Privacy Policy

1. Introduction

This Privacy Policy explains how the Solara application ("Solara", "the App", "we", "us", or "our") collects, uses, and protects your information when you use our mobile and web applications on iOS, Android, and web (collectively, the "Services").

Solara is designed with privacy by default. The App is architected so that your circadian, sleep, and WHOOP-derived data are stored primarily on your personal device and are not uploaded to Solara-controlled servers unless explicitly stated in this Policy.

By using Solara, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the App.

2. About Solara

Solara helps users optimize their daily routines based on their circadian rhythm. The App:

Uses your GPS location to calculate solar times (sunrise, sunset, and solar noon).
Tracks sleep data (bedtime, wake time, sleep quality), either entered manually or imported from WHOOP (with your explicit consent).
Tracks HRV (heart rate variability) and related recovery metrics, entered manually or imported from WHOOP.
Provides light exposure guidance, analysis, and educational content about circadian biology and health.

Solara is a wellness and educational tool and is not a medical device. It does not provide medical diagnosis or treatment and is not intended to replace professional medical advice.

3. Information We Collect

Solara is designed to minimize the collection and external transmission of personal data. This section describes the categories of information the App processes.

3.1 GPS Location

What we access: Approximate or precise GPS location from your device.
How it is used: To calculate local solar times (sunrise, sunset, solar noon) and generate circadian-aligned schedules.
Storage and sharing:
- Location data is used in real time to compute solar times.
- Location data is not stored on Solara-controlled servers.
- Location data is not shared with third parties for advertising or analytics.
- On your device, the operating system may temporarily cache this information as part of normal device operation.

You can disable location permissions at any time in your device settings. However, some features may not function correctly without access to location data.

3.2 Sleep Data

What we collect: Bedtime and wake time, sleep duration and sleep timing, self-reported or WHOOP-derived sleep quality or recovery metrics.
How we collect it: Manually entered by you in the App, and/or imported from WHOOP via the WHOOP API with your explicit authorization.
Storage and sharing:
- Sleep data is stored locally on your device (and, if applicable, within your browser's local storage when using the web app).
- Solara does not store your sleep data on Solara-controlled servers.
- Solara does not sell, rent, or share your sleep data with third parties for advertising or marketing.

3.3 HRV and Recovery Data

What we collect: HRV (heart rate variability) metrics and related recovery indices that may be exposed via WHOOP's recovery endpoints.
How we collect it: Manually entered by you in the App, and/or imported from WHOOP via the WHOOP API with your explicit authorization.
Storage and sharing:
- HRV and recovery data are stored only on your device (and/or browser local storage).
- Solara does not store HRV or recovery data on Solara-controlled servers.
- Solara does not sell, rent, or share HRV or recovery data with third parties for advertising or marketing.

Solara only accesses WHOOP data necessary to support the App's features: sleep and recovery/HRV-related data. The App does not request or access other WHOOP data categories that are not needed for these purposes.

3.4 WHOOP OAuth Tokens and Credentials

What we store: WHOOP OAuth access tokens and refresh tokens required to securely access WHOOP APIs on your behalf.
Where they are stored: Tokens are stored locally on your device in secure storage mechanisms provided by the operating system (e.g., iOS Keychain, Android Keystore, or equivalent secure storage) or secure browser storage for the web app. Solara does not store WHOOP tokens on Solara-controlled servers.
Use of tokens: Tokens are used solely to access your WHOOP data (sleep and recovery/HRV) as authorized by you. Tokens are not shared with third parties, sold, or used for advertising.

3.5 Notification Preferences

What we store: Your preferences for reminders and notifications (e.g., preferred times for circadian prompts, whether certain notifications are enabled or disabled).
Where they are stored: Notification preferences are stored locally on your device and/or within your browser's local storage.
Use: Used only to deliver in-app and push notifications according to your chosen settings.

3.6 Automatically Collected Technical Data (Limited)

To operate and secure the App, certain minimal technical information may be processed, such as:

Basic device and app information (e.g., device type, OS version, app version).
Basic diagnostic or crash information (e.g., error codes, logs), which may be processed by your device's operating system or app store provider (Apple App Store, Google Play, or browser).

Solara does not build user profiles for advertising and does not use third-party advertising SDKs to track you across apps or websites.

4. How We Use Your Information

Solara uses your information primarily on your device to deliver wellness and circadian-related features. Specifically, Solara uses your information to:

Calculate and display personalized circadian schedules based on your location and sleep/HRV data.
Provide insights, charts, and trends related to your sleep, HRV, and circadian alignment.
Offer educational content, guidance, and suggestions about light exposure and daily routines.
Send you notifications and reminders according to your preferences (e.g., suggested wake times, light exposure windows, or wind-down routines).
Maintain and improve the App, including debugging and ensuring security and performance.

Solara does not use your personal data for targeted advertising, behavioral advertising, or selling your information.

5. WHOOP Integration

Solara integrates with the WHOOP API using OAuth 2.0 to allow you to import your WHOOP data into Solara with your explicit consent.

5.1 What WHOOP Data We Access

With your authorization, Solara may access the following WHOOP data, subject to the scopes you approve:

Sleep data: Sleep sessions, timing, and related quality or performance indicators.
Recovery/HRV data: HRV values and recovery-related metrics that WHOOP makes available via its API and that are relevant to circadian and health tracking.

Solara does not access or request WHOOP data outside what is necessary for sleep and recovery/HRV-related features.

5.2 Storage of WHOOP Data

WHOOP-derived data imported into Solara (sleep and recovery/HRV metrics) is stored only on your device in the App's local storage or secure storage.
Solara does not copy your WHOOP data to Solara-controlled servers.
Solara does not create separate databases of WHOOP data for resale, advertising, or unrelated analytical purposes.

5.3 Use of WHOOP Data

Solara uses WHOOP data solely to:

Display your sleep and recovery/HRV trends.
Generate circadian-aligned recommendations and insights.
Provide visualizations, scores, or suggestions that help you understand your recovery and sleep in a circadian context.

WHOOP data is not sold, rented, or shared with third parties. It is not used for marketing, user profiling for ads, or any other purpose beyond delivering and improving the Solara features you use.

5.4 Revoking WHOOP Access

You may revoke Solara's access to your WHOOP data at any time:

Within Solara: Use the integration or account settings in the App to disconnect your WHOOP account. This revokes use of existing tokens on your device.
Via WHOOP: You can revoke Solara's access in your WHOOP account settings (for example, through the WHOOP app or WHOOP's account/portal settings), which will invalidate Solara's OAuth tokens.

Once disconnected, Solara will no longer be able to fetch new data from WHOOP. Previously imported WHOOP data stored on your device will remain on your device until you manually delete it (e.g., via in-app data deletion options or by uninstalling the App).

6. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), the United Kingdom, and other regions with similar data protection laws, Solara relies on the following legal bases under the General Data Protection Regulation (GDPR):

Consent: For accessing WHOOP data via OAuth authorization; for accessing your device's location (GPS); for sending certain push notifications and reminders, where consent is required.
Legitimate Interests: To provide and improve core App functionality, such as basic analytics entirely on-device, debugging, and security, in a way that does not override your fundamental rights and freedoms.

You may withdraw your consent at any time (for example, by disabling WHOOP integration, turning off location access, or updating notification permissions). Withdrawing consent will not affect the lawfulness of processing prior to withdrawal.

7. Data Retention and Deletion

7.1 Retention on Your Device

Because Solara is primarily device-centric, most of your data is stored on your device and retained there until you:

Delete or reset data within the App (where such options are provided), and/or
Uninstall the App from your device, and/or
Clear your browser data (for the web app).

Solara does not maintain centralized user profiles or long-term databases of your health data on Solara-controlled servers.

7.2 Deletion Controls

You can manage and delete your data in several ways:

Within the App (where available): Reset or clear specific data sets (e.g., sleep logs, HRV logs) via in-app settings or account options.
On your Device: Uninstalling the App from your device will typically remove locally stored Solara data from that device. Clearing browser data may delete local storage used by the web app.
WHOOP Data: Disconnecting Solara from WHOOP stops further data imports. You may also manage or delete your WHOOP data directly with WHOOP, subject to WHOOP's own privacy policy and data rights.

Please note that your device's operating system or backup services (e.g., iCloud, Google backups, cloud backups) may retain copies of App data as part of their normal operation. These are governed by their respective privacy policies, not by Solara.

8. Data Sharing and Sale of Personal Data

Solara does not sell your personal data, including health, sleep, HRV, location, or WHOOP-derived data.
Solara does not share your WHOOP data with third parties for advertising, marketing, or unrelated analytics.
Solara may use trusted third-party services solely to support technical operations (e.g., error reporting tools, app store distribution). Such services, if used, are restricted to processing only what is necessary to provide those services and are subject to appropriate data protection safeguards.

For users covered by the California Consumer Privacy Act (CCPA), Solara confirms that it does not "sell" or "share" personal information as those terms are defined under CCPA.

9. Security

Solara takes the protection of your data seriously and implements reasonable and appropriate technical and organizational measures to safeguard your information, including:

Using operating-system-level secure storage (e.g., Keychain, Keystore) where applicable for sensitive data such as WHOOP OAuth tokens.
Restricting WHOOP API access to the minimum scopes necessary for sleep and recovery/HRV features.
Encouraging industry-standard secure communication protocols (e.g., HTTPS/TLS) when exchanging data with WHOOP's APIs.
Designing the App to minimize server-side storage of health data and WHOOP data.

Despite these measures, no method of transmission or electronic storage is completely secure. Absolute security cannot be guaranteed. You are also responsible for maintaining the security of your device and any passwords or access codes associated with it.

10. International Data Considerations

Because Solara is primarily device-based and does not routinely transfer your health data to Solara-controlled servers, cross-border data transfers of your health data by Solara are limited. However:

Your app store provider (Apple, Google) and WHOOP may process data on servers located in various jurisdictions as described in their own privacy policies.
If Solara in the future operates servers or services that process personal data across borders, Solara will implement appropriate safeguards (such as Standard Contractual Clauses or equivalent mechanisms) in accordance with applicable law.

11. Your Rights

11.1 Rights Under GDPR (EEA/UK and Similar Jurisdictions)

If you are in the EEA, UK, or a jurisdiction with similar laws, you may have the right to:

Access: Request confirmation of whether Solara processes your personal data and obtain a copy of such data under Solara's control (if any).
Rectification: Request correction of inaccurate or incomplete personal data.
Erasure: Request deletion of personal data, subject to applicable legal obligations. For data stored only on your device, you may need to delete it through the App or uninstall the App.
Restriction: Request limitation of processing under certain conditions.
Portability: Request that certain data you have provided be made available in a machine-readable format or transmitted to another controller, where technically feasible.
Objection: Object to processing based on legitimate interests, including profiling (if any).
Withdraw Consent: Withdraw consent at any time for processing activities that rely on consent (e.g., WHOOP access, location, notifications).

To exercise these rights, please contact us using the details in the "Contact Us" section below. Some rights may be exercised directly on your device or within the App.

11.2 Rights Under CCPA (California)

If you are a California resident, you may have the right to:

Know: Request information about the categories and specific pieces of personal information collected about you by Solara (to the extent held by Solara and not solely on your device).
Delete: Request deletion of personal information that Solara holds about you, subject to legal exceptions.
Correct: Request correction of inaccurate personal information.
No Sale/No Sharing: Be informed that Solara does not sell or share your personal information for cross-context behavioral advertising.
Non-Discrimination: Be free from discrimination for exercising any of your CCPA rights.

Because Solara is designed to store most data on your device and minimize server-side processing, the personal information that Solara directly controls may be limited. You may still need to manage much of your data directly on your device through App settings or by uninstalling the App.

12. Children's Privacy

Solara is not intended for children under 13 years of age, and the App does not knowingly collect personal data from children under 13.

If you are under 13, you must not use Solara or provide any personal information in the App.
If we become aware that Solara has inadvertently collected personal data from a child under 13, we will take reasonable steps to delete such information to the extent that it is under our control and instruct the parent or guardian on how to remove App data from the device.

If you believe that a child under 13 has used Solara or provided personal data, please contact us using the information in the "Contact Us" section.

13. Changes to This Privacy Policy

Solara may update this Privacy Policy from time to time to reflect changes in:

App features and functionality
Legal or regulatory requirements
Industry practices and standards

When we make material changes, we will:

Update the "Effective Date" and "Last Updated" dates at the top of this Policy; and
Provide reasonable notice within the App or via other appropriate means, where required by law.

Your continued use of Solara after any changes to this Privacy Policy indicates your acceptance of the updated Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or Solara's data practices, please contact:

Developer/Company Name: drMAWZ

Email: gmfrom.drmawz@gmail.com

Please indicate in your communication that your inquiry relates to "Solara - Privacy Policy" so it can be handled appropriately.