Privacy Policy

1. Introduction

Levered (Arabic: رَكيزة) ("Levered", "we", "us", or "our") is a privacy-first, CBT-based mental health self-help companion application for iOS, developed and operated by an individual developer based in the United Kingdom. Our bundle identifier is help.levered.app and our website is levered.help.

This Privacy Policy explains what information the Levered application ("the App") collects, how it is used, where it is processed, and your rights in relation to it. We are committed to transparency and to protecting your privacy by design.

By downloading, installing, or using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the App.

2. Data Controller

For the purposes of the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and all applicable data protection legislation, the data controller is:

Entity: Levered (sole developer)
Location: United Kingdom
Contact email: [email protected]
Website: levered.help

For all privacy-related inquiries, data subject requests, or complaints, please contact us at [email protected]. We aim to respond to all legitimate requests within 30 days.

3. Information We Do NOT Collect

Levered is designed around data minimisation. We want to be explicit about what we do not collect, transmit, or store on any server:

Personal identification information (name, email address, phone number, postal address)
User account credentials (the App requires no registration or sign-in)
Usage analytics, behavioural data, or telemetry
Tracking data, cookies, browser fingerprints, or advertising identifiers (IDFA/GAID)
Crash reports, diagnostics, or performance metrics
Location data (GPS, IP-based geolocation, or cell tower data)
Device identifiers beyond what Apple provides for subscription verification
Health data from HealthKit or any other health framework
Contacts, calendar, photos, microphone input, or camera access

There are no third-party analytics SDKs (e.g., Firebase Analytics, Mixpanel, Amplitude), no advertising networks (e.g., AdMob, Meta Audience Network), no crash reporting services (e.g., Crashlytics, Sentry), and no telemetry of any kind embedded in the App.

4. On-Device Data Storage

4.1 SwiftData (Primary Data Store)

All user-created content — thought records, mood entries, and exercise logs — is stored locally on your device using Apple's SwiftData framework. This data resides in a shared App Group container (group.thoughtlens.app) to allow the home screen widget to access mood data. This data never leaves your device unless you have iCloud enabled (see Section 5).

SwiftData storage is protected by iOS's built-in data protection, which encrypts files at the filesystem level using your device passcode. When your device is locked, data is encrypted and inaccessible.

4.2 UserDefaults (Lightweight Preferences)

The App stores lightweight, non-sensitive preferences using Apple's UserDefaults mechanism, including:

Language preference (English or Arabic)
Appearance mode (system, light, or dark)
Daily reminder schedule and settings
AI consent status (whether you have opted into AI features)
Onboarding completion status
Draft auto-save data for in-progress thought records

These preferences are stored locally on your device only and are never transmitted to any server.

4.3 Keychain

The App uses the iOS Keychain to securely store session tokens and shared secrets used for authenticated communication with our API. The Keychain is hardware-encrypted by Apple's Secure Enclave and is not accessible to other applications. Keychain items are not included in device backups unless you use encrypted backups. We do not store personal information, passwords, or biometric data in the Keychain.

4.4 App Group Shared Container

The SwiftData store resides within an App Group shared container so that both the main App and the WidgetKit extension can access mood data. The widget has read-only access and makes no network calls. The shared container is protected by the same iOS data protection as the main App sandbox.

5. iCloud Sync (Apple CloudKit)

If you have iCloud enabled on your device, your SwiftData content (thought records, mood entries, and exercise logs) automatically syncs across your Apple devices via Apple's CloudKit service.

Encryption: Data is encrypted in transit (TLS) and at rest on Apple's servers using Apple's own encryption infrastructure.
Control: iCloud sync is controlled by your device's iCloud settings, not by Levered. You can disable sync at any time via Settings > [Your Name] > iCloud.
Access: Levered has no server-side access to your CloudKit data. We cannot read, query, export, or process your synced content. The data is associated with your Apple ID, which is managed entirely by Apple.
Deletion: You can manage or delete iCloud data via Settings > [Your Name] > iCloud > Manage Account Storage.

For details on how Apple handles CloudKit data, please refer to Apple's Privacy Policy.

6. AI Features (Premium Subscribers Only)

6.1 Consent and Opt-In

AI-powered features (distortion detection, smart reframes, evidence helper, daily tips, and exercise recommendations) are available exclusively to Levered Premium subscribers and require your explicit, informed, and affirmative consent before activation. You will be presented with a clear consent prompt explaining exactly what data is sent and how it is processed. You must actively opt in; AI features are never enabled by default.

You may revoke your AI consent at any time by navigating to Settings > AI Data Consent within the App. Revoking consent immediately and permanently stops all AI data transmission. Revoking consent does not delete any data already stored on your device.

6.2 Data Sent to the AI Service

When AI features are active and you interact with them, the following data is transmitted to our backend API:

Current thought text — the automatic thought you have entered (maximum 500 characters)
Situation text — the situation description you have entered (maximum 500 characters)
Selected distortion IDs — numerical identifiers (integers 1–18) of cognitive distortions you have selected
Mood value — your selected mood level (one of: rough, low, okay, good, great)
Language preference — your App language setting (English or Arabic)

This is the complete and exhaustive list of data transmitted. No other data — including historical entries, personal identifiers, device information, IP addresses, or usage patterns — is sent to our servers.

6.3 How AI Data Is Processed

Real-time processing only: Data is processed in real-time to generate a response (distortion analysis, reframe suggestions, evidence prompts, or recommendations) and is immediately discarded after the response is returned.
No storage: Your thought text, situation text, and other submitted data are not stored, logged, cached, or persisted on any server at any time.
No training: Your data is never used to train, fine-tune, or improve any machine learning model, AI system, or algorithm.
No profiling: We do not build user profiles, track patterns across sessions, or aggregate data across users.
No human review: Your submitted text is not reviewed, read, or accessed by any person.

6.4 Crisis Detection

The AI service includes automated crisis detection. If content suggesting self-harm, suicidal ideation, or acute distress is detected, the App will automatically surface crisis helpline resources and support information. This is an automated safety measure and does not constitute professional intervention, diagnosis, or emergency response. Crisis detection does not result in any data being stored, reported, or transmitted to any third party.

6.5 Rate Limiting

AI requests are rate-limited to 60 requests per day per device to prevent abuse. Rate limiting is enforced using anonymous, non-identifying technical mechanisms. We do not track or store request history.

7. API Communication and Security

Transport encryption: All communication between the App and our API is conducted over HTTPS with TLS 1.2 or higher, ensuring data is encrypted in transit.
Request authentication: Every API request is authenticated using HMAC-SHA256 signatures to verify integrity and prevent tampering or replay attacks.
Infrastructure: Our backend API is hosted on Cloudflare Workers, a serverless edge-computing platform. Requests may be processed at Cloudflare edge locations in the United States, the European Union, or other regions depending on network routing (see Section 11 on international transfers).
On-device protection: Local data is protected by iOS's built-in data protection and encryption. Keychain items are secured by Apple's Secure Enclave hardware.
No server-side logs: We do not maintain server-side logs containing user-submitted content. Operational infrastructure logs (e.g., request counts, error rates) do not contain any user data or content.

8. Subscriptions and Payment Processing

Levered Premium is offered as an auto-renewable monthly subscription (Product ID: help.levered.premium.monthly, $3.99 USD/month) managed entirely through Apple's App Store and StoreKit 2 framework.

We do not process, collect, or store any payment information (credit card numbers, billing addresses, etc.).
All payment processing is handled by Apple in accordance with Apple's App Store Terms.
We store your Apple transaction ID locally on your device to verify premium access with our API. This transaction ID is a non-identifying alphanumeric string generated by Apple and is not linked to your personal identity, Apple ID, or payment method.

9. Notifications

The App offers optional daily reminders to encourage regular self-reflection practice. These notifications are:

Scheduled entirely locally on your device using Apple's UserNotifications framework
There is no push notification server — notifications are not sent from our infrastructure
We never receive, collect, or store your notification settings, schedule, or device token
You can enable, disable, or customise reminder times within the App's Settings

10. Home Screen Widget

Levered includes a WidgetKit mood check-in widget that displays on your iOS home screen. The widget:

Has read-only access to the shared SwiftData store via the App Group container
Makes no network calls of any kind
Does not collect, transmit, or process any data
Uses CloudKit sync only if iCloud is enabled on the device (with cloudKit: false in the widget configuration, meaning the widget accesses only local data)

11. International Data Transfers

If you use AI features, the data described in Section 6.2 is transmitted to our API hosted on Cloudflare Workers. Cloudflare is a US-headquartered company with edge locations worldwide. Your AI requests may be processed at edge locations in:

The United States
The European Economic Area (EEA)
The United Kingdom
Other regions depending on network routing

Because no personal data is stored or retained during AI processing (data is processed in memory and immediately discarded), the transfer safeguard requirements under UK GDPR Article 46 and EU GDPR Chapter V are minimised. However, Cloudflare maintains appropriate safeguards, including GDPR compliance commitments and data processing addenda.

iCloud sync data is transferred and stored by Apple in accordance with Apple's data processing practices and applicable data transfer mechanisms. Please refer to Apple's Privacy Policy for details.

12. Legal Basis for Processing (UK GDPR / EU GDPR)

Under the UK General Data Protection Regulation (retained from EU GDPR post-Brexit) and the EU GDPR, we process data on the following lawful bases:

Consent (Article 6(1)(a)): AI data processing is performed only with your explicit, freely given, specific, informed, and unambiguous consent. You may withdraw consent at any time via Settings > AI Data Consent, and withdrawal takes immediate effect.
Contract performance (Article 6(1)(b)): Processing necessary to provide the Premium subscription service you have purchased (e.g., verifying subscription status via Apple transaction IDs).
Legitimate interests (Article 6(1)(f)): Basic operational functions such as HMAC authentication for API security. We have assessed that these do not override your rights and freedoms, as no personal data is involved.

12.1 Special Category Data

Mental health data may constitute special category data under Article 9 of the GDPR. We process this data only on the basis of your explicit consent (Article 9(2)(a)). Importantly, Levered stores mental health content exclusively on your device. When AI features are used with consent, thought text is processed transiently and never stored.

13. Your Rights Under Applicable Law

13.1 UK GDPR / EU GDPR Rights

If you are located in the United Kingdom or the European Economic Area, you have the following rights under the UK GDPR / EU GDPR:

Right of access (Article 15): You may request confirmation of whether we process your personal data and access to that data. Because we do not store personal data on our servers, there is no server-side data to provide.
Right to rectification (Article 16): You may correct inaccurate data. Your on-device data can be edited directly within the App.
Right to erasure (Article 17): You may request deletion of your data. See Section 14 for deletion instructions.
Right to restriction of processing (Article 18): You may restrict processing by revoking AI consent or disabling iCloud sync.
Right to data portability (Article 20): Because data is stored locally on your device, you have full physical possession of it at all times.
Right to object (Article 21): You may object to processing by disabling AI features or uninstalling the App.
Right to withdraw consent (Article 7(3)): You may withdraw AI consent at any time via Settings > AI Data Consent. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. In the United Kingdom, this is the Information Commissioner's Office (ICO).

13.2 California Consumer Privacy Act (CCPA / CPRA) Rights

If you are a California resident, you have rights under the California Consumer Privacy Act (as amended by the CPRA):

Right to know: You may request disclosure of what personal information we collect about you. We do not collect personal information as defined under the CCPA.
Right to delete: You may request deletion of personal information. See Section 14 for on-device deletion instructions.
Right to opt out of sale/sharing: We do not sell or share any personal information, as defined under the CCPA/CPRA. There is no "Do Not Sell or Share My Personal Information" mechanism because no sale or sharing occurs.
Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

CCPA categories disclosure: In the preceding 12 months, Levered has not collected, sold, shared, or disclosed for a business purpose any categories of personal information as defined under the CCPA.

13.3 Exercising Your Rights

To exercise any of the above rights, or if you have questions about our data practices, please contact us at [email protected]. We will respond to verifiable requests within 30 days (or within the shorter timeframe required by applicable law).

14. Data Retention and Deletion

Because we do not store your journal data, personal information, or AI-processed content on any server, there is no server-side retention period. Data exists only in the following locations:

On your device: Retained until you delete it within the App or uninstall the App.
In iCloud (if enabled): Retained until you remove it via Apple ID > iCloud > Manage Account Storage, or until you delete data within the App (which syncs the deletion to iCloud).
In transit during AI processing: Retained in server memory only for the duration of the API request (typically milliseconds to seconds), then immediately and irrecoverably discarded.

How to delete your data:

Delete all App data: Navigate to Settings > Delete All Data within the App
Remove all local data: Uninstall the App from your device
Manage iCloud data: Go to iOS Settings > [Your Name] > iCloud > Manage Account Storage
Revoke AI consent: Navigate to Settings > AI Data Consent toggle within the App
Cancel subscription: Go to App Store > [Your Profile] > Subscriptions

15. Children's Privacy (COPPA Compliance)

Levered is not directed at, marketed to, or intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13.

Because Levered collects no personal information from any user, regardless of age, there is no mechanism by which children's data could be inadvertently collected, stored, or processed on our servers.

If you believe a child under 13 has provided personal information to us, please contact us at [email protected] and we will investigate promptly.

16. Apple App Store Privacy Disclosures

In compliance with Apple's App Store requirements, we provide privacy "nutrition labels" on the Levered App Store listing. These labels accurately reflect the following:

Data Not Linked to You: The AI feature processes thought text and mood data, but this data is not linked to your identity, Apple ID, or device.
Data Not Collected: We do not collect contact information, identifiers, usage data, diagnostics, browsing history, search history, location data, financial information, health and fitness data (beyond what you voluntarily enter into thought records), or sensitive information.
Tracking: The App does not engage in tracking as defined by Apple's App Tracking Transparency framework. We do not request the AppTrackingTransparency permission.

17. Third-Party Services

The App integrates with the following third-party services:

Apple iCloud (CloudKit): For optional cross-device data synchronisation. Governed by Apple's Privacy Policy and iCloud Terms of Service.
Apple App Store (StoreKit 2): For subscription management and payment processing. Governed by Apple Media Services Terms and Conditions.
Cloudflare Workers: Our backend API infrastructure for AI processing. Governed by Cloudflare's Privacy Policy. No user data is stored by Cloudflare as part of our implementation.

We do not integrate with any advertising networks, analytics providers, social media SDKs, or data brokers.

18. Do Not Track Signals

Levered does not track users in any way. The App honours Do Not Track (DNT) signals by default, as no tracking occurs regardless of signal status. There is no behavioural tracking to disable.

19. Security Measures

We implement reasonable and appropriate technical and organisational measures to protect the limited data we process:

HTTPS with TLS 1.2+ for all network communication
HMAC-SHA256 request authentication and integrity verification
iOS Data Protection for on-device file encryption
Apple Secure Enclave for Keychain items
No server-side data persistence or logging of user content
Serverless architecture (Cloudflare Workers) with no persistent storage
Rate limiting (60 AI requests/day) to prevent abuse

While no system is 100% secure, our architecture is designed to minimise risk by not retaining data on servers. In the unlikely event of a data breach affecting any personal data, we will notify affected individuals and the relevant supervisory authority in accordance with UK GDPR Article 33 requirements (within 72 hours of becoming aware).

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do:

We will revise the "Last updated" date at the top of this page.
Material changes will be noted in the App's release notes on the App Store.
If a change materially affects how we process data you have already provided consent for (e.g., changes to AI data processing), we will seek renewed consent within the App before such changes take effect.

Because we do not collect email addresses or maintain user accounts, we cannot provide direct notification of policy changes. We encourage you to review this page periodically. Your continued use of the App after changes are posted constitutes acceptance of the revised Privacy Policy.

21. Supervisory Authorities

If you are unsatisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection authority:

United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
European Union: Your local Data Protection Authority — EDPB member list

22. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, your data, or Levered's privacy practices, please contact us at:

Email: [email protected]
Website: levered.help

We take all privacy inquiries seriously and will endeavour to respond within 30 days of receipt.