Privacy Policy
1. Who We Are
Correlation Lab is developed and operated by:
r6lab Radoslaw Jozefowicz
ul. Akacjowa 3, 55-003 Krzyków
Poland, EU
NIP: PL9730929262
radek@jozefowicz.dev
We are the data controller within the meaning of the EU General Data Protection Regulation (GDPR).
2. The Short Version
We do not collect, store, or transmit your health data. Correlation Lab reads the Apple Health metrics you choose directly on your device, runs every calculation and AI summary locally, and keeps your experiments in on-device storage. Nothing about your health is uploaded to our servers — ever.
3. Data We Process
The table below lists every category of data involved when you use the App.
| Data category | Where it lives | Purpose | Sent to us? |
|---|---|---|---|
| Apple Health metrics you select (sleep, steps, heart rate, HRV, blood pressure, etc.) | Your device | Read locally to compute correlations for the experiments you create | No |
| Experiments, logs & preferences (manual caffeine / readiness / meeting entries, app settings) | Your device | Stored on-device (MMKV) so your lab notebook persists between sessions | No |
| AI-written summaries of your experiments | Your device | Generated on-device using Apple Intelligence; optionally via your own externally-configured AI provider (opt-in, see §5) | No (unless you opt in to bring your own provider) |
| CSV export of your experiments | Your device | Generated on demand and shared only through the destination you choose (Files, Mail, AirDrop, etc.) | No |
| Purchase receipt / entitlement status | Apple & RevenueCat | Verifies whether Correlation Lab Pro has been purchased or restored | Via Apple / RevenueCat only |
| Crash & diagnostic data | Apple (opt-in) | If you have opted in to share diagnostics with developers in iOS Settings, Apple may share anonymised crash reports with us | Via Apple only |
4. Apple Health Access
The App requests read-only permission to Apple HealthKit, scoped to exactly the metric categories needed for the experiment you're setting up — never more. This permission is granted through the standard iOS permission dialogue and can be reviewed or revoked at any time in Settings → Privacy & Security → Health → Correlation Lab.
We never request write access. Correlation Lab never modifies, deletes, or adds records to Apple Health.
5. On-Device AI & Bring-Your-Own Provider
By default, plain-English explanations of your experiments are generated entirely on-device using Apple Intelligence — your data never has to leave your phone to be summarised.
If you choose to, you may optionally connect your own external AI provider for deeper analysis. This is strictly opt-in and configured by you, with your own credentials. If you enable it, the relevant experiment data is sent directly from your device to the provider you selected, under that provider's own privacy policy and terms — not ours. You can disable this at any time in Settings.
6. Export & Deletion
You can export any experiment as a CSV file at any time, and choose exactly where it goes (Files, Mail, AirDrop, third-party apps, etc.) — we have no visibility into, or control over, what happens to it after that point.
You can permanently delete any experiment, log, or all app data from within Correlation Lab itself, or remove everything at once by deleting the App from your device.
7. Third-Party Services
RevenueCat — We use RevenueCat to process and verify in-app purchases and subscriptions. RevenueCat receives your Apple purchase receipt and a device-level anonymous identifier. No health data is shared with RevenueCat. See their privacy policy at revenuecat.com/privacy.
Apple App Store — Purchases, subscriptions, and crash reporting go through Apple's infrastructure under Apple's privacy policy.
Optional external AI providers — Only used if you explicitly opt in and configure your own provider, as described in §5.
8. Children's Privacy
Correlation Lab is not directed at children, and we do not knowingly collect data from children under 13 (or the relevant minimum age in your jurisdiction). If you believe a child has used the App in a way that concerns you, please contact us and we will take appropriate steps.
9. Your Rights Under GDPR
Because we do not collect personal or health data on our servers, most GDPR rights (access, erasure, portability) are satisfied by the simple fact that all of your data remains on your device, under your control, and can be exported or deleted at any time directly within the App.
Regarding purchase data held by RevenueCat or Apple, you may contact us and we will forward your request to the relevant processor.
You have the right to lodge a complaint with the Polish data protection authority (UODO) at uodo.gov.pl or with the supervisory authority in your EU member state.
10. Data Retention
All data created by the App (experiments, logs, settings, cached results) lives in on-device storage and is removed when you delete it within the App, or when you uninstall the App entirely. We do not retain any personal or health data on our own servers.
11. Security
Because no health data is transmitted over the network by default, the primary security boundary is your device itself. We recommend keeping iOS up to date and using a device passcode or biometric lock.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page, and for material changes we will include a notice in an App update. Continued use of the App after changes are posted constitutes acceptance.
13. Contact & Data Requests
For any privacy-related questions or GDPR requests, contact us at:
r6lab Radoslaw Jozefowicz
ul. Akacjowa 3, 55-003 Krzyków
Poland, EU
NIP: PL9730929262
radek@jozefowicz.dev
We aim to respond to all inquiries within 30 days.