Privacy Policy
This Privacy Policy explains the type, scope, and purpose of personal data processing within the "Circadian" app. Protecting your data is our highest priority. Circadian was built on the principle of data minimization: all processing happens exclusively on your device.
1. Data Controller
Markus Sekulla
Ulbrichtstr. 6
09126 Chemnitz, Germany
Email: support@circadian-app.com
2. Types of Data Processed
Circadian reads health data exclusively from Apple Health (HealthKit). No raw data is permanently stored — only locally derived values:
- Sleep data (bedtime/wake times, sleep stages)
- Heart rate variability (HRV)
- Resting heart rate
- Workouts (type, duration, intensity)
3. Purpose of Processing
- Calculating your personal energy curve for the current day
- Determining your chronotype from sleep patterns
- Sleep recommendations based on your individual sleep needs
- Displaying the energy curve in widgets on Home Screen, Lock Screen, and Apple Watch
Providing health data is voluntary. Without HealthKit access, Circadian uses default values for the energy curve.
4. Legal Basis
- Energy curve, chronotype, sleep recommendations: Performance of contract (Art. 6(1)(b) GDPR) — these functions are necessary for the app to work
- HealthKit access: Consent (Art. 6(1)(a) GDPR) — you explicitly grant permission through the iOS authorization dialog
5. On-Device Processing
All data processing happens exclusively on your device:
- HealthKit data is freshly read from Apple Health for each calculation and is not cached
- The energy curve is computed by a mathematical model locally on your device
- Health data is never transmitted to external servers
- Circadian does not use any tracking, analytics, or advertising services
6. Storage and Retention
- Pre-computed curve points (energy values, not raw data) are stored in a shared App Group so widgets can access them
- Your settings (chronotype, sleep need, display options) are stored locally in UserDefaults
- Raw health data from HealthKit is not permanently stored — it is read for computation and then discarded
- Curve points are recalculated and overwritten daily
7. Apple Watch
Circadian transfers pre-computed curve points and unlock status to the Apple Watch via WatchConnectivity. No raw health data is transmitted between iPhone and Apple Watch. Communication uses Apple's encrypted WatchConnectivity framework.
8. Widgets
Widgets on the Home Screen, Lock Screen, and Apple Watch display the energy curve. They read exclusively pre-computed curve points from the shared App Group — not directly from HealthKit. The stored data contains only energy values and timestamps, not raw health data.
9. In-App Purchases
Circadian offers an optional one-time purchase through Apple's App Store. Payment processing is handled exclusively by Apple. Circadian does not receive any payment data (credit card number, bank details, etc.).
Circadian receives only the purchase confirmation (product ID, purchase date) from Apple for unlocking. This data is processed locally and not shared with third parties.
10. Website Hosting
This website is hosted on Cloudflare Pages, a service provided by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). When you visit this website, Cloudflare automatically processes the following data:
- IP address
- Browser type and version
- Operating system
- Referrer URL
- Time of access
This processing is based on our legitimate interest in the secure and efficient delivery of the website (Art. 6(1)(f) GDPR). Cloudflare may set technically necessary cookies (e.g. __cf_bm for bot detection).
Cloudflare is certified under the EU-US Data Privacy Framework (DPF), which ensures an adequate level of data protection for the transfer of personal data to the United States.
Note: The app itself does not communicate with Cloudflare or any other external servers. This section applies exclusively to visits to this website.
11. Third-Party Sharing
Circadian does not transmit health data, curve points, or settings to servers or third parties. Technically required data transfers for in-app purchases are handled directly by Apple (see Section 9). The website is hosted via Cloudflare (see Section 10). Circadian does not use tracking, analytics, or advertising services. No profiling takes place. No automated decisions within the meaning of Art. 22 GDPR are made.
12. Technical Security Measures
- All stored files are protected by iOS file encryption (File Protection: Complete Until First User Authentication)
- HealthKit data is subject to Apple's strict access controls and is only read after explicit user permission
- Circadian does not require a network connection for its core functions. Technically necessary communication (in-app purchases) is handled exclusively through Apple system services.
13. Your Rights
Under the GDPR, you have the following rights:
- Right of access (Art. 15 GDPR): Circadian does not store personal data on servers — all data is viewable directly on your device
- Right to rectification (Art. 16 GDPR): You can adjust chronotype and sleep need at any time in Settings
- Right to erasure (Art. 17 GDPR): Uninstalling the app deletes all locally stored data
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR): Your health data can be exported via Apple Health
- Right to object (Art. 21 GDPR): You can revoke HealthKit access at any time in iOS Settings
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
14. Data Deletion
- HealthKit permissions can be revoked at any time under Settings → Health → Data Access & Devices → Circadian
- Uninstalling the app deletes all locally stored data (settings, curve points, unlock status)
- Data in iCloud or iTunes backups is not automatically removed and is subject to Apple's backup management
15. Contact
For privacy-related questions, please contact support@circadian-app.com
16. Changes to This Privacy Policy
This Privacy Policy may be updated to reflect changes to the app or legal requirements. The current version is always available in the app under Settings → Privacy and on this website.
Last updated: 2026-02-26