Effective Date: [EFFECTIVE_DATE]
Last Updated: [EFFECTIVE_DATE]
Reta ("we," "us," or "our") operates the Reta mobile application (the "App"). This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the App.
We are committed to protecting your privacy. Reta was built with a privacy-first, local-first architecture. Your health data is stored on your device and never sent to our servers. We do not have a backend server, we do not collect user accounts, and we do not sell or share your personal data.
Please read this Privacy Policy carefully. By downloading, installing, or using the App, you acknowledge that you have read, understood, and agree to the practices described in this policy. If you do not agree with this Privacy Policy, please do not use the App.
We collect information that you voluntarily provide through the App. We organize this information into the following categories:
This is the core of what Reta tracks. All health data is entered by you and stored on your device.
Apple processes all subscription payments through the App Store. We use RevenueCat, Inc. ("RevenueCat") as a third-party service to manage subscription status, entitlements, and purchase validation. RevenueCat receives an anonymous app user ID and subscription transaction data from Apple — it does not receive your name, health data, or any personally identifiable information beyond what Apple provides for purchase validation. RevenueCat's privacy policy is available at https://www.revenuecat.com/privacy. We do not collect or store payment information such as credit card numbers, billing addresses, or Apple ID credentials.
If you grant permission, Reta may read the following data types from Apple Health:
HealthKit data is read-only. Reta does not write data to Apple Health. See Section 6 for detailed HealthKit disclosures.
The vast majority of information in Reta comes directly from your manual input. You enter your health data, personal information, and preferences through the App's interface. You choose what to log and when.
If you enable Apple Health integration in the App's settings and grant permission through the iOS system prompt, Reta may import weight, height, and step count data from Apple Health. This is entirely optional. The App functions fully without HealthKit access.
At launch, Reta does not include any analytics SDK. In a future update, we may integrate anonymized analytics (such as Firebase Analytics) to understand how features are used. If and when this is implemented:
The App includes 35 evidence-based wellness tips ("Protocol Tips") that are static editorial content embedded in the App's code. These tips are not personalized to you and do not involve collection or processing of your data. Each tip includes source citations from published medical literature.
We use the information you provide solely to deliver and improve the App's functionality:
| Purpose | Data Used |
|---|---|
| Display your medication tracking history and upcoming doses | Medication type, dosage, injection site, injection dates |
| Show weight trends, progress charts, and goal tracking | Weight entries, goal weight, start weight, target date |
| Track nutrition against your daily goals | Food entries, calorie/protein/fiber/water goals |
| Display symptom patterns and history | Symptom entries |
| Show mood and energy trends (when available) | Mood and energy entries |
| Track workout activity against your goals | Workout entries, step goal, workout goal |
| Display body measurement changes over time | Measurement entries |
| Show progress photos for personal reference | Progress photos |
| Send local reminders (injection, weigh-in, meals) | Reminder preferences, notification settings |
| Personalize the App experience (units, goals) | Preferences and goals |
| Import health data you choose to sync | HealthKit data (with your permission) |
| Sync your data across your own Apple devices | All App data (via iCloud, if enabled by you) |
We do not use your data for:
All of your health data is stored locally on your device using Apple's SwiftData framework. The underlying database is SQLite, located within the App's sandboxed storage area. No other app on your device can access this data.
Your data is protected by iOS Data Protection, which provides file-level encryption using hardware-backed keys. When your device is locked with a passcode, Face ID, or Touch ID, your data is encrypted and inaccessible.
If you enable iCloud sync, your App data is synced across your Apple devices using Apple's CloudKit private database. This means:
We do not operate our own servers. We cannot access your iCloud data. Apple's data processing terms govern iCloud storage.
In a future update, Reta may offer an optional biometric lock feature using Face ID or Touch ID. When available and enabled, the App will require biometric authentication each time it is opened. Biometric data (your face scan or fingerprint) is processed entirely by iOS on your device's Secure Enclave. Reta will never access, store, or transmit your biometric data.
Reta does not operate any backend server. The App makes no network requests to any server controlled by us. Your health data never leaves your device except through iCloud sync (controlled by you and managed by Apple).
If you have iCloud Backup enabled on your device (an iOS-level setting), your App data may be included in your device backup. This is managed by Apple, not by Reta. You can manage iCloud Backup in iOS Settings > Apple ID > iCloud > iCloud Backup.
We do not sell, rent, lease, or trade your personal information or health data to any third party. We have never sold personal data and will never do so.
Your health data (medication records, weight, symptoms, nutrition, mood, workouts, measurements, and photos) is never shared with third parties. It remains on your device and, if you choose, in your personal iCloud account.
We do not display advertising in the App. We do not use your health data for targeted advertising, marketing, data mining, or any use-based data analysis beyond providing the App's features to you.
We may disclose information only in the following narrow circumstances:
The App integrates with or links to the following third-party services:
These third-party services have their own privacy policies. We encourage you to review them. We do not control and are not responsible for the privacy practices of these services. We do not transmit your health data to any of these services.
This section provides the specific disclosures required by Apple for apps that access HealthKit data.
Reta requests read-only access to the following Apple HealthKit data types:
| HealthKit Data Type | Access Level | Purpose |
|---|---|---|
| Body Mass (weight) | Read only | Import your weight history to display trends and progress |
| Height | Read only | Import your height for body composition context |
| Step Count | Read only | Import your daily step counts to track activity |
HealthKit data is used solely within the App to display your health trends and track progress against your goals. Imported data is stored in the App's local database on your device.
In compliance with Apple's requirements:
HealthKit integration is entirely optional. The App functions fully without it. You can grant or revoke HealthKit permissions at any time in iOS Settings > Privacy & Security > Health > Reta.
Access to HealthKit features is not gated behind a paid subscription. You do not need Reta Premium to use Apple Health integration.
Regardless of where you live, we provide the following rights to all users:
All of your data is visible to you within the App at all times. You can view your full history for injections, weight, nutrition, symptoms, mood, workouts, measurements, and photos.
You can edit or update your entries directly within the App at any time.
You can export all of your data in CSV format through Settings > Manage Your Data > Export Data. This provides a machine-readable copy of your information for portability.
You can delete all of your data through Settings > Manage Your Data > Delete All Data. This permanently removes all entries across all data types from your device, including:
After deletion, data cannot be recovered. If iCloud sync is enabled, deletion also removes the data from your iCloud account.
You may also delete individual entries within each section of the App.
You can revoke any system permission at any time:
Uninstalling Reta from your device permanently deletes all local App data, including the database and any stored photos. If iCloud sync was enabled, you may also need to remove data from iCloud via iOS Settings > Apple ID > iCloud > Manage Storage.
For any privacy-related request, including data access, correction, deletion, or questions about this policy, contact us at support@reta.app. We will respond within 30 days.
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information.
In the preceding 12 months, we have collected the following categories of personal information:
| CCPA Category | Examples from Reta | Source |
|---|---|---|
| Identifiers | Name, birth month and year | You (optional input) |
| Characteristics of protected classifications | Gender, age | You (optional input) |
| Health information (Sensitive Personal Information) | Medication records, weight, symptoms, body measurements, mood, nutrition, progress photos | You (manual entry) |
| Internet or electronic network activity | None collected at this time | N/A |
| Geolocation data | Not collected | N/A |
| Sensory data | Progress photos (body images) | You (photo capture or selection) |
We collect personal information solely to provide the App's tracking, visualization, and reminder features as described in Section 3. We do not collect information for any secondary purpose.
We do not sell your personal information. We have not sold personal information in the preceding 12 months and will not do so in the future.
We do not share your personal information for cross-context behavioral advertising or any other purpose.
You have the right to:
You can exercise your rights directly within the App (see Section 7) or by contacting us at support@reta.app. We will verify your identity before processing a request. We do not require you to create an account to exercise your rights.
You may designate an authorized agent to submit a request on your behalf by providing written authorization to support@reta.app.
The App does not track you across third-party websites or online services. We do not respond to Do Not Track (DNT) browser signals because the App does not engage in tracking.
Washington residents have additional rights under the My Health My Data Act (MHMDA). We publish a separate Consumer Health Data Privacy Policy as required by the MHMDA. This separate document is available within the App and on our website.
Colorado residents have the right to opt out of targeted advertising, the sale of personal data, and certain profiling. We do not engage in any of these activities. You also have the right to access, correct, delete, and obtain portable copies of your data, which you can exercise through the App or by contacting us.
Connecticut residents have rights similar to those described in the Colorado section above, including specific protections for consumer health data. We do not sell or process your consumer health data without your consent.
Reta is not intended for individuals under 18 years of age. GLP-1 medications are prescription medications generally prescribed to adults, and the App is designed for adult users managing their own medication and wellness.
We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly.
If you are a parent or guardian and believe your child has provided personal information through the App, please contact us at support@reta.app so we can delete the information.
Your health data is retained on your device for as long as you choose to keep it in the App. We do not impose any automatic expiration or deletion schedule. You are in full control of your data's lifecycle.
If anonymized analytics are implemented in a future update, aggregated and de-identified usage data may be retained for product improvement purposes. This data cannot be linked back to you.
If you use iCloud Backup (an iOS-level setting), your App data may be included in your device backup. Backups are encrypted by Apple. To remove App data from backups, you can disable iCloud Backup or delete the backup in iOS Settings.
We may update this Privacy Policy from time to time to reflect changes in our practices, the App's features, or applicable law. When we make material changes, we will:
Your continued use of the App after the effective date of a revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the revised policy, please stop using the App and delete your data.
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Email: support@reta.app
We aim to respond to all inquiries within 30 days.
In the unlikely event of a data security incident affecting your personal information, we will comply with all applicable breach notification laws, including:
Because Reta's local-first architecture means your health data is stored on your device and not on our servers, the risk of a server-side data breach is eliminated. The primary scenarios in which your data could be compromised are device theft or loss (mitigated by iOS encryption and device passcode) or an iCloud account compromise (managed by Apple's security infrastructure).
Reta relies primarily on Apple-provided frameworks: SwiftUI, SwiftData, HealthKit, UserNotifications, and PhotosUI. The only third-party SDK integrated is RevenueCat for subscription management. RevenueCat receives anonymous app user IDs and subscription transaction data from Apple for purchase validation and entitlement management. RevenueCat does not receive any health data, personal information, or HealthKit data. If we add additional third-party dependencies in the future, we will update this Privacy Policy to disclose them and their data practices.
This Privacy Policy complies with the requirements of Apple App Store Review Guidelines Section 5.1 (Privacy), including Sections 5.1.1 (Data Collection and Storage), 5.1.2 (Data Use and Sharing), and 5.1.3 (Health and Health Research).