Privacy Policy

Effective Date: March 28, 2026

1. Introduction

Kriastik ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how ReactLog ("the App" or "Service") handles your personal information and health data.

ReactLog is a biofeedback and health self-tracking application designed for on-device data processing. All of your health data, mood logs, supplement records, and personal information are stored exclusively on your device. We do not collect, store, or process your personal health information on any server or cloud system.

Please read this Privacy Policy carefully. By accessing or using ReactLog, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with our practices, please do not use the App.

2. On-Device Data Storage

All data in ReactLog is stored exclusively on your device. We do not collect, transmit, or store your personal health information on any server, cloud system, or backend database. Your device is the sole repository for your data.

2.1 Health and Wellness Data (On-Device Only)

You may authorize ReactLog to read health metrics from Apple Health with your explicit permission. This data is:

  • Read directly from Apple Health on your device
  • Processed and analyzed on your device only
  • Stored in encrypted local storage (CoreData/SQLite) on your device
  • Never transmitted to any Kriastik server

Data types include: heart rate, HRV, blood pressure, sleep, VO2 Max, weight, respiratory rate, SpO2, activity metrics, and distance/stairs data.

2.2 User-Entered Data (On-Device Only)

Data you manually enter into the app is stored exclusively on your device:

  • Mood logs: Your mood entries and notes stay on your device
  • Supplement logs: Your supplement records stay on your device
  • Food and nutrition logs: Your food entries stay on your device
  • Medication logs: Your medication records stay on your device

2.3 Biometric Authentication (Local-Only)

  • Face ID and Touch ID authentication data is stored in your device's Secure Enclave
  • Biometric data is used only for local app access control
  • No biometric data is transmitted or stored remotely

2.4 Subscription Data (Handled by Apple Only)

ReactLog is currently free during early access. When paid subscriptions are introduced, all billing will be managed exclusively by Apple through StoreKit 2:

  • We do not receive or store your payment credentials
  • We do not have access to your billing or payment information
  • Apple handles all subscription management and billing
  • Subscription status is synced locally on your device

2.5 Network Requests - Limited and Minimal

ReactLog makes only two categories of external network requests, neither involving your personal data:

  • USDA Food API: Only when you search for food items. We send your search query (e.g., "apple", "chicken breast") and receive nutritional data. No personal or health data is transmitted.
  • Apple App Store: For subscription verification and app updates. Apple's Privacy Policy governs this data.

3. How We Use Your Information

Since all your data is stored on your device, Kriastik has no access to your personal health information. Here is how ReactLog processes your data:

  • On-Device Processing: All health insights, mood pattern analysis, and correlation detection occur on your device using local processing
  • Local Storage: Your data is encrypted and stored in CoreData/SQLite on your device only
  • Local Authentication: Biometric and password authentication happen entirely on your device
  • Subscription Management: Handled by Apple through StoreKit 2; Kriastik never accesses billing information
  • Data Export: You can export your data as PDF, JSON, or CSV files stored locally on your device only
  • Optional iCloud Backup: If you enable iCloud backup on your device settings, Apple may include app data in device backups per Apple's standard backup practices

4. Architecture: 100% On-Device

ReactLog is architected for complete on-device processing and storage:

  • No Cloud Backend: ReactLog does not have a backend server, cloud database, or cloud storage system for user data
  • All Processing Local: Health insights, mood pattern analysis, correlations, and trend detection all occur on your device
  • All Storage Local: Health data, mood logs, supplement records, and food logs are stored in encrypted local storage (CoreData SQLite with file protection) on your device only
  • Complete User Control: You have full control over your data. No data leaves your device without your explicit action (like exporting or optional backup)
  • No Third-Party Data Sharing: Because data never leaves your device, there is nothing to share with third parties

5. Data Storage and Security

5.1 On-Device Storage Security

  • CoreData/SQLite Storage: Health data is stored in encrypted local storage using iOS/Android file protection
  • Encryption at Rest: All local data files are encrypted using platform-standard encryption
  • Secure Enclave: Biometric authentication references and credentials are stored in your device's Secure Enclave (Keychain on iOS, KeyStore on Android)
  • No Network Encryption Needed: Since data never leaves your device, it is not transmitted over the network

5.2 Data Retention and Deletion

  • Retention: Your health data is retained on your device for as long as you keep the app installed
  • User-Controlled Deletion: You can delete individual entries or all data at any time through the app settings
  • App Deletion: Uninstalling ReactLog removes all your data from your device
  • iCloud Backups: If you enable iCloud backup on your device settings, Apple may include app data in device backups. You can disable iCloud backup for ReactLog in your device settings

5.3 Kriastik Access and Control

  • Kriastik Cannot Access Your Data: Kriastik has no backend systems, no servers, and no way to access your health data
  • No Remote Access: Kriastik cannot view, download, or retrieve your personal health information
  • Complete User Ownership: Your health data is your exclusive property, stored only on your device

5.4 Third-Party Security

  • Apple Health: If you authorize data access from Apple Health, Apple's security standards apply to that platform
  • USDA Food API: When you search for foods, only your search query is transmitted. USDA's privacy policy applies to their services
  • Apple Subscriptions: Apple handles all subscription and payment data per Apple's security standards

6. Third-Party Services and Integrations

6.1 Apple Health (iOS Only)

ReactLog can read health data from Apple Health with your explicit permission. Apple Health data is:

  • Read directly from your device's Apple Health app
  • Processed and stored locally on your device only
  • Governed by Apple's privacy policies
  • Fully under your control; you can revoke access at any time in your device settings

Kriastik does not access Apple Health servers or transmit your health data to Apple or any other party.

6.2 USDA Food Data Central API

When you search for food items in the app:

  • Only your food search query is sent to the USDA (e.g., "apple" or "chicken breast")
  • No personal health data, mood data, or supplement records are transmitted
  • Nutritional information is returned and stored locally on your device
  • USDA's privacy policy applies to their API service

6.3 Optional iCloud Backup

iCloud backup is completely optional and controlled by your device settings:

  • If you enable iCloud backup in your device settings, Apple may include app data in device backups
  • You can disable iCloud backup for ReactLog in your device settings at any time
  • You can also turn off iCloud backup entirely for your device in iOS Settings
  • Apple's privacy policy governs iCloud backup data
  • Kriastik does not control, access, or manage your iCloud backups

6.4 Apple StoreKit 2 (Subscriptions Only)

Subscription management is handled exclusively by Apple:

  • Kriastik does not receive, store, or process payment credentials
  • Kriastik does not have access to your billing information
  • Apple handles all subscription renewals, cancellations, and refunds
  • Subscription status is synced locally on your device through StoreKit 2
  • Apple's privacy policy governs payment data

6.5 No Analytics, No Tracking, No SDKs

ReactLog does NOT use:

  • Firebase, Google Analytics, or any Firebase products
  • Amplitude, Mixpanel, or other analytics SDKs
  • Crashlytics or crash reporting services
  • Advertising SDKs or tracking pixels
  • Any third-party analytics or behavioral tracking

7. Data Sharing and Disclosure

7.1 Your Data Is Not Shared

Since your health data never leaves your device, Kriastik cannot share it with anyone:

  • We do NOT sell your health data
  • We do NOT share your health data with third parties
  • We do NOT share your health data with advertisers or data brokers
  • We do NOT use your health data for marketing purposes
  • We do NOT have access to your health data to share

7.2 What About Legal Requests?

If we receive a legal request (court order, subpoena, law enforcement) for your personal health data:

  • Kriastik cannot provide data we do not have access to or possess
  • Your health data is stored exclusively on your device
  • You would need to provide your device and credentials to law enforcement if they seek your data
  • We maintain minimal non-health information on our servers (none, since we have no backend)

7.3 iCloud and Apple Backup

The only way your data could be stored off-device is through:

  • iCloud Backup: If you enable iCloud backup on your device, Apple may include app data in their backups. This is optional and under your control.
  • You can disable iCloud backup for ReactLog in your device settings at any time

8. Your Privacy Rights (GDPR, CCPA, and Others)

8.1 Since Your Data Is On Your Device...

Because ReactLog stores all data exclusively on your device, here's how privacy regulations apply:

8.2 GDPR Rights (European Residents)

GDPR gives you rights over personal data held by organizations. Since Kriastik does not hold your health data:

  • Right of Access: Your data is on your device; you have direct access to it at all times
  • Right of Rectification: You can edit or correct your data directly in the app
  • Right to Erasure: You can delete any or all of your data by deleting it in the app or uninstalling the app
  • Right to Data Portability: You can export your data as PDF, JSON, or CSV through the app's export feature
  • Right to Object: Since we don't process your data on servers, there is nothing to object to

8.3 CCPA Rights (California Residents)

CCPA gives you rights over personal information collected by organizations. Since Kriastik doesn't collect or hold your health data:

  • Right to Know: Your data is stored on your device; you have complete knowledge and access
  • Right to Delete: You can permanently delete your data by deleting entries or uninstalling the app
  • Right to Opt-Out of Sales: Your data is not sold because it never leaves your device
  • Right to Non-Discrimination: We do not discriminate for exercising your rights

8.4 Your Data, Your Control

  • Complete Ownership: You own all your health data
  • Complete Access: You can access and view all your data in the app at any time
  • Complete Control: You can modify, export, or delete your data at any time
  • Easy Deletion: Uninstall the app to delete all data from your device

8.5 Contact Us

If you have questions about your rights or need assistance with accessing, modifying, or deleting your data, contact support@reactlog.com.

9. Children's Privacy

ReactLog is not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will immediately delete such information and terminate the child's account.

For users between 13 and 18 (or the age of majority in your jurisdiction), we provide additional privacy protections. Parental consent may be required depending on your jurisdiction. Please contact us if you have concerns about a minor's use of ReactLog.

10. Cookies and Tracking

ReactLog does not use cookies, tracking pixels, or analytics SDKs.

  • No cookies are used
  • No tracking pixels are used
  • No analytics SDKs (Firebase, Amplitude, Mixpanel) are used
  • No behavioral tracking occurs
  • No user data is sent to analytics platforms

Your app settings and preferences are stored locally on your device only.

11. International Data Transfers

No International Data Transfers Occur

Since all your health data is stored on your device, no international transfers of your personal health data occur. Your data never leaves your device (unless you choose to use iCloud backup, in which case Apple's data transfer policies apply).

The only international data transfer is optional and controlled by you through your device settings (iCloud backup).

12. Security Notice

Your health data is protected by your device's built-in security:

  • Local encryption through iOS/Android file protection
  • Biometric authentication (Face ID/Touch ID) protects app access
  • No network transmission means no risk of data interception during transfer

The security of your device itself (passcode, biometrics, OS updates) is your responsibility. If you believe your device is compromised, please secure it immediately.

13. Contact Information

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about your data, please contact us:

  • Email: support@reactlog.com
  • Company: Kriastik
  • Website: reactlog.com

We will respond to your inquiry within 30 days.

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by:

  • Updating the "Effective Date" at the top of this policy
  • Posting the revised policy in the App and on our website
  • Sending you a notification email if changes significantly affect your privacy

Your continued use of ReactLog constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

15. The Bottom Line

ReactLog respects your privacy by design:

  • All your health data stays on your device
  • We cannot access your health data
  • We cannot sell or share your health data
  • We do not use analytics SDKs or behavioral tracking
  • The only external connections are: (1) optional USDA food searches, and (2) Apple App Store for updates
  • You own your data completely

By using ReactLog, you acknowledge that you have read and understood this Privacy Policy. If you have any questions or concerns, please contact support@reactlog.com.