Privacy

Privacy Policy

Last updated: 14 May 2026 · Effective: 14 May 2026

Elixira is developed and operated by Hyperture Technologies. This Policy explains what personal data we collect, why we collect it, who we share it with, and the rights you have over it. We've written it in plain English — where the law requires technical terms, we explain them.

The short version

If you don't want to read all of this — here's the essence:

We collect what we need to run the app — your email, name, date of birth, lifestyle answers, habits, goals, journals, and check-ins. Nothing more.
We never sell your data. Ever. We don't use advertising trackers.
We share data only with technical providers that help run the app — Supabase (database), Anthropic (AI Coach), RevenueCat (subscriptions), OneSignal (notifications), Resend (password emails), and Google Play (billing).
You can delete your account and all your data at any time from the Me screen in the app.
You must be 18 or older to use Elixira.
Reach us anytime at privacy@elixira.app.

Who we are

Elixira (the "App", "we", "us", "our") is developed and operated by Hyperture Technologies ("the Company"). We are the data controller for the personal data processed through the App.

We take privacy seriously. This Policy covers the Elixira mobile application and the elixira.app website. It applies to users worldwide, including users in the United States, the United Kingdom, and the European Union.

Privacy contact

For any privacy-related matter, contact us at:

Email: privacy@elixira.app
General support: support@elixira.app

What personal data we collect

Data you provide when creating an account

Email address and password (encrypted — we never see it in plain text)
Name — used to personalise your experience
Date of birth — used to calculate your life expectancy
Biological sex — used for baseline life expectancy calculations
Profile photo — optional

Data you provide during onboarding

Lifestyle answers — sleep, exercise, nutrition, stress, social connection, sense of purpose, alcohol use, and substance use
Regrets you'd like to avoid, life priorities, and life-area satisfaction scores
Your reason for using Elixira
Coach mode preference (Gentle or Reality)
Notification preferences

Data created as you use the app

Habits, goals, and bucket list items you create or edit
Daily check-in entries (mood, energy, stress, sleep — scored 1–10)
Reality Check entries (hours spent on activities)
Journal entries
Habit completions, streaks, and weekly scores
Life expectancy adjustments you make manually

Data collected automatically

Device push notification token — so we can deliver notifications via OneSignal
App version, device type, and operating system — for debugging and compatibility
Anonymised subscription receipts — via Google Play and RevenueCat

Sensitive data

Some data we collect relates to your health and wellbeing — including lifestyle answers and check-in scores. Under applicable privacy laws (including the UK GDPR and EU GDPR), this is classified as sensitive personal data. We process it only with your explicit consent, given when you complete onboarding and continue using the App. You can withdraw consent at any time by deleting your account.

What we do not collect

Government ID numbers (Social Security, National Insurance, passport numbers, etc.)
Bank account or credit card details — payments are handled entirely by Google Play
Location or GPS data
Contacts, microphone, or camera access — except when you explicitly upload a profile photo
Advertising identifiers or cross-app tracking data

Why we collect this data and our legal basis

Purpose	Data used	Legal basis
Account creation and sign-in	Email, password, name	Performance of contract
Calculating life expectancy and countdown	DOB, biological sex, lifestyle answers	Contract + explicit consent for sensitive data
Generating AI Coach insights	Profile snapshot, recent activity stats	Contract + explicit consent
Tracking habits, goals, and bucket items	Items you create + completion history	Performance of contract
Sending push notifications	Device token, name	Consent (chosen during onboarding)
Sending password reset emails	Email address	Performance of contract
Managing your subscription	Anonymised user ID, purchase events	Performance of contract
Improving and debugging the App	Crash logs, device type, app version	Legitimate interest
Legal compliance	Account records	Legal obligation

Who we share your data with

We never sell your data and never share it for advertising. We share data only with the technical providers who help us operate the App. Each is contractually bound to process your data only on our instructions.

Provider	Purpose	Data shared	Location
Supabase	Authentication and database	Account data, profile, all in-app entries	USA / EU
Anthropic (Claude API)	AI Coach insights	Profile snapshot, current stats, recent activity	USA
RevenueCat	Subscription management	Anonymised user ID, purchase events	USA
OneSignal	Push notifications	Device token, name	USA
Resend	Password reset emails	Email address only	USA / EU
Google Play	App distribution and billing	Subscription receipts, anonymised user ID	Global
Expo / EAS	App build infrastructure	No runtime user data	USA

Legal requests

We may disclose your data where required by law — for example, in response to a valid court order or government request. Where legally permitted, we will notify you before disclosing.

International data transfers

Some of our service providers are located in the United States. When we transfer personal data internationally, we ensure appropriate safeguards are in place:

For UK and EU users — transfers to the US are protected by Standard Contractual Clauses (SCCs) approved by the European Commission and the UK ICO.
For all users — we contractually require overseas processors to maintain data protection standards equivalent to our own.
Your consent — by using the App after reading this Policy, you acknowledge these transfers.

How long we keep your data

Data type	Retention
Account data (email, name, DOB, profile)	Active account lifetime + 30 days after deletion
In-app entries (habits, goals, journal, check-ins)	Same as above
AI Coach prompt data (with Anthropic)	Up to 30 days per Anthropic's policy — not used for model training
Subscription and billing records	7 years (financial compliance requirement)
Crash and error logs	90 days
Database backups	Rolling 30-day cycle

How we protect your data

Encryption in transit — all data transfers use TLS / HTTPS
Encryption at rest — all data stored with Supabase is encrypted at the database level
Password security — passwords are hashed using industry-standard methods and never stored in plain text
Access controls — only essential personnel have access to production systems
Breach response — in the event of a data breach likely to cause harm, we will notify affected users and the relevant supervisory authority within 72 hours

No system is perfectly secure. While we apply industry-standard protections, we cannot guarantee absolute security. You use the App at your own risk.

Your privacy rights

For users in the United States

Depending on your state, you may have rights under the California Consumer Privacy Act (CCPA/CPRA) or similar state laws:

Right to know what personal information we collect and how we use it
Right to delete your personal information
Right to correct inaccurate information
Right to opt out of sale or sharing — we do not sell or share your data for advertising. This right has nothing to apply to.
Right to non-discrimination for exercising any privacy right

For users in the UK and EU

Under the UK GDPR and EU GDPR, you have the right to:

Access, rectify, erase, restrict, or port your personal data
Object to processing based on legitimate interests
Withdraw consent at any time (without affecting prior processing)
Lodge a complaint with your local supervisory authority

How to exercise your rights

Most controls are available directly in the App:

Access and edit — your data is visible and editable in the Me screen
Delete — Me screen → Delete My Account removes all data within 30 days

For anything else, email privacy@elixira.app. We respond within 30 days (UK/EU GDPR) or 45 days (US state laws).

Children's data

Elixira is for users aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a child has provided us with personal data, contact privacy@elixira.app and we will delete it promptly.

AI-generated content

The AI Coach uses Anthropic's Claude API. When generating insights, a snapshot of your profile and recent activity is sent to Anthropic for processing.

Anthropic does not use API data to train its models
Prompt data is retained by Anthropic for up to 30 days for safety monitoring, then deleted
See Anthropic's privacy practices at anthropic.com/legal/privacy

Cookies and tracking

The elixira.app website does not use advertising cookies, tracking pixels, or third-party analytics. The only external resource loaded is Google Fonts for typography.

The Elixira app does not contain advertising trackers or cross-app fingerprinting. The only device identifier used is the OneSignal push notification token.

Changes to this Policy

We may update this Policy from time to time. For material changes we will notify you by in-app message or email. Continued use of the App after an update constitutes acceptance. Previous versions are available on request.

Supervisory authorities

If you're unsatisfied with how we handle your data, you can lodge a complaint with a supervisory authority:

United Kingdom — Information Commissioner's Office (ICO): ico.org.uk
United States — California Privacy Protection Agency: cppa.ca.gov
European Union — your local national data protection authority

Contact us

For any privacy question or data request:

Privacy: privacy@elixira.app
Support: support@elixira.app
Company: Hyperture Technologies

We acknowledge all requests within 5 business days and resolve them within 30 days.