Ayumi Privacy Policy

Effective Date: May 6, 2026

Last Updated: May 25, 2026

Operator: Rocinante Venture Studio

Contact: contact@voispark.com

Important: With your permission, Ayumi reads health information from Apple Health / HealthKit, specifically step count data. Steps are used for crystal growth, step statistics, reminders, and share cards. In the current version, HealthKit steps are processed locally on your device by default. We do not upload HealthKit steps to our servers or use them for advertising, marketing, tracking, or data trading. The current version includes subscriptions, premium packs, and a server-side entitlement ledger, so purchase history, anonymous technical user ID, and entitlement status leave the device for App functionality.

1. Our Approach to Privacy

Ayumi is a lightweight app that uses steps to grow crystals. The current version is designed to keep the core crystal experience on your device, avoid mandatory visible account registration, avoid uploading HealthKit steps to our servers, and never use HealthKit data for tracking, advertising, or marketing. To support subscriptions, premium packs, purchase restoration, and duplicate-grant prevention, we process necessary purchase and entitlement data.

This Policy explains what information we access, process, store, or receive, and how you can manage it.

2. Scope

This Policy applies to the Ayumi iOS App and its widgets, notifications, share cards, settings entries, and related features.

This Policy does not apply to Apple, email providers, social platforms, share target apps, or other third-party services. Please review their privacy policies when you use them.

3. Information We Access or Process

3.1 HealthKit Step Data

With your permission, the App reads step count data, which is health information, from Apple Health / HealthKit, including:

• Today's steps.
• Daily steps for the recent 7 days.
• Total steps from the current crystal start date to now.
• Step change notifications, when available, to update crystal progress.

Purposes:

• Calculate crystal growth progress, stages, and completion.
• Show today's steps, recent 7-day statistics, and steps on share cards.
• Trigger crystal stage or completion reminders.

In the current version, HealthKit step data and crystal progress derived from it are stored locally on your device by default. They are not uploaded to our servers and are not used for advertising, marketing, data trading, or data mining unrelated to App functionality.

3.2 Crystal Growth and Collection Data

The App stores the following data locally on your device:

• Crystal ID, quality, material, visual stage, target steps, accumulated steps, start date, and completion date.
• Completed crystal form, default name, or custom name.
• Derived data needed for collection, detail screens, and share cards.

Purposes:

• Restore your crystal progress and collection.
• Generate widget snapshots and share cards.
• Provide local statistics and collection features.

3.3 Settings and Preferences

The App stores the following preferences locally:

• Whether onboarding has been completed.
• Whether health data is connected.
• Daily fortune notification switch and reminder time.
• Crystal growth notification switch.

Purposes:

• Remember your settings.
• Schedule or cancel local notifications.
• Decide whether to show health authorization prompts.

3.4 Notifications

The App uses iOS system notification features to send daily fortune reminders and growth reminders. The current version uses local notifications and does not register a push token with our servers.

You can turn notifications off in the App settings or iOS Settings at any time.

3.5 Photos and Sharing

When you choose to save a share card, the App requests permission to add to Photos and saves the share card you generated to the system photo library. The App does not need to read your photo library.

When you choose to share through the system share sheet, the target app or platform processes the content under its own policy.

3.6 Widgets

The App stores local snapshots in the App Group container for WidgetKit display, such as current crystal stage, progress, or empty state information. This data is used for widgets and is not uploaded to our servers because of the widget feature.

3.7 Contacting Us

If you contact us by email, we may receive your email address, message content, attachments, and any device or issue details you choose to provide.

Purposes:

• Respond to inquiries and support requests.
• Troubleshoot issues, improve the product, and keep necessary communication records.

Please do not send sensitive personal information unrelated to your request.

3.8 Anonymous Technical Session, Purchases, and Entitlements

The current version does not require you to register a visible account. To call subscription APIs, bind RevenueCat purchase status, restore purchases, and maintain a server-side entitlement ledger, the App may create or restore a Supabase anonymous technical session and process:

• Supabase anonymous technical user ID, access token, and refresh token.
• RevenueCat appUserID, Customer Info, App Store product ID, transaction ID, original transaction ID, subscription status, subscription period, purchase or restore time.
• Premium monthly subscription status, premium pack balance, premium pack grant / consume / refund / adjustment records, clientRequestId, and idempotency references in our server-side entitlement ledger.

Purposes:

• Confirm whether a premium monthly subscription is active.
• Grant, restore, consume, or revoke premium crystal pack entitlements.
• Avoid duplicate grants, duplicate consumption, fraud, or abnormal transactions.
• Troubleshoot purchase, restore, or entitlement sync issues for support.

Apple processes payment card numbers, bank account information, tax, and refund flows. We do not access your payment card number or bank account information. Restore purchases does not re-grant premium packs that have already been consumed.

3.9 Analytics, Ad Campaign Measurement, and Tracking Permission

If the final binary enables Firebase Analytics, Tenjin, Meta App Events, or similar analytics / attribution services, we may collect or send app usage events and coarse parameters, such as app launch, onboarding completion, HealthKit authorization status, premium crystal entry, paywall open, purchase result, growth stage, sharing, or settings actions. These events must not contain raw HealthKit step samples, custom crystal names, payment card numbers, bank account information, or identifiable health information.

If the App displays Apple's App Tracking Transparency permission prompt, we may use Apple's advertising identifier or limited campaign attribution information after you consent to measure ad campaign performance and improve Ayumi.

You may decline permission. Declining does not affect core features such as crystal growth, HealthKit step reading, collection, notifications, or share cards.

We do not use HealthKit steps, crystal growth data, or other health-related information for cross-app tracking, targeted advertising, data trading, or campaign attribution.

4. Information We Do Not Currently Process

In the current version, we do not actively collect or upload:

• Real name, phone number, birthday, precise location, or contacts.
• Apple Health data other than step count.
• Payment card numbers or bank account information.
• User-uploaded images, prompts, or cloud generation records for AI image generation.
• Raw HealthKit samples, custom crystal names, or local collection content for ad SDKs, data brokers, or cross-app tracking purposes.

If we later enable visible accounts, cloud sync, AI image generation, remote push notifications, third-party ad networks, crash reporting, or other new online features, we will update this Policy and App Store Connect privacy information first and obtain consent where required.

5. How We Share Information

In the current version, we do not upload or sell HealthKit steps, crystal progress, or local settings to third parties.

The following are not our active sharing of local data:

• You use system features such as Apple Health, Photos, notifications, widgets, or the App Store, which are provided by Apple and governed by Apple's policies.
• You actively send a share card or feedback through the system share sheet, email, or a third-party platform.
• You purchase, restore purchases, or sync entitlements, in which case Apple, RevenueCat, Supabase, our NestJS server, and hosting infrastructure process purchase and entitlement data according to their roles.
• The final binary enables Firebase Analytics, Tenjin, or similar analytics / attribution services, in which case those providers process app usage events, identifiers, or attribution information according to configuration.
• Laws, courts, or regulators require us to provide information we actually hold.

We require service providers to process data only as needed for App functionality, purchase entitlements, analytics, or compliance, and to provide protections consistent with this Policy and App Store Review Guidelines.

6. HealthKit-Specific Notice

We read step data only after you authorize it. You can revoke authorization at any time in iOS Settings or the Health app.

We do not:

• Use HealthKit data for advertising, marketing, or data trading.
• Combine HealthKit data with ad networks, data brokers, or cross-app tracking data.
• Write false or inaccurate health data to HealthKit.
• Actively upload identifiable personal health information to our servers or use it for iCloud / CloudKit syncing.

To satisfy Apple HealthKit review requirements, confirm before release that the implementation does not store identifiable personal health information in iCloud or other cloud backup / sync capabilities.

7. Retention and Deletion

Local data usually remains on your device until you delete the App, clear device data, or the system processes it according to your settings. Purchase history, anonymous technical user ID, subscription status, and entitlement ledger records may be retained by RevenueCat, Supabase, or our server for as long as necessary to provide purchased entitlements, handle refunds or disputes, troubleshoot issues, or meet legal and financial recordkeeping needs.

You can:

• Revoke HealthKit step read permission in iOS Settings or the Health app.
• Turn off notifications in iOS Settings.
• Delete the App to delete most local data stored in the App sandbox on that device.
• Delete share card images saved to Photos.
• Email contact@voispark.com to request access, correction, or deletion of emails or feedback records you sent to us.
• Email contact@voispark.com to request access to or deletion of purchase-entitlement server records; we will process requests to the extent compatible with legal, financial, anti-fraud, and Apple / RevenueCat transaction record obligations.

System backups, Photos, email providers, third-party sharing platforms, or content you have already sent to others may not be automatically deleted when you delete the App.

8. Security

We use a local-first data design to reduce unnecessary uploads. Local device data is protected by iOS sandboxing, system permissions, and device security mechanisms. The server-side entitlement ledger is protected through controlled APIs, Supabase JWT validation, idempotency constraints, and data minimization.

No system is completely secure. Please protect your device, Apple ID, passcode, and third-party accounts.

9. International Processing

The current version does not upload HealthKit steps or core crystal data to our servers by default. Purchase and entitlement data may be processed by Apple, RevenueCat, Supabase, our server, hosting services, or analytics / attribution services in different countries or regions. If you contact us by email, the email may also be processed in different countries or regions depending on the infrastructure used by you and us.

If we enable crystal cloud sync, AI image generation, or other new cloud services in the future, we will describe the relevant processing in this Policy.

10. Children's Privacy

The App is not designed for children under 13 and we do not knowingly collect children's personal information.

If you believe a child has provided personal information to us without guardian consent, contact us at contact@voispark.com. We will delete it where reasonably possible.

11. Your Rights

Depending on the laws of your location, you may have rights to access, correct, delete, restrict processing, withdraw consent, or complain.

Because the current version mainly processes HealthKit steps and core crystal data locally on your device, we may not be able to access local data on your device. You can manage it through system permissions, deleting the App, or deleting local content.

If you have sent us information by email, purchase-entitlement sync, or a future account feature, contact contact@voispark.com to exercise applicable rights.

12. Updates

We may update this Policy based on product, legal, or App Store requirements. We will update the "Last Updated" date, and material changes will be notified through the App, release notes, website, or other reasonable means.

13. Contact

If you have questions about this Policy or data processing, contact us:

• Operator: Rocinante Venture Studio
• Email: contact@voispark.com
• Privacy Policy URL: https://ayumi-legal.onrender.com/en/privacy/