Privacy Policy

Appy + Yaar is a product of Her Holistic Health Ltd, a UK company registered at Companies House (company number available on request). We are the data controller for the personal data we process about you when you use the app or website.

Contact: info@herholistichealth.co.uk. For data-protection matters, write to our Data Protection Contact at: divpreetsacha@herholistichealth.co.uk.

Under UK GDPR we must tell you the lawful basis on which we process your personal data. For most of what the app does, our lawful basis is your consent (UK GDPR Article 6(1)(a)), you give it by agreeing to these terms and completing signup. For the health-related information you enter (symptoms, cycle answers, fertility questions), our lawful basis is your explicit consent to processing special-category data (UK GDPR Article 9(2)(a)).

You can withdraw either consent at any time from Your Data Choices. Withdrawal will not affect processing that happened before you withdrew.

When you create an account: your email address and a hashed password. We use Supabase for authentication, your password never reaches our servers in plain text.

When you complete onboarding (optional): pillar choice (Appy / Yaar / Apni), ethnicity subgroup, religion, generation, UK location, language preference, and goals. All are optional and can be left blank.

When you use pathways: your answers to pathway questions, and the GP Summaries you generate. These are stored against your user ID so you can resume and re-print them.

When you bookmark or reflect: article bookmarks and reflection entries you choose to save.

When you use the chatbot: your messages are sent to Anthropic's Claude API for processing. They are not stored by us beyond the current session. Anthropic processes messages under their own privacy policy and does not use them for model training.

Technical data: we log basic usage events (article read, pathway completed) to understand what is being used. We do not use third-party advertising or tracking pixels.

Some of what you enter, symptoms, cycle information, fertility-related answers, is special-category personal data under UK GDPR. We process it on the basis of your explicit consent, given when you sign up and again when you opt in to research participation. You can withdraw consent at any time from Your Data Choices.

• • To provide the service: keep you signed in, save your answers, generate GP Summaries, send account emails.
• • To operate the chatbot: pass your messages to Anthropic's API and return the response.
• • To improve the product: anonymous, aggregated usage patterns (which articles are read, which pathways are completed).
• • To support research (only if you opt in): contribute de-identified answers to studies we run or partner on. You will never be individually identifiable in published research.

We do not use your data for profiling or automated decision-making.

We share data only where necessary to run the service, or where you have explicitly consented:

• • Supabase, our database and authentication provider (EU-hosted).
• • Vercel, our hosting provider (global edge network with data residency controls).
• • Anthropic, the chatbot API provider. Messages you send to the bot are processed by Anthropic under their data processing terms.
• • Research partners, only if you have opted in, only de-identified.

We do not share with advertisers, data brokers, insurers, or employers. Any commercial use of de-identified data requires your separate, explicit consent.

Account and profile data: as long as your account is active, plus 30 days after deletion to handle recovery and legal obligations. Pathway answers and GP Summaries: same retention as your account. Usage events: anonymised after 12 months. Detailed retention schedule in our Data Retention Policy.

You have the right to:

• • Access your data (we'll provide a copy in a portable format)
• • Correct inaccurate data
• • Delete your data (right to be forgotten)
• • Restrict or object to processing
• • Data portability (export in JSON)
• • Withdraw consent for research at any time
• • Complain to the Information Commissioner's Office (ico.org.uk) if you believe we have mishandled your data

Use Your Data Choices to export or delete your data directly, or email us at divpreetsacha@herholistichealth.co.uk.

We will respond to any request within 30 days of receipt, as required by UK GDPR. If a request is particularly complex we may extend by up to two further months and will tell you why.

Most of our processing happens in the UK and EU. Some services we use are based outside the UK: Anthropic (chatbot API) is hosted in the United States. When your data is sent to a country outside the UK, we rely on Standard Contractual Clauses approved by the UK Information Commissioner's Office, combined with the data-processing terms of each provider, to keep your data protected to UK standards.

All traffic to the app is encrypted (TLS). Passwords are hashed by Supabase with industry-standard algorithms. Database access is restricted by Row-Level Security, other users cannot see your data. We do not store your chatbot messages on our servers.

We use a small number of strictly-necessary cookies to keep you signed in. We do not use advertising cookies or cookies that track you across sites. See our cookie notice for details, shown on your first visit.

This service is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.

We will notify you in-app and by email of any material changes, with at least 14 days' notice. The date at the top of this page shows the last update.