Privacy Policy

1. Who This App Is For

Qupi is intended for users who are 13 years of age or older. By using the App, you confirm that you meet this requirement. If you are under 13, please do not use Qupi or submit any personal information to us.

2. Information We Collect

Account Information
Accounts are created and authenticated exclusively through Sign in with Apple. Qupi receives from Apple: a stable anonymous user identifier (used as your account key), and optionally your name and email address — both of which you may choose to withhold during sign-in. If an email address is received, it may be an Apple-generated relay address rather than your real email. Email addresses, when present, are encrypted at rest. Your name, if provided, is used only to personalise your account and is not stored after initial setup.

Health and Symptom Logs
Qupi's core function is to help you record personal health events, symptoms, and feelings. Each log entry consists of two parts: structured metadata (such as event category, date, time, and severity) and detailed narrative content (your actual descriptions and notes). Structured metadata is stored in readable form to enable the App's search, filtering, and analytics features. Your detailed narrative content is encrypted at the application layer before being stored in our database, meaning it cannot be read directly from database storage even in the event of unauthorized access to our infrastructure.

Apple Health Data
With your explicit permission, Qupi reads workout, sleep, and step count data from Apple Health. This data is synced to our servers and stored alongside your manually logged events to enable pattern analysis across your health data. You can disconnect Apple Health at any time in the App's settings, which will also permanently delete all previously imported health data from our servers. Qupi does not write data back to Apple Health.

Device and Usage Analytics
We collect anonymous product usage data, including feature interactions, app version, and platform. This telemetry data is architecturally separated from your identity and health data — it is stored in an isolated system that cannot be linked back to your account or health logs. You can opt out of usage analytics entirely in the App's settings.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the App
• Authenticate your account and secure your data
• Respond to support requests
• Analyze aggregate usage patterns to improve the user experience
• Power AI-assisted features when you choose to use them (see Section 4)

We do not sell your personal information. We do not use your health data for advertising purposes.

4. AI-Powered Features and Third-Party AI Processing

Qupi uses AI to power two categories of features, both involving Anthropic, PBC and their Claude AI models.

Event normalization — When you log an event, Qupi automatically sends the text of your entry to Anthropic for processing. Claude parses your natural-language input into structured data (event categories, dates, and other fields), which powers the App's search and pattern features. This happens as part of the core logging flow; it is not a separate opt-in action.

Insight generation — Qupi periodically analyzes your recent log entries to surface patterns and correlations. This analysis runs automatically in the background on our servers, and relevant portions of your health log history are transmitted to Anthropic as part of this process.

In both cases, Anthropic processes your data solely to generate the requested output. Your data is not used to train Anthropic's models. We encourage you to review Anthropic's privacy policy to understand how they handle data submitted through their API.

You may opt out of AI features at any time in the App's settings. Opting out disables normalization and insight generation, and stops any data from being transmitted to Anthropic.

5. Data Storage and Security

Your data is stored on infrastructure provided by Supabase (managed database) and Amazon Web Services (application hosting). Sensitive health log content is encrypted at the application layer before storage, meaning it cannot be read directly from our database by us or by unauthorized parties.

We implement industry-standard security practices including encrypted data transmission (TLS) and access controls. Qupi uses a layered encryption approach designed to protect your most sensitive information: email addresses, when received via Sign in with Apple, are encrypted at rest; and your detailed health log narratives are encrypted at the application level before storage. Only non-sensitive structural metadata — such as event categories and timestamps — is stored in readable form, and only because it is necessary to power the App's core functionality.

6. Data Sharing

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

• Anthropic — your event text and log history are transmitted to Anthropic as part of AI normalization and insight generation, as described in Section 4
• Supabase — as our database provider for data storage
• Amazon Web Services — as our application hosting provider
• Sentry — for error monitoring and application stability. Error reports may include technical context about the request that triggered the error, but never include your health log content
• Legal requirements — if required by law, court order, or to protect the rights and safety of our users or the public

7. Your Rights and Controls

• Access and correction — you can view and correct your account information and log entries within the App at any time
• Delete individual entries — you can delete any log entry from within the App
• Delete your account — you can permanently delete your account and all associated data from the App's settings. Deletion is permanent and cannot be undone
• Apple Health disconnect — you can disconnect Apple Health at any time in Settings, which deletes all imported health data
• Opt out of AI features — you can disable AI-powered features at any time in settings, which stops data from being sent to Anthropic
• Opt out of usage analytics — you can disable anonymous telemetry in the App's settings

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, your personal data and health logs are permanently deleted from our systems. Anonymized, aggregated analytics data that cannot identify you may be retained for product improvement purposes.

9. Children's Privacy

Qupi is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it promptly. If you believe a child under 13 has used Qupi, please contact us at support@qupiapp.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and notify you within the App for material changes. Your continued use of Qupi after changes are posted constitutes your acceptance of the updated policy.