Privacy Policy

CoherenceIQ · Deep Dive Consulting LLC · Effective Date: April 22, 2026

This Privacy Policy describes how Deep Dive Consulting LLC ("we," "us," or "our") collects, uses, and protects your information when you use the CoherenceIQ mobile application and website (collectively, the "Service"). We handle personal data, including health and biometric data, with care and in accordance with applicable law.

1. Information We Collect

Account Information. When you sign in with Apple, we receive your name and email address. If you choose Apple's "Hide My Email" relay, we receive a private relay address. We store this information to authenticate you and personalize your experience.

Biometric and Health Data. The Service uses compatible Bluetooth sensors (for example, a Polar H10 chest strap, a Polar Verity Sense armband, or a Muse S EEG headband) to measure cardiac and brainwave activity during meditation. See Section 2 for important details.

Apple Health Data. If you grant permission, we read sleep duration and deep sleep percentage to provide context for session scoring. We also read self-reported sleep quality and stress level if you enter them before a session.

Session Data. We store records of your meditation sessions, including duration, timestamps, session scores, skill measurements, and progress over time.

Meditation Audio and Transcripts. When you import a meditation audio file into the Service, the file is transcribed so the Service can identify which coherence skills the meditation asks you to practice in each phase. These skill phases are what the Service uses to score your effectiveness during each phase of a session. Transcription is performed on a secure server by OpenAI (see Section 6); audio is not retained after transcription.

Usage Data. We collect information about how you use the Service, including features accessed and app performance data, to improve the Service.

2. Biometric and Health Data — Special Category Notice

Important. CoherenceIQ collects and processes biometric identifiers and health-related data. Under the EU General Data Protection Regulation (GDPR) Article 9 and the UK Data Protection Act 2018, this is "special category" data. Under Illinois, Texas, Washington, and other U.S. biometric privacy laws, it is "biometric information." We process this data on the basis of your explicit consent, given when you create an account and begin sessions.

Raw EEG waveforms and raw cardiac waveforms are processed locally on your device during sessions and are not transmitted to our servers.
Derived metrics (HBCI scores, HRV values, coherence scores, skill scores, band power levels) are stored in our secure cloud database to power your progress tracking.
We do not sell, lease, trade, or profit from your biometric or health data. We do not use it for advertising, and we do not share it with advertising or data-broker networks.
We share derived data only with the sub-processors listed in Section 6, each solely for the purpose of providing the Service.
Biometric-derived data is permanently deleted upon account deletion. To request deletion, use Settings → Delete Account within the App or contact us at privacy@coherenceiq.app.
You may withdraw consent at any time by deleting your account; withdrawal does not affect the lawfulness of processing prior to withdrawal.

By using CoherenceIQ, you provide your explicit consent to the collection and processing of biometric and health data as described in this policy.

3. How We Use Your Information

Provide, operate, and personalize the Service.
Score your sessions and generate feedback on your practice.
Identify skill phases from imported meditation audio so your session data can be scored in context.
Process subscription payments via the app store.
Provide customer support.
Improve Service performance and reliability.
Comply with legal obligations.

4. Session Scoring and Feedback

The Service uses computed metrics (HBCI scores, HRV coherence values, brainwave band power levels, phase scores, session duration, and skill measurements), optional self-reported sleep and stress inputs, HealthKit sleep summary data (total hours and deep sleep percentage, if enabled), and meditation metadata (name, blueprint phases, instruction context) to produce your session feedback.

Raw biometric waveforms are never transmitted to third parties. Only computed scores and metrics are sent to sub-processors, and only as needed to provide the Service.

Some Service features use third-party AI models (see Section 6). Those providers do not use your data to train their models.

5. Data Storage and Security

Your data is stored using Supabase, a SOC 2 compliant platform with infrastructure in the United States. Data is encrypted in transit using TLS and encrypted at rest. We follow industry-standard security practices, including row-level security, least-privilege access controls, and multi-factor authentication for administrative access.

6. Sub-Processors

We use the following service providers to operate the Service. Each has its own privacy policy, which governs its use of data it receives from us.

Provider	Purpose	Data category
Supabase (US)	Database, authentication, file storage	Account, session, health (derived)
Anthropic (US)	AI-assisted features	Session metrics, profile summaries (no raw waveforms)
OpenAI (US)	Audio transcription (skill-phase mapping); embeddings	Imported meditation audio; text embeddings
Resend (US)	Transactional email (welcome, account recovery)	Email address, first name
Sentry (US)	Error reporting and crash diagnostics	Technical diagnostic data, no biometric waveforms
RevenueCat (US)	Subscription management and entitlement checks	Anonymous user ID, subscription status
Apple (US)	Sign In with Apple; App Store payments; HealthKit	Name, email, subscription, HealthKit read scopes you authorize
Vercel (US)	Website and API hosting	Request metadata, standard server logs

7. International Data Transfers

Our sub-processors are located in the United States. If you use the Service from the European Economic Area, the United Kingdom, or another jurisdiction outside the United States, your personal data will be transferred to and processed in the United States. Where required, these transfers are governed by the European Commission's Standard Contractual Clauses (SCCs) incorporated into our agreements with our sub-processors, or by equivalent mechanisms recognized under applicable law.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, or as required by law.

Account and profile data — for as long as your account exists; permanently deleted within 30 days of account deletion.
Session and biometric-derived metrics — for as long as your account exists; permanently deleted within 30 days of account deletion.
Imported meditation audio — retained only as long as needed to produce transcripts and skill blueprints; the audio file can be deleted by you from the library at any time.
Error logs — 90 days maximum.
Email logs (Resend) — per the retention policy of the provider; no more than 30 days of delivery metadata is accessible to us.

9. Your Rights

You have the right to access, correct, delete, or export your personal data, and the right to restrict or object to processing, at any time.

Residents of the European Economic Area and the United Kingdom additionally have the right to lodge a complaint with a supervisory authority. Residents of California, Illinois, Texas, Washington, and other U.S. states with applicable privacy laws have the rights afforded by those laws, including the rights specific to biometric information.

To exercise any right, contact us at privacy@coherenceiq.app. We will respond within the timelines required by applicable law.

10. Children

CoherenceIQ does not set a minimum age for use, because meditation is beneficial at any age. We do not run third-party advertising networks, we do not sell personal data, and we do not use personal data for behavioral advertising. If you are a parent or guardian of a minor who uses the Service, you may contact us at any time to review, correct, or delete that minor's personal data. If you believe we have collected data from a child in a manner that does not comply with applicable law, please contact us and we will respond promptly.

11. Not a Medical Service

CoherenceIQ is a wellness and biofeedback product for self-awareness and practice tracking. It does not diagnose, treat, cure, or prevent any medical condition. The Service is not a substitute for professional medical advice, diagnosis, or treatment. If you have a medical concern, consult a qualified healthcare provider.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy with a new effective date and, where changes are material, notify you in-app or by email. Continued use of the Service after a change constitutes acceptance of the updated policy.

13. Contact Us

Deep Dive Consulting LLC
Privacy: privacy@coherenceiq.app
Data Protection contact (EU/UK inquiries): privacy@coherenceiq.app