Privacy Policy

Effective date: 1 March 2026 · Last updated: 1 March 2026

The short version: N of 1 processes all of your health data entirely on your device. We never transmit your health information to any server we control, and we do not sell or share it with third parties. The only external service that may see any information about you is Apple (for App Store purchases and HealthKit access), and RevenueCat (for subscription management — purchase receipts only, no health data).

1. Who We Are

N of 1 ("we", "us", "our") is an iOS application that helps individuals run structured personal health experiments using data from Apple Health. For privacy enquiries, contact us at privacy@nof1.app.

2. Information We Collect

2.1 Health & Fitness Data (from Apple HealthKit)

N of 1 requests read-only access to Apple HealthKit data types that you authorise, which may include:

Sleep analysis (sleep duration, sleep stages)
Heart rate and heart rate variability (HRV)
Resting heart rate
Step count and walking/running distance
Active energy burned and basal energy burned
Body weight and body mass index
Blood oxygen saturation (SpO₂)
Respiratory rate
Any other HealthKit types you explicitly authorise

This data never leaves your device. It is read from HealthKit, processed locally, and stored in an on-device SQLite database. We have no servers that receive, store, or process your health data.

N of 1 never writes data to Apple Health. Access is strictly read-only.

2.2 Experiment Data You Create

Experiment names, notes, confounding factor logs, and settings that you create inside the app are stored locally on your device using SQLite. This data does not leave your device unless you choose to export it manually via the "Export Data" feature in Settings.

2.3 Subscription & Purchase Information

If you purchase a premium subscription, the transaction is processed by Apple through the App Store. We use RevenueCat (a third-party subscription management service) to verify purchase receipts and manage entitlements. RevenueCat receives anonymised App Store receipt data and a randomly generated device-level identifier. RevenueCat does not receive any of your health data.

RevenueCat's privacy policy is available at revenuecat.com/privacy.

2.4 Information We Do Not Collect

We do not collect:

Your name, email address, or any contact information
Device identifiers (IDFA, IDFV) for advertising purposes
Location data
Usage analytics or behavioural tracking data
Crash reports or diagnostic data beyond what Apple automatically provides to developers through App Store Connect (which is opt-in on your device)

3. How We Use Your Information

The health data read from Apple Health is used solely to:

Calculate baseline and trial-period statistics for your experiments
Display charts, metrics, and results within the app
Generate AI-powered interpretive summaries (Premium feature — see Section 4)

Purchase receipt data is used solely to verify your subscription status and unlock premium features.

4. AI Insights (Premium Feature)

Premium subscribers can generate AI-powered interpretations of their experiment results. To produce these insights, a summary of your statistical results (e.g., "average sleep duration increased by 18% during the trial period") is sent to a third-party AI service. Raw HealthKit data is never sent. Only aggregated, anonymised statistical summaries are transmitted, and they contain no personally identifying information.

You can choose not to use the AI Insights feature at any time; all other app functionality remains fully on-device.

5. Data Storage & Security

All app data is stored locally on your device using SQLite. The database is protected by iOS's standard data protection mechanisms (encrypted at rest when the device is locked). We do not operate cloud backups of your health or experiment data.

If you back up your device to iCloud or iTunes/Finder, your app data may be included in that backup according to Apple's backup policies. This is governed by Apple's privacy policy, not ours.

6. Data Retention & Deletion

Your data is retained on your device for as long as you use the app. You can permanently delete all experiment data, confounding notes, and app settings at any time by tapping Settings → Delete All Data. This action is irreversible.

Deleting the app from your device will also remove all locally stored app data. HealthKit data itself is managed independently through the Health app and is not affected by deleting N of 1.

Purchase records held by RevenueCat are subject to their own retention policy; please refer to their privacy policy for details.

7. Third-Party Services

N of 1 integrates with the following third-party services:

Apple HealthKit — Read-only access to health data you authorise. Governed by Apple's HealthKit developer guidelines and Apple's Privacy Policy (apple.com/legal/privacy).
Apple App Store — Payment processing for subscriptions. Governed by Apple's Terms of Service and Privacy Policy.
RevenueCat — Subscription management and receipt validation. No health data is shared. See revenuecat.com/privacy.
AI Insights provider (Premium only) — Receives anonymised statistical summaries only. No raw health data or identifying information is transmitted.

We do not embed advertising SDKs, social media tracking pixels, or any analytics services that would have access to your health information.

8. Children's Privacy

N of 1 is not directed at children under 13 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has used the app and provided information, please contact us at privacy@nof1.app.

9. Your Rights

Because we do not collect or store personal data on our servers, most traditional data subject rights (access, rectification, portability, erasure) are satisfied by default — your data lives only on your device and you control it entirely.

If you are a resident of the European Economic Area (EEA), United Kingdom, or California, and you believe we hold personal data about you (for example, via RevenueCat's systems), you may contact us at privacy@nof1.app to exercise your rights under GDPR, UK GDPR, or CCPA as applicable.

10. International Transfers

Because your health data stays on your device, there are no international transfers of health data by us. Purchase receipt data processed by RevenueCat may be stored and processed in the United States; RevenueCat maintains appropriate data transfer mechanisms under applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, provide an in-app notice. Continued use of the app after the effective date of any changes constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: privacy@nof1.app
Website: nof1.app