Privacy Policy

1. Health Data (Apple HealthKit)

Laso requests access to your Apple HealthKit data to provide health insights and analysis. The types of health data we may access include:

• Heart rate and resting heart rate
• Heart rate variability (HRV)
• Sleep analysis and sleep stages
• Activity data (steps, active energy, exercise minutes, stand hours)
• Body measurements (weight, BMI, body fat percentage)
• Blood pressure (systolic and diastolic)
• VO2 Max (cardiorespiratory fitness)
• Mobility metrics (walking speed, step length, double support time)
• Mindfulness minutes
• Workout sessions and types
• Atrial fibrillation (AFib) history
• Peripheral perfusion index

Laso complies fully with Apple's HealthKit guidelines. Health data obtained from HealthKit is used solely to provide and improve the App's health analysis features. We do not use HealthKit data for advertising or other data mining purposes.

2. On-Device Data Storage

Laso uses Apple's SwiftData framework to store data locally on your device. This local storage includes:

• Daily aggregated metric values — summarized health data computed from HealthKit samples (e.g., daily average heart rate, total steps).
• Personal baselines — your individual baseline scores used to contextualize your health trends.
• Sync metadata — timestamps recording the last time each metric was fetched from HealthKit, enabling incremental updates.
• App preferences — your in-app settings and notification preferences.

All locally stored data is protected by your device's hardware encryption and is accessible only through Laso with proper device authentication.

Deleting the App: Uninstalling Laso from your device permanently deletes all locally stored data. This action cannot be undone.

3. iCloud Key-Value Storage

Laso may use Apple's iCloud Key-Value Storage to sync certain non-sensitive preferences across your devices.

What is synced: App preferences and settings only (e.g., notification preferences, display preferences).

What is not synced: Raw health data, computed scores, insights, baselines, or any HealthKit-derived information is never stored in or synced through iCloud.

iCloud data is encrypted by Apple both in transit and at rest. Apple's iCloud privacy policy governs this storage. Laso does not have direct access to your iCloud storage; data is read and written only through Apple's CloudKit APIs.

4. Analytics Data

Laso uses Firebase Analytics (provided by Google) to collect anonymous usage data to help us understand how the App is used and to improve the user experience.

What analytics data we collect:

• Screens visited and features used within the App
• Session duration and frequency of use
• Device type and iOS version (aggregated)
• App crashes and performance events

Firebase Analytics uses a random instance ID that is not linked to your identity. This ID can be reset at any time through your device's privacy settings. Analytics data is processed by Google in accordance with Google's Privacy Policy.

Website analytics: Our website (lasohealth.com) uses Google Analytics 4 (GA4) to collect anonymous usage data such as page views, scroll depth, and button clicks. No personally identifiable information is collected through the website. This data helps us understand how visitors interact with our website and improve its content.

5. Remote Configuration

Laso uses Firebase Remote Config (provided by Google) to allow us to update certain App behaviors and feature flags without requiring an App Store update. This helps us respond quickly to issues and roll out improvements gradually.

When Laso fetches remote configuration, it downloads a small configuration payload (approximately 2 KB) from Google's servers. This request includes:

• The App's bundle identifier
• The App version number
• The device's iOS version
• A random Firebase instance ID

No personal data, health data, or user-identifiable information is transmitted during remote configuration fetches. Configuration data is cached locally on your device.

6. Subscriptions & Payments

Laso offers optional in-app subscriptions to unlock premium features. All subscription purchases are handled entirely by Apple through the App Store and StoreKit framework.

What we do not collect: Laso does not collect, store, or process any payment information, credit card numbers, billing addresses, or financial data. All payment processing is handled exclusively by Apple.

What we receive: Laso only receives a cryptographically signed receipt from Apple confirming your subscription status (active, expired, or not subscribed). This receipt is verified on-device using Apple's StoreKit APIs.

For questions about billing, refunds, or subscription management, please refer to Apple's App Store support. Apple's privacy policy governs all payment-related data.

7. Third-Party Services

Laso integrates with a limited number of third-party services. The table below summarizes each service, its provider, and its purpose:

Important: No third-party service receives your health data. Firebase Analytics and Remote Config receive only anonymous usage and configuration data as described in Sections 4 and 5. Apple HealthKit data never leaves your device.

8. Data Retention & Deletion

Health and app data: All health data, scores, baselines, and preferences are stored exclusively on your device. This data persists until you uninstall the App or manually clear App data through iOS Settings.

Analytics data: Anonymous usage data collected through Firebase Analytics is retained for 14 months, after which it is automatically deleted by Google in accordance with Google's data retention policies.

Deleting all your data: Uninstalling Laso from your device permanently and irrecoverably deletes all locally stored app data, including aggregated health metrics, baselines, and preferences. Because we have no access to your on-device data, we are unable to assist with recovering deleted data.

HealthKit access: Laso only reads data from HealthKit — it never writes health data back to HealthKit. You can revoke Laso's HealthKit permissions at any time through iOS Settings → Privacy & Security → Health → Laso.

9. Children's Privacy

Laso is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@lasohealth.com and we will take steps to delete such information.

Given the nature of the App — which involves HealthKit data and is designed for adults managing their personal health — users are expected to be 13 years of age or older.

10. International Users

Health data: Because all health data is processed on-device and never transmitted, your health data is not transferred to any country or jurisdiction.

For users in the European Economic Area (EEA) — GDPR: The anonymous analytics data collected through Firebase Analytics may be transferred to and processed in the United States by Google LLC. We rely on legitimate interests as our lawful basis for processing this anonymous usage data, as it is necessary to maintain and improve the App. This anonymous data does not constitute personal data under GDPR as it cannot be used to identify you. You have the right to object to this processing by contacting us.

For California residents — CCPA: Laso does not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising. The anonymous analytics data we collect does not constitute "personal information" as defined under the CCPA because it cannot reasonably be linked to you as an individual.

11. Security

We take the security of your data seriously and implement appropriate technical safeguards:

• Device-level encryption: All on-device data benefits from iPhone's hardware-level encryption (AES-256). Data is protected by your device passcode and Face ID / Touch ID.
• Transport security: All network communications (analytics and remote config fetches) use TLS (Transport Layer Security) encryption to protect data in transit.
• Minimal data collection: Our most effective security measure is collecting as little data as possible. Because health data never leaves your device, it is protected from network-based threats.

No method of transmission over the internet or method of electronic storage is 100% secure. However, the on-device architecture of Laso significantly limits the attack surface compared to cloud-based health apps.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes, we will:

• Update the "Effective Date" at the top of this page
• Post the revised policy at this URL
• For material changes, provide notice within the App

Your continued use of Laso after the effective date of a revised policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to resolving any privacy concerns promptly. For general support, you may also contact us through the App Store listing.