Ansera Health
Privacy & Security

Privacy-first.By design.

Built by and for cybersecurity professionals. Your data stays yours.

No-tracking mode active
No analytics, no third-party scripts, no telemetry.
๐Ÿ”’
End-to-end encryption
All data in transit is encrypted.
๐Ÿšซ
No data selling
We never sell, rent, or share your data.
๐Ÿ›ก๏ธ
Minimum collection
Only what's needed to make the app work.

What we don't collect

  • โŒ No location data
  • โŒ No health or mental health records
  • โŒ No biometric data
  • โŒ No third-party advertising trackers

Heart-rate / HRV / respiratory measurements you take in the app are computed locally on your device. Signed-in users may opt to save anonymized session deltas to their own private account so the app can personalize recommendations โ€” only you can see them.

What we do collect

Only the minimum needed to deliver the app:

  • Email and display name (only if you create an account)
  • Anonymous, aggregated usage data โ€” features used, session duration, device type
  • App performance and crash reports

Aggregated usage data cannot be linked back to any individual user.

How we use it

  • Improve user experience and develop new features
  • Monitor app stability and performance
  • Personalize practice recommendations for signed-in users

We do not sell, rent, or share data with third parties for advertising or marketing.

Security measures

  • End-to-end encryption for all data transmission
  • Row-level security on all stored records
  • Limited access โ€” only authorized personnel review aggregated analytics
  • No third-party data sharing

Technical security architecture

Encryption in transit & at rest

All data between your device and our servers is encrypted with TLS 1.3. At rest, your data is encrypted using AES-256 โ€” the same standard used by banks and government agencies. Session measurements (HRV, stress, focus deltas) are computed locally on your device; only anonymized aggregates are transmitted if you opt in.

Key management

Encryption keys are managed by our backend infrastructure and rotated automatically. Service-role keys (used for server-side operations) are isolated from the client and never exposed in browser bundles. API keys are scoped โ€” the publishable key your browser sees can only perform operations allowed by Row-Level Security (RLS), not admin actions.

Access controls

Every database table has Row-Level Security (RLS) enabled. You can only read or write rows that belong to your authenticated user ID. Server-side functions verify the bearer token on every request; if the token is missing or invalid, the request is rejected with a 401 before it reaches the database. There is no anonymous write access โ€” unauthenticated users cannot insert, update, or delete any data.

No third-party trackers

We do not load Google Analytics, Meta Pixel, or any external tracking scripts. Telemetry is first-party only and aggregated before analysis.

Your rights (GDPR, UK & equivalent)

  • โœ… Access โ€” request a copy of the data we hold
  • โœ… Deletion โ€” delete your account and data permanently
  • โœ… Restrict โ€” ask us to stop analyzing your usage
  • โœ… Object โ€” opt out of any non-essential data collection
  • โœ… Portability โ€” receive a copy of your data in a portable format

Once a deletion is processed, it is permanent and irreversible.

Cookies

Minimal cookies for remembering your preferences and analyzing aggregated usage trends. You can manage cookies through your device or browser settings.

Third-party links

Ansera Health may link to outside resources. We don't control external sites โ€” please review their privacy policies before engaging.

Contact

Questions or want to exercise your rights? Email hello@pacificmndfl.com.

Effective: January 30, 2025 ยท Last updated: February 3, 2025
โ† Back to Ansera Health