RevenueCat to verify purchases and manage your Pro entitlements. RevenueCat receives transaction data from Apple (such as purchase receipts and product identifiers) but does not receive any of your health data or content you log in the App. We do not collect or have access to your payment information or Apple ID.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. Since we do not collect email addresses, we encourage you to review this page periodically.
12. Contact Us
If you have questions or concerns about this Privacy Policy, please contact us at:
Grayforge Labs
Email: [email protected]