Policies
Privacy Policy
Onederland (“we,” “our,” or “us”) designs the app so your health history lives on your device. This Privacy Policy explains what information the app stores locally, the limited situations when data leaves your device, and the choices you have. If you do not agree with this policy, please do not use the app.
Information We Handle
On-Device Health Journal
- GLP-1 injection history (date, dose, site, streaks, notes)
- Manual health metrics you log (weight, vitals, labs, goals, measurements)
- Food entries, saved meals, and AI-assisted nutrition estimates you choose to save
- Calendar notes, custom graphs, and dashboard preferences
Apple Health Data (Optional)
- With your explicit permission, the app reads Apple Health categories such as weight, activity, sleep, nutrition, or vitals to display alongside your manual entries.
- Apple Health data is stored in the local app database. It is not forwarded to Onederland servers.
App Preferences & Local Logs
- Settings such as theme, units, notification reminders, and sync configuration
- Diagnostic logs kept on-device to help troubleshoot issues when you contact support
- Optional debug exports you trigger from the settings menu
Device & Diagnostic Identifiers
- A random device identifier stored in your secure keychain so the app can request runtime configuration from our Cloudflare Worker
- Crash signatures and stack traces captured only if crash reporting is enabled (see below)
- We do not collect birthdays or passwords. The app uses Sign in with Apple to create a minimal account profile; Apple may share a stable user identifier and (optionally) your name and email address (including private relay). Apple may only provide name/email on first authorization, and we may store these fields to support subscriptions, referrals, and support.
When Data Leaves Your Device
By default, your logs remain local. The app transmits data only in the situations listed below, and only for the features you use:
- Mixpanel (analytics): When analytics is enabled by configuration or your consent, the app sends pseudonymous event data (feature names, timestamps, device model) tied to a randomized identifier. You can request that we disable analytics for your device at any time.
- Onederland Cloudflare Worker (runtime configuration): On launch the app sends the random device identifier to fetch encrypted feature flags, API tokens, and configuration. No health records, meals, or contact details are transmitted in these requests.
- Sign in with Apple (account): When you sign in, the app sends an Apple identity token and Apple-provided user identifier to our Cloudflare Worker to obtain an auth token and enable premium features. If available, your name/email may also be transmitted.
- AI Nutrition (AI provider via the Onederland gateway): If you choose photo- or text-based nutrition analysis, the image or description you submit is proxied through our Cloudflare Worker to an AI provider (such as OpenRouter) to produce an estimate. Onederland does not retain these uploads beyond returning the result to you.
- Barcode lookup (OpenFoodFacts and USDA FoodData Central): When you scan or enter a UPC, the barcode value is sent to these public food databases to retrieve nutrition facts. We do not send your health history with these requests.
- RevenueCat (subscriptions): If you start a trial or purchase premium features, Apple App Store receipts and anonymous identifiers are shared with RevenueCat to confirm entitlements. Your health entries are not shared.
- Linkrunner (referrals): If you open or share referral links, Linkrunner may process attribution data (including referral parameters) so we can credit the referral program.
- 3D Body Compare (fal.ai): If you choose to generate a 3D mesh, the photos you select are sent to our Cloudflare Worker and then to fal.ai for processing. We do not store your photos; we store the generated 3D mesh files on your device (and optionally in iCloud Drive).
- Sharing (iOS share sheet): When you choose to share an image (photos, 3D meshes, scorecards, or graphs), the app renders the share image on-device (including any stickers or labels you add) and hands it to the iOS share sheet. Onederland does not receive the content you share; the destination app/service will have its own privacy policy.
- Sentry (crash diagnostics, optional): When a Sentry DSN is present, crash reports, stack traces, and limited device metadata are sent to Sentry to help us investigate stability issues. Health data and free-form notes are deliberately excluded.
- Apple iCloud Drive (backups, share images, and saved 3D meshes): On iOS, the app may store backups, share images, and saved 3D mesh files in your iCloud Drive container (if enabled) so they can sync across devices. Onederland cannot access these files outside your iCloud account.
We do not host your health records in an Onederland-operated cloud database. We do store limited account and program metadata (such as Sign in with Apple identifiers, referral status, and subscription reward tracking) to operate premium features. Your health journal does not sync automatically across devices; some files (such as backups, share images, and saved 3D meshes) may sync via iCloud when enabled.
How We Use Your Information
- Provide core functionality: render charts, reminders, streaks, dashboards, and exports using the data stored locally on your device.
- Deliver optional features you request: perform AI-assisted nutrition estimates, barcode lookups, or subscription checks only when you initiate those features.
- Maintain stability and support purchases: diagnose crashes (if enabled), confirm App Store receipts, and tune feature availability via runtime configuration.
Storage & Security
- Your data is stored locally in a SQLite database; sensitive tokens are kept in the device keychain/secure storage.
- Backups you create are standard JSON files stored in your app’s storage (and may be kept in your iCloud Drive container on iOS). Onederland cannot access these backups.
- Saved 3D mesh files are stored on-device and may be stored in your iCloud Drive container on iOS for cross-device sync.
- Runtime configuration tokens and analytics identifiers are generated on-device and can be reset by clearing the app’s data.
- We conduct periodic security reviews of mobile builds and shared code to keep the app current.
Controls & Choices
- Manage Health access from iOS Settings → Privacy & Security → Health at any time.
- Skip features such as AI nutrition or barcode lookup if you prefer not to send information to those services.
- Contact support@fandaria.com to disable analytics for your device or to ask us to remove account/referral metadata we control.
- Use Settings → Clear All Data inside the app to delete local records immediately.
- Delete backup files and saved 3D meshes from iCloud Drive / Files to remove copies stored outside the local app sandbox.
Your Rights
You can access, export, or delete the information stored on your device at any time using the app’s export and deletion tools. Onederland uses Sign in with Apple and may maintain limited server-side metadata (such as referral status or subscription reward tracking), but we do not store your health journal entries or iCloud files on our servers.
If you reside in a jurisdiction with additional privacy rights (including the CCPA or GDPR), email support@fandaria.com and we will help you exercise access, correction, opt-out, or deletion rights related to analytics identifiers or diagnostic data we control.
Apple Health Integration
- We only read Apple Health data types that you explicitly approve.
- You can grant or revoke access to individual data types at any time in iOS Settings.
- We never use Apple Health data for advertising, and we never sell or share it with third parties.
Compliance Notices
Children’s Privacy
The app is not intended for individuals under 18. We do not knowingly collect data from minors. If we learn that a minor has provided information, we will delete it promptly.
International Data Transfers
Services such as Mixpanel, RevenueCat, Sentry, OpenRouter, Cloudflare, fal.ai, and Linkrunner may process data in the United States or other regions with appropriate safeguards. By using the app or requesting these features you consent to those transfers.
California Privacy Rights (CCPA)
California residents can request details about the limited personal information shared with processors and may instruct us to disable analytics identifiers by emailing support@fandaria.com.
European Data Protection Rights (GDPR)
EEA, UK, and Swiss residents may contact us to exercise rights of access, rectification, restriction, objection, or erasure with respect to the diagnostic identifiers we control. We process data as necessary to provide the app and based on your consent for optional features.
Updates to This Policy
We may update this Privacy Policy as the app evolves. Material changes will appear in the app with a new “Last Updated” date, and we will provide in-app notice when required.
Contact Us
If you have questions or wish to exercise your privacy rights, contact us at:
- Email: support@fandaria.com