Privacy Policy

We keep your data simple, safe, and yours.

Last updated: June 2026

This Privacy Policy describes how Loyli ("we," "us," or "our") handles your information when you use our sauna, cold exposure, and contrast therapy tracking mobile application ("App") and website (loyli.app).

1. Information We Collect

1.1 Session Data

  • Session type (sauna, cold, contrast)
  • Duration, temperature, and intensity
  • Calculated sweat loss and hydration estimates
  • Session timestamps and notes
  • Protocol tracking and streak compliance

1.2 Body Metrics

To calculate sweat loss and hydration estimates, the App collects:

  • Weight
  • Sex
  • Height (optional)

This data is stored locally on your device and used only for calculations.

1.3 Heart Rate & Biometric Data

If you connect a Bluetooth Low Energy (BLE) heart rate monitor, the App collects real-time heart rate samples during sessions, heart rate zone distribution, and derived analytics such as estimated calorie burn, cold shock metrics, thermal load scores, and acclimatization trends.

Heart rate data is stored locally on your device. We do not transmit raw heart rate samples to any server. BLE connections are established directly between your device and your heart rate monitor.

1.4 Apple Health Data (iOS)

With your explicit permission, the App may read from and write to Apple Health:

  • Workout sessions and active energy burned
  • Dietary water entries for bidirectional hydration sync

Apple Health sync is optional. Data exchanged with Apple Health stays on your device — it is not uploaded to our servers. You can revoke access at any time in App settings or your device's Health settings.

1.5 Hydration Data

The App tracks daily water intake including amounts, timestamps, and beverage types so we can give you smart, session-aware hydration recommendations.

1.6 Account Information

Loyli offers three sign-in options:

  • Anonymous (Default): no personal information collected. Data stored locally only.
  • Sign in with Apple: email and name collected for cloud backup.
  • Sign in with Google: email and name collected for cloud backup.

1.7 Device Information

We collect a hashed device fingerprint to track trial period status and prevent abuse. This fingerprint does not identify you personally and cannot be used to track you across other apps.

2. Data Storage

2.1 Local Storage (Primary)

Loyli operates with a privacy-first, offline-first approach. Your session data, body metrics, hydration logs, and settings are stored locally on your device. We do not have access to this data.

2.2 Cloud Storage (Optional)

If you sign in with Apple or Google, you may optionally enable cloud backup. Backup data is encrypted in transit and at rest, and only you can access it.

2.3 Data Retention

  • Local data: retained on your device until you uninstall the App or clear app data.
  • Cloud backup data: retained until you delete your account in-app (immediate removal).
  • Subscription records: managed by the Apple App Store and Google Play.
  • Device fingerprint: retained for trial abuse prevention (contains no personal information).

3. How We Use Your Data

  • Calculate sweat loss and hydration estimates
  • Compute heart rate analytics, calorie burn, cold shock tracking, thermal load, and acclimatization trends
  • Sync session data with Apple Health (iOS, if enabled)
  • Track session history, protocols, and streaks
  • Provide cloud backup (if enabled)
  • Manage trial periods and subscriptions
  • Send push notifications (if enabled)
  • Generate shareable session images

4. Legal Basis for Processing (EU/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases in accordance with the GDPR / UK GDPR:

  • Performance of a contract: to provide Loyli's core functionality.
  • Consent: for optional features you explicitly enable — cloud backup, Apple Health sync, notifications, BLE heart rate. You may withdraw consent at any time.
  • Legitimate interests: for device fingerprinting to prevent trial abuse, security, and App stability.
  • Legal obligation: where required by applicable law.

Special-category health data (heart rate, body metrics) is processed on the basis of your explicit consent and stored locally on your device; we do not receive it on our servers unless you enable cloud backup.

5. Third-Party Services

We use a limited set of third-party services strictly to operate the App: a cloud provider for optional authentication and backup, a subscription management provider for App Store and Google Play receipts, and Apple Health on iOS (with your permission). Payment details are never stored by us. Each provider is bound by strict data protection agreements and does not use your data for its own purposes.

6. International Data Transfers

Where cloud services are used, your data may be processed on servers located outside the EEA or the UK. For such transfers we rely on the European Commission's Standard Contractual Clauses incorporated into our subprocessors' agreements, plus encryption in transit (HTTPS/TLS) and restricted access to cloud infrastructure.

7. Data Sharing

We do not sell or share your personal data with third parties, except: with the service providers described above, when required by law, to protect our rights or safety, or with your explicit consent.

8. Push Notifications

Loyli may send notifications such as session reminders, streak protection alerts, protocol reminders, and post-session hydration prompts. You can enable or disable notifications in App settings or device settings at any time.

9. Data Security

We implement industry-standard security measures: local data stored on-device, HTTPS encryption for all network communications, secure authentication, and hashed (non-reversible) device fingerprints. Since most data is stored locally, you are also responsible for your device's security.

10. Your Rights

10.1 Access

You can view all your data through the App interface.

10.2 Deletion

  • Local data: uninstall the App or clear app data in device settings.
  • Cloud data and account: open the App → Profile → Account → Delete Account. Deletion is processed immediately and removes all cloud backups.

Device-based trial tracking data is retained after account deletion to prevent trial abuse. It does not identify you personally.

10.3 Portability

You can export your session data through the App's backup feature.

11. Children's Privacy

Loyli is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have, please contact us and we will promptly delete it.

12. California Residents (CCPA)

  • We do not sell your personal information and have not in the preceding 12 months.
  • We do not share your personal information for cross-context behavioural advertising.
  • Right to know: request details of the personal information we collect and how it is used.
  • Right to delete: delete your data at any time using the in-app account deletion flow.
  • Right to non-discrimination: we will not discriminate against you for exercising your rights.

To exercise these rights, contact us with the subject line "CCPA Request."

13. Website

Our website (loyli.app) is primarily informational. We do not use advertising or cross-site tracking. Our hosting provider may process IP addresses, basic request information, and country-level location solely for security, performance, and abuse prevention, and may set essential cookies for those purposes.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the App and update the "Last updated" date above. Continued use of Loyli after changes constitutes acceptance of the updated policy.

15. Contact Us

For privacy questions or data requests, write to us at support@loyli.app.