Introduction
OakHeart ("we," "our," or "the app") is a mobile application designed to support men navigating infertility. We take the privacy of your personal and health-related data seriously. This policy explains what we collect, how we use it, who we share it with, and what rights you have.
Because OakHeart handles health-adjacent information — semen analysis results, hormone levels, treatment timelines — we hold ourselves to a higher standard of transparency than a typical app. Please read this policy carefully.
1. What Data We Collect
Account Information
- Email address
- Password (hashed, never stored in plaintext)
- Display name (optional)
- Account creation date
Health and Fertility Data
- Cause of infertility (selected during onboarding)
- Semen analysis results (sperm count, motility, morphology, volume)
- Hormone levels (testosterone, FSH, LH, estradiol, prolactin)
- Recovery tracking data (timeline entries, progress notes)
- Treatment history and current phase (Understand, Pursue, Beyond)
Journal Entries
- Personal reflections written in the app
- Mood and wellness check-ins
Community Data
- Anonymous community posts and comments
- Flagged or reported content
- Community display name (separate from account name, anonymous by default)
AI Companion Conversations
- Messages sent to the AI companion
- AI-generated responses
- Conversation history (stored for continuity between sessions)
Technical and Usage Data
- Device type and operating system version
- App version
- Push notification tokens (if notifications are enabled)
- Crash logs (if applicable)
- Privacy-first usage analytics via Plausible (page views and basic usage patterns only — no health data, no personal identifiers, no cookies)
Payment Data
- Subscription tier and status
- Payment processing is handled entirely by Stripe — we never see or store your full credit card number, CVV, or billing address
2. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your data under the following legal bases:
| Data Type |
Legal Basis |
| Account information |
Contract — necessary to provide the service you signed up for |
| Health and fertility data |
Explicit consent — you opt in during onboarding; you can withdraw at any time |
| AI companion conversations |
Explicit consent — you choose to use the AI feature |
| Journal entries |
Explicit consent — you choose to create entries |
| Community posts |
Contract — necessary to operate community features |
| Usage analytics (Plausible) |
Legitimate interest — improving the app; no personal data collected |
| Payment data |
Contract — necessary to process your subscription |
| Technical/crash data |
Legitimate interest — maintaining app stability and security |
You have the right to withdraw consent at any time for any processing based on consent. Withdrawing consent does not affect the lawfulness of processing performed before withdrawal. To withdraw consent, delete the relevant data in the app or contact us at cpearsonjr96@gmail.com.
3. How We Use Your Data
We use your data to:
- Personalize your experience — Your diagnosis, phase, and tracked data determine what content, resources, and dashboard views you see.
- Power the AI companion — Your conversation history and relevant health context are sent to the AI to generate informed, personalized responses.
- Enable community features — Your anonymous posts are displayed to other users. Moderation tools use flagging data to maintain a safe space.
- Process payments — Subscription status determines feature access.
- Send push notifications — Only if you opt in. Used for recovery reminders, check-in prompts, and community replies.
- Improve the app — Aggregated, de-identified usage patterns via Plausible inform future features. No health data is used for analytics.
What we do NOT do with your data:
- We do not sell your data. Not to advertisers, data brokers, researchers, or anyone else. Period.
- We do not use your data for advertising. There are no ads in OakHeart.
- We do not share identifiable health data with employers, insurers, or any third party beyond the service providers listed below.
- We do not use your data to train AI models.
4. Third-Party Processors
We use a limited number of third-party services (data processors) to operate the app:
| Service |
Purpose |
Data Shared |
| Supabase |
Database, authentication, file storage |
All stored data (encrypted at rest with AES-256) |
| Anthropic (Claude API) |
AI companion responses |
Conversation messages, relevant health context sent per-request |
| Stripe |
Payment processing |
Email, subscription tier (Stripe handles all card data directly) |
| Plausible Analytics |
Privacy-first usage analytics |
Page views only — no personal data, no cookies, no health data |
| Expo |
Push notifications, app updates |
Device push tokens, app version |
We do not use any third-party advertising or tracking SDKs. Each processor listed above has a data processing agreement in place and processes data only as instructed by us.
5. Health Data — Important Disclaimers
OakHeart is NOT a Medical Device
OakHeart is an educational and support tool. It is not a medical device, diagnostic tool, or treatment platform. Nothing in the app constitutes medical advice. Always consult a qualified healthcare provider — specifically a reproductive urologist or reproductive endocrinologist — for medical decisions.
OakHeart is NOT HIPAA Compliant
OakHeart is not a covered entity under HIPAA. We are not a healthcare provider, health plan, or healthcare clearinghouse. While we implement strong security practices, we do not claim HIPAA compliance. The health data users enter is self-reported and stored in our systems, not in a HIPAA-compliant electronic health record.
Security Measures for Health Data
- Encryption at rest — All data stored in Supabase is encrypted at rest using AES-256.
- Encryption in transit — All data transmitted between the app and our servers uses TLS 1.2+.
- Row-level security — Supabase Row Level Security (RLS) policies ensure users can only access their own data.
- Authentication — Supabase Auth with secure token management.
- AI data handling — Data sent to Anthropic's Claude API is processed per their data retention policy. Anthropic does not use API inputs to train their models.
6. Data Retention
| Scenario |
Retention Period |
| Active account |
Data retained for as long as your account is active |
| Deleted account |
All data permanently and immediately removed via cascading delete. No grace period. |
| Inactive account (12+ months) |
We may contact you before taking any action |
| AI conversation history |
Retained until you delete it or delete your account |
| Stripe transaction records |
Retained by Stripe as required by financial regulations |
| Plausible analytics |
Aggregated data only; no personal data retained |
7. Data Export and Deletion
Export Your Data (Right to Portability)
You can request a full export of your data at any time in a machine-readable format (JSON). This includes your health records, journal entries, AI conversation history, and community posts. Contact us at cpearsonjr96@gmail.com to request an export.
Delete Your Data (Right to Erasure)
You can delete your account from within the app (Settings > Account > Delete Account). When you delete your account:
- All data is permanently deleted. This includes your health records, journal entries, AI conversations, community posts, and account information.
- Deletion is cascading and irreversible. Every record associated with your account is removed from our database. There is no recovery period or "soft delete."
- Third-party data — We will remove your data from our systems. Data previously sent to Anthropic for AI processing is subject to Anthropic's data retention policy. Stripe retains transaction records as required by financial regulations.
8. Your Rights
Depending on your jurisdiction, you have the right to:
- Access — Request a copy of all personal data we hold about you
- Rectification — Correct inaccurate or incomplete data
- Erasure — Request deletion of your data (see Section 7)
- Data portability — Export your data in a machine-readable format (see Section 7)
- Restrict processing — Ask us to limit how we use your data
- Object to processing — Object to processing based on legitimate interest
- Withdraw consent — Withdraw consent at any time for processing based on consent (see Section 2)
- Lodge a complaint — File a complaint with your local data protection supervisory authority (see below)
To exercise any of these rights, contact us at cpearsonjr96@gmail.com. We will respond within 30 days.
Right to Lodge a Complaint
If you are in the EEA, UK, or Switzerland and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu. For UK residents, you may contact the Information Commissioner's Office (ICO).
California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To make a request, email cpearsonjr96@gmail.com.
9. International Data Transfers
OakHeart is operated from the United States. If you are accessing the app from outside the United States, your data will be transferred to and processed in the United States.
Our third-party processors may also process data in the United States or other countries. We ensure appropriate safeguards are in place for international transfers, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
- Data Processing Agreements with all third-party processors
- Encryption of all data in transit (TLS 1.2+) and at rest (AES-256)
By using OakHeart, you acknowledge and consent to the transfer of your data to the United States and other countries where our processors operate.
10. Cookies and Tracking
Mobile App
OakHeart is a native mobile application. The app does not use browser cookies.
- No third-party ad tracking
- No cross-app tracking
- No device fingerprinting
- Minimal technical data collected only for push notifications and crash diagnostics
Website (oakheartapp.com)
Our website uses Plausible Analytics, a privacy-first analytics tool that:
- Does not use cookies
- Does not collect personal data
- Does not track users across sites
- Is fully GDPR, CCPA, and PECR compliant without requiring cookie consent
We do not use any other cookies, tracking pixels, or third-party scripts on our website beyond essential functionality.
11. Community Posts and Anonymity
- Anonymous by default. Community posts use a separate display name that is not linked to your real name or email in the public feed.
- Moderation. Posts can be flagged by other users and are subject to moderation.
- Visibility. Community posts are visible to all OakHeart users. Do not share information in community posts that you would not want other users to see.
- Deletion. When you delete your account, all your community posts are permanently removed.
12. AI Companion
The AI companion is powered by Anthropic's Claude API:
- Conversation storage. Your AI conversation history is stored in our database so the companion can maintain context across sessions.
- Data sent to Anthropic. When you send a message, relevant context (your message, recent conversation history, and pertinent health data) is sent to Anthropic's API for processing via encrypted connection.
- Anthropic's use of data. Anthropic does not use data submitted via their API to train models. See Anthropic's privacy policy for details.
- Delete conversation history. You can delete your AI conversation history at any time without deleting your entire account.
- Safety features. The AI companion is designed to detect emotional distress and provide crisis resources. It does not provide medical diagnoses or treatment recommendations.
13. Children's Privacy
OakHeart is not intended for users under the age of 18. We do not knowingly collect data from minors. If you believe a user under 18 has created an account, please contact us immediately at cpearsonjr96@gmail.com and we will delete the account.
14. Changes to This Policy
We may update this privacy policy from time to time. When we make significant changes:
- We will update the "Last Updated" date at the top of this policy.
- We will notify you via in-app notification or email for material changes.
- Continued use of the app after changes constitutes acceptance.
15. Data Protection Contact
If you have questions, concerns, or requests related to your privacy or data protection:
Data Protection Contact
OakHeart
Email:
cpearsonjr96@gmail.com
Subject line: OakHeart Privacy Inquiry
We aim to respond to all inquiries within 30 days. For GDPR-related requests, we will respond within the legally required timeframe (typically 30 days, extendable to 90 days for complex requests).
16. Summary
| What |
Details |
| Data collected | Email, health metrics, journals, community posts, AI conversations, basic usage analytics |
| Data sold | Never |
| Ads | None |
| Analytics | Plausible (privacy-first, no cookies, no personal data) |
| HIPAA compliant | No — educational tool, not a medical device |
| Encryption | At rest (AES-256) and in transit (TLS 1.2+) |
| Data deletion | Full cascade delete on account removal |
| AI data | Sent to Anthropic API, not used for training |
| Age requirement | 18+ |
| International transfers | US-based; SCCs and encryption for safeguards |
| Your rights | Access, rectification, erasure, portability, restrict, object, withdraw consent, lodge complaint |
| Contact | cpearsonjr96@gmail.com |