Privacy-first.By design.
Built by and for cybersecurity professionals. Your data stays yours.
What we don't collect
- โ No location data
- โ No health or mental health records
- โ No biometric data
- โ No third-party advertising trackers
Heart-rate / HRV / respiratory measurements you take in the app are computed locally on your device. Signed-in users may opt to save anonymized session deltas to their own private account so the app can personalize recommendations โ only you can see them.
What we do collect
Only the minimum needed to deliver the app:
- Email and display name (only if you create an account)
- Anonymous, aggregated usage data โ features used, session duration, device type
- App performance and crash reports
Aggregated usage data cannot be linked back to any individual user.
How we use it
- Improve user experience and develop new features
- Monitor app stability and performance
- Personalize practice recommendations for signed-in users
We do not sell, rent, or share data with third parties for advertising or marketing.
Security measures
- End-to-end encryption for all data transmission
- Row-level security on all stored records
- Limited access โ only authorized personnel review aggregated analytics
- No third-party data sharing
Technical security architecture
Encryption in transit & at rest
All data between your device and our servers is encrypted with TLS 1.3. At rest, your data is encrypted using AES-256 โ the same standard used by banks and government agencies. Session measurements (HRV, stress, focus deltas) are computed locally on your device; only anonymized aggregates are transmitted if you opt in.
Key management
Encryption keys are managed by our backend infrastructure and rotated automatically. Service-role keys (used for server-side operations) are isolated from the client and never exposed in browser bundles. API keys are scoped โ the publishable key your browser sees can only perform operations allowed by Row-Level Security (RLS), not admin actions.
Access controls
Every database table has Row-Level Security (RLS) enabled. You can only read or write rows that belong to your authenticated user ID. Server-side functions verify the bearer token on every request; if the token is missing or invalid, the request is rejected with a 401 before it reaches the database. There is no anonymous write access โ unauthenticated users cannot insert, update, or delete any data.
No third-party trackers
We do not load Google Analytics, Meta Pixel, or any external tracking scripts. Telemetry is first-party only and aggregated before analysis.
Your rights (GDPR, UK & equivalent)
- โ Access โ request a copy of the data we hold
- โ Deletion โ delete your account and data permanently
- โ Restrict โ ask us to stop analyzing your usage
- โ Object โ opt out of any non-essential data collection
- โ Portability โ receive a copy of your data in a portable format
Once a deletion is processed, it is permanent and irreversible.
Cookies
Minimal cookies for remembering your preferences and analyzing aggregated usage trends. You can manage cookies through your device or browser settings.
Third-party links
Ansera Health may link to outside resources. We don't control external sites โ please review their privacy policies before engaging.
Contact
Questions or want to exercise your rights? Email hello@pacificmndfl.com.
