Privacy Policy
Effective July 8, 2026 · Last updated July 8, 2026
Perigee reads the overnight signals your Apple Watch already records and explains them to you each morning. Because that means handling sensitive health information, this policy explains — in plain language — exactly what we collect, why, who else touches it, and the control you keep.
The short version. Your Apple Health data is read on your iPhone, compared only to your own baseline, and used to write your morning briefing. It stays on your device unless you choose cloud briefings — and even then only a short, anonymous summary of numbers is sent, used once, and never stored or used to train AI. We never sell your data, never use it for advertising, and never write anything back to Apple Health.
1. Who this policy covers
Perigee (“we”, “us”, “our”) operates the Perigee iOS app and this website, and this policy applies to both. It describes how we handle information about you. If you only browse this website, we collect essentially nothing about you beyond privacy-friendly, cookie-free aggregate traffic measurement.
2. Apple Health (HealthKit) data — the heart of the app
With your explicit permission, Perigee reads the following data from Apple Health. iOS asks you to approve each category separately, and you can change or revoke any of them at any time in Settings → Privacy & Security → Health → Perigee or in the Apple Health app. Perigee requests read-only access — it never writes to, or changes, your Apple Health data.
| What we read | Why |
|---|---|
| Heart rate variability (HRV) | To detect shifts in your nervous system against your own overnight baseline. |
| Resting heart rate & heart rate | To read how your heart behaved overnight relative to your usual range. |
| Wrist temperature (Series 8+) | To surface overnight temperature shifts associated with vasomotor symptoms. |
| Sleep analysis | To describe your night — duration, stages and awakenings — against your baseline. |
| Respiratory rate | Additional overnight context for your morning read. |
| Menstrual flow & cycle notifications | To frame signals in the context of your cycle, where available. |
How your Apple Health data is used
- Computed on your iPhone. The math that turns your readings into a baseline, a deviation and a status word runs locally on your device.
- Only to serve you. It is used solely to generate your morning briefing, your signal panel, your trends, weekly reports and the doctor-ready summary you can export.
- Never for advertising. We do not use Apple Health data — or any health information — for advertising, marketing, or data-mining, and we never sell it. (This is also required by Apple.)
- Never used to train AI. Your health data is not used to train any machine-learning model, ours or anyone else’s.
- Not in iCloud. Health summaries Perigee creates are stored locally and are explicitly kept out of iCloud sync.
3. Information you enter yourself
Symptoms and hormone-therapy (HRT) notes you log are yours. They are stored on your device alongside your signals so Perigee can line them up over time. HRT logging is a context field only — Perigee never recommends starting, stopping, or changing any medication.
4. Optional cloud briefings
Perigee can write your morning briefing entirely on your device. If you opt in to cloud briefings for richer language, here is exactly what happens:
- Perigee sends a short, anonymous summary of computed numbers — for example, “overnight HRV averaged 42 ms, 15% below baseline; sleep broke once around 3 a.m.” It does not send your name, your identity, your raw Apple Health records, or anything you typed.
- The summary is sent encrypted, through our own proxy, to our AI provider (Anthropic) purely to phrase your briefing. It is used once, not stored, and never used for training.
- You can turn this off and stay fully on-device at any time in You → AI & Privacy.
5. Account & sign-in
Perigee is anonymous-first: you can use it without an account. Behind the scenes an anonymous identifier (via Firebase Authentication) lets the app hold your settings and subscription. If you choose to save your account with Sign in with Apple or Google — so it survives a reinstall or new device — we store the opaque account identifier those services return. We do not receive your Apple/Google password, and no Apple Health data is attached to your real-world identity.
6. Subscriptions & payments
Perigee Plus is sold through the Apple App Store. Apple processes your payment — we never see your card details. We use RevenueCat to manage subscription status, keyed to your anonymous app account identifier, so the app knows whether Plus is active. No health data is shared for billing.
7. Diagnostics & product analytics
- Crash reports (Firebase Crashlytics): if the app crashes, we collect a stack trace and basic device state to fix the bug. These reports contain no health data and none of your text.
- Anonymous product analytics (PostHog): we record anonymous, aggregate events (e.g. which screens are viewed, whether onboarding completed) to improve the app. This never includes health data or personal identifiers, and you can opt out in the app.
8. Third parties who process data for us
We share the minimum necessary with the service providers below, each acting on our instructions. None of them receive your raw Apple Health data (the only health-derived data that ever leaves your device is the anonymous cloud-briefing summary, and only if you opt in). None are permitted to use your data for advertising.
| Provider | Purpose | What they receive |
|---|---|---|
| Apple | App distribution, subscriptions, Sign in with Apple | Purchase & account data (per Apple’s policy) |
| Google Firebase | Anonymous auth & crash reporting | Account identifier, crash diagnostics |
| RevenueCat | Subscription management | Anonymous app-account id, subscription status |
| PostHog | Anonymous product analytics | Anonymous, non-health usage events |
| Anthropic (via our proxy) | Writing cloud briefings — only if you opt in | Anonymous summary statistics, used once |
9. How we store and protect your data
Your health data and logs live in an on-device database. iOS encrypts Apple Health data on your device behind your passcode. Perigee deliberately disables iCloud sync for its health store, and all network traffic is encrypted in transit. No system is perfectly secure, but we keep the surface small by design: the less that leaves your phone, the less there is to protect.
10. Retention
On-device data stays until you delete it or remove the app. Anonymous cloud-briefing summaries are not retained after your briefing is written. Diagnostic and analytics data are retained only as long as needed for their purpose. Deleting your account removes the data we hold that is tied to it.
11. Your rights and choices
- Withdraw Health access for any category anytime in iOS Settings/Health.
- Stay fully on-device — decline cloud briefings.
- Export your data (including the doctor-ready PDF) from within the app.
- Delete your account and associated data from within the app (You → Account).
- Opt out of analytics in the app.
Depending on where you live, you may also have rights under the GDPR (EEA/UK) or the CCPA/CPRA (California) — including access, correction, deletion, portability, and the right not to be sold or “shared” for cross-context advertising. We do not sell or share your personal information in that sense. To exercise any right, email [email protected].
12. International data transfers
Some of the service providers in §8 (for example, cloud infrastructure and the AI provider) are based in the United States, so limited, non-health or anonymized data described above may be processed there. Where we transfer data internationally, we rely on appropriate safeguards recognized under applicable law (such as the relevant standard contractual clauses). Your Apple Health data itself is processed on your device.
13. Children
Perigee is intended for adults and is not directed to anyone under 18. We do not knowingly collect data from children.
14. Not a medical device
Perigee is a wellness and self-knowledge companion, not a medical device. It does not diagnose, treat, or prevent any condition, and it does not provide medical advice. Always consult a qualified healthcare professional about your symptoms or any decision about treatment.
15. Changes to this policy
If we make material changes, we’ll update the date above and, where appropriate, notify you in the app. Continued use after an update means you accept the revised policy.
16. Contact
Questions about your privacy or your data? Email us at [email protected]. We read every message.