Privacy Policy

Last Updated: January 2026

1. Introduction

NexFlow Inc. ("we", "us", or "our") operates the NexFlow mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

By using NexFlow, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the App.

2. Information We Collect

We collect the following types of information:

  • Personal Information: Email address (if provided for account restoration or subscriptions)
  • Health & Fitness Data: Sleep patterns, heart rate, activity levels, steps, workouts, energy levels, mood, stress, focus, and other biometric data you choose to track or sync from Apple Health or connected services like Dexcom
  • User-Generated Content: Experiment notes, findings, supplement logs, food logs, voice recordings, and chat messages with our AI assistant
  • Device Information: Device type, operating system, unique device identifiers, and app usage analytics
  • Payment Information: Processed securely by Apple (App Store) or Stripe; we do not store your payment card details

3. Third-Party Services & Data Sharing

We integrate with and may share data with the following third-party services:

  • Apple Health (HealthKit): We read health data you authorize (sleep, heart rate, steps, workouts) to provide personalized insights. IMPORTANT: We do not sell HealthKit data or use it for advertising. HealthKit data is never shared with third parties for marketing or advertising purposes.
  • OpenAI: Your chat messages and health summaries may be sent to OpenAI's API to generate personalized AI insights. OpenAI processes this data according to their privacy policy. We minimize personally identifiable information sent to OpenAI.
  • Dexcom: If you connect Dexcom, we access your glucose data to track metabolic health and provide experiment insights.
  • Apple Speech Recognition: If you use voice logging, your speech is processed by Apple's on-device and cloud speech recognition services.
  • Stripe / Apple App Store: Payment processing is handled by Stripe or Apple. Your payment information is sent directly to these services and governed by their respective privacy policies.
  • Supabase: We may use Supabase for secure cloud storage of account-related data.

We do not sell your personal information to third parties.

4. Data Storage & Security

Your data is primarily stored locally on your device using iOS secure storage mechanisms. Some data may be transmitted to third-party services as described above for the purpose of providing app functionality.

We implement appropriate technical and organizational measures to protect your data. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You may delete your data at any time through the App's settings (Profile > Delete Account & Data).

Upon deletion, your locally stored data is permanently removed. Data previously sent to third-party services is subject to their respective retention policies.

6. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Delete your account and all associated data
  • Portability: Export your data (available in app)
  • Withdraw Consent: Disconnect third-party services or revoke HealthKit access at any time through iOS Settings

To exercise these rights, contact us at arjundixit@nexflowinc.com

7. Children's Privacy

NexFlow is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

8. California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, request deletion, and opt-out of sale of personal information. We do not sell personal information.

9. International Users (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). Our legal basis for processing is your consent (which you provide by using the App) and legitimate interests in providing our services.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the App or on our website. Your continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at: arjundixit@nexflowinc.com