Privacy Policy | DoseDyno

At DoseDyno, we operate on the fundamental belief that health data is the most sensitive property an individual can own. Our architecture is engineered around the principle of Zero Persona Tracking. We do not sell data, we do not build consumer profiles, and we do not utilize identifying APIs. This policy outlines our compliance with GDPR (EU), CCPA/CPRA (USA), and PIPEDA (Canada).

I. Data Sovereignty & Localization

DoseDyno utilizes a "Local-First" data strategy. Your raw biometric data—heart rate, sleep stages, and activity loads—is stored and encrypted within the Apple Health ecosystem on your device. DoseDyno acts as a processing terminal, not a central repository. We do not maintain unencrypted cloud databases of your biometric history.

II. GDPR Compliance (European Union)

Under the General Data Protection Regulation (GDPR), users in the European Economic Area (EEA) possess specific rights:

Right to Erasure: You may delete your data at any time through the app settings, which triggers an immediate purge of local cache and anonymized synchronization tokens.
Data Portability: Biometric data is stored in the standard HealthKit format, ensuring you can export your records to other clinical systems.
Legal Basis: We process health-related data solely based on your **Explicit Consent**, which is requested during the initial onboarding terminal session.

III. North American Standards (CCPA & PIPEDA)

California (CCPA/CPRA): We categorically do not "sell" or "share" personal information as defined by California law. Furthermore, we provide a "Limit the Use of My Sensitive Personal Information" protocol by default through our anonymized processing engine.

Canada (PIPEDA): DoseDyno adheres to the ten fair information principles, ensuring accountability and purpose limitation for every data point processed during nutrient analysis.

IV. AI Processing & Vision Transparency

When you utilize our Universal Vision Engine for meal or supplement analysis:

Local Inference: Whenever hardware permits, image analysis is performed on-device using specialized neural engines.
Anonymized Tokenization: If cloud acceleration is required for complex nutritional lookups, images are stripped of metadata and transmitted via a one-way anonymized token. We do not link these scans to your legal identity or persona.

V. Zero-Identification API Policy

DoseDyno is intentionally designed without third-party identification APIs (e.g., social logins, tracking pixels, or identifying analytics). Our technical stack ensures that your nutritional queries remain decoupled from your digital identity.

Encryption: AES-256 (at rest) / TLS 1.3 (in transit).

Storage: On-device (HealthKit) / Zero Cloud Persistence.

Auditing: Built-in privacy logs accessible via the developer terminal.

Effective Date: December 2024. For Data Protection Inquiries: contact@dosedyno.app