Privacy Policy

Effective Date: March 2026

1. Information We Process

Flarely processes health-related data that you voluntarily enter, including: symptom logs (type, severity, body location, notes), food and drink diary entries, daily trigger factors (sleep quality, stress level, exercise, medications), and condition profiles you create.

This data is classified as "special category data" under GDPR Article 9. Our legal basis for processing is your explicit consent (GDPR Article 9(2)(a)), which you provide by choosing to enter data into the app.

All health data is processed and stored locally on your device. We do not operate servers that store your health information and have no ability to access it remotely.

2. Data Storage & Security

Your health data is stored in an on-device SQLite database. There are no cloud servers, no user accounts, and no remote databases involved in storing your information.

Data at rest is protected by your device's operating system encryption (iOS Data Protection / Android file-based encryption). Flarely relies on OS-level security and does not implement additional application-layer encryption.

AI-powered pattern analysis (correlations between symptoms, food, sleep, stress, weather, and other factors) runs entirely on your device. No health data is transmitted to external AI services.

3. Third-Party Services

Flarely connects to three external services. No analytics, advertising, or telemetry SDKs are included in the app.

RevenueCat (Subscription Management)

When you subscribe to Flarely Premium, the RevenueCat SDK processes your purchase. Data sent to RevenueCat includes: an anonymous device identifier, purchase history (product ID, transaction date, subscription status), app version, and OS version. RevenueCat does not receive any of your health data. RevenueCat acts as a data processor under GDPR. Their privacy policy is available at revenuecat.com/privacy.

Open-Meteo API (Weather Auto-Detection)

When weather auto-detection is enabled, your GPS coordinates (rounded to approximately 1.1 km precision) are sent to api.open-meteo.com to retrieve current weather conditions. Open-Meteo is an open-source weather API that does not require an API key or account and states that it does not track users. No health data is sent.

Open Food Facts API (Barcode Scanning)

When you scan a food barcode, the barcode number is sent to world.openfoodfacts.org to look up product information. No personal or health data is sent. Open Food Facts is an open-source food database licensed under the Open Database License (ODbL).

4. Location Data

Flarely requests location permission solely to support automatic weather detection for your daily trigger logs.

GPS coordinates are rounded to two decimal places (approximately 1.1 km accuracy) before being sent to the Open-Meteo weather API. The precise coordinates from your device are not stored or transmitted.

The weather condition result (e.g., "Sunny", "Rainy") is stored in your local trigger log. The GPS coordinates themselves are not retained after the weather lookup completes.

You can deny location permission and manually select weather conditions instead.

5. Camera & Barcode Scanning

Flarely requests camera permission solely for scanning food barcodes to look up product names via the Open Food Facts API.

Images from the camera are processed in real time for barcode detection only. No photos are captured, stored on your device, or uploaded to any server.

You can deny camera permission and manually enter food names instead.

6. Apple HealthKit Integration

On iOS, Flarely may request permission to read and write data from Apple HealthKit (e.g., sleep analysis, active energy). This integration is optional.

HealthKit data is processed on your device and is not transmitted to Flarely's developers or any third party. In accordance with Apple's requirements, HealthKit data is not used for advertising or sold to data brokers.

You can revoke HealthKit access at any time through the iOS Settings app under Health > Data Access & Devices.

7. Notifications

Daily reminders and medication reminders are scheduled using your device's local notification system. No push notification servers or third-party notification services are used. Notification scheduling and delivery occur entirely on your device.

8. Data Export & Sharing

You can export your data as a PDF report (for sharing with your doctor), as a CSV file, or as a JSON backup. All exports are generated locally on your device.

Exports are shared only when you explicitly initiate sharing through the system share sheet. We have no access to exported files and no knowledge of when exports are created or with whom they are shared.

9. Data Deletion

• You can delete individual symptom entries, food logs, and trigger records at any time from within the app.
• You can delete an entire condition profile and all its associated data from the Data Management screen.
• You can delete all app data at once using the "Delete All Data" option in the Data Management screen.
• Uninstalling Flarely permanently removes the SQLite database and all stored data from your device. Because we do not store your data on any server, deletion is immediate and irreversible.

10. Children's Privacy

Flarely is not directed at children under the age of 13 (or under 16 in EU/EEA jurisdictions where applicable under GDPR Article 8).

We do not knowingly collect or process information from children. If you believe a child has entered health data into Flarely, the data can be deleted entirely using the in-app deletion options described in Section 9.

11. Your Rights Under GDPR

If you are in the European Economic Area (EEA), United Kingdom, or a jurisdiction with similar data protection laws, you have the following rights:

• Right of access (Article 15): You can view all your data directly within the app at any time.
• Right to rectification (Article 16): You can edit your entries directly within the app.
• Right to erasure (Article 17): You can delete individual entries, condition profiles, or all data as described in Section 9.
• Right to data portability (Article 20): You can export all your data as JSON, CSV, or PDF at any time.
• Right to restrict processing (Article 18) and right to object (Article 21): You can stop using any feature at any time. Because processing is local, ceasing use immediately stops that processing.
• Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights or if you have questions, contact us at privacy@flarely.me.

12. Data Retention

Your health data is retained on your device for as long as the app is installed and you choose to keep it. There are no automatic deletion schedules.

Subscription-related data held by RevenueCat is retained according to RevenueCat's data retention policy.

Uninstalling the app removes all locally stored data permanently.

13. Changes to This Policy

We may update this privacy policy to reflect changes in the app or applicable law. Material changes will be communicated through app updates and noted with a revised "Effective Date" at the top of this policy.

Continued use of the app after changes are published constitutes your acknowledgment of the updated policy.

14. Website Data Collection

The Flarely website (flarely.me) collects the following data:

Waitlist Email

If you sign up for the launch waitlist, we collect your email address for the sole purpose of sending you a one-time notification when Flarely launches. Your email is stored in Cloudflare KV (a key-value storage service operated by Cloudflare, Inc.).

We will not use your email for any other purpose, sell it, or share it with third parties. You can request deletion of your email at any time by contacting privacy@flarely.me.

Website Analytics

We use Cloudflare Web Analytics, which is a privacy-friendly, cookie-free analytics service. It does not track individual users or collect personal data.

Google Fonts

The website loads fonts from Google Fonts, which may result in your IP address being sent to Google's servers. No cookies are set by this service.

15. Contact Us

Data controller: Mouemen Derbass, based in Lebanon.

For questions, concerns, or requests related to this privacy policy or your personal data, contact us at: privacy@flarely.me.