Privacy Policy

Attuned Labs LLC

Effective Date: April 10, 2026 | Last Updated: April 10, 2026

Attuned Labs LLC ("Company," "we," "us," or "our") operates the Follie mobile application (the "App"). This Privacy Policy describes how we collect, use, and protect your information when you use the App. By using Follie, you consent to the practices described in this Privacy Policy.

This Privacy Policy should be read in conjunction with our Terms of Service and End User License Agreement.

Follie offers two modes of use: Guest mode (no account required, all data stored locally on your device) and Signed-in mode (optional account via Sign in with Apple or Sign in with Google, with cross-device sync). This Privacy Policy describes data practices for both modes.

1. Information We Collect

1.1 Guest Mode (No Account)

Follie does not require you to create an account. If you choose to use the App without signing in, we do not collect your name, email address, phone number, mailing address, or any other personal contact information. There is no login, registration, or sign-up process required. All data you enter remains stored locally on your device and is never transmitted to our servers or to any third party.

1.2 Signed-In Mode (Optional Account)

You may optionally create an account using Sign in with Apple or Sign in with Google. We do not offer email-and-password registration. Attuned Labs never collects, stores, or has access to your Apple or Google password.

When you sign in, we receive and store the following information from your authentication provider:

We do not receive or store your authentication provider password, payment information, contacts, or any other data from your Apple or Google account beyond what is listed above.

1.3 Clinical Data You Enter

Guest users: All clinical data you enter (patient parameters, generated plans, case logs, calculator inputs, drug references, quick handoff notes) is stored locally on your device. This data is never transmitted to our servers or to any third party.

Signed-in users: If you are signed in, certain clinical data — including generated anesthetic plans, case logs, and favorites — is synced to our cloud database (Supabase, hosted on Amazon Web Services) to enable cross-device access. The App de-identifies clinical data before sync; no patient names, medical record numbers, dates of birth, or other direct patient identifiers are transmitted or stored on our servers. You may continue to use the App's clinical features without signing in, in which case all data remains local.

1.4 Information Collected Automatically

Device and App Information. The App may automatically collect limited technical information, including device type, operating system version, and app version. This information is used solely for ensuring compatibility, delivering over-the-air updates, and diagnosing technical issues.

Crash Reports. The App uses Sentry, a third-party error monitoring service, to collect anonymous crash reports when the App crashes or encounters an error. Crash reports contain technical diagnostic information such as stack traces, device model, and OS version. Crash reports do not contain any clinical data you have entered into the App, and do not contain personally identifiable information. Sentry's privacy practices are governed by Sentry's own privacy policy.

1.5 OCR Scanning

Photos taken or selected for the OCR scanner feature are processed entirely on your device using on-device optical character recognition. Images are never transmitted to our servers, any third-party service, or any external system. No images are stored or retained beyond the scanning session.

1.6 Information We Do NOT Collect

2. How We Use Your Information

On-Device Clinical Features. The App's clinical tools — including calculators, drug references, quick handoff, airway assessment, and other reference features — operate entirely on your device using deterministic, rule-based logic. No clinical data from these features is transmitted to any server, API, or third-party service.

Cross-Device Sync (Signed-In Users Only). If you sign in with an account, your generated plans, case logs, and favorites are synced to our cloud database to enable access across your devices. This synced data is stored securely on Supabase (hosted on Amazon Web Services) with Row Level Security, meaning your data is accessible only to your authenticated account. Guest users' data is never transmitted.

Account Authentication. Your email address and account identifier are used solely to authenticate your identity and associate your synced data with your account. We do not use your email address for marketing, advertising, or any purpose other than account management and essential service communications.

App Updates. We use Expo EAS to deliver over-the-air JavaScript bundle updates to the App. These updates download new application code to your device. No user data or clinical data is transmitted to Expo's servers during this process.

Crash Diagnostics. Anonymous crash report data collected by Sentry is used solely to identify and fix software defects and improve the App's stability. Crash reports do not contain clinical data or personally identifiable information.

Legal Compliance. We may use or disclose information to the extent required by applicable law, regulation, or legal process.

3. Data Storage and Security

3.1 Local Storage (All Users)

Regardless of whether you use Guest mode or Signed-in mode, the App stores data locally on your device using the device's native storage mechanisms. In Guest mode, this is the only location where your data exists.

3.2 Cloud Storage (Signed-In Users Only)

If you sign in, your generated plans, case logs, and favorites are also stored on our cloud database, operated by Supabase and hosted on Amazon Web Services (AWS). Supabase is SOC 2 Type II compliant. All synced data is protected by Row Level Security (RLS), which ensures that each user can only access their own data through authenticated queries. Data is encrypted in transit (TLS) and at rest.

3.3 Device Security

The security of your locally stored data depends on the security of your device. We recommend that you protect your device with a passcode, biometric lock, or other access controls, and keep your device's operating system up to date. If your device is lost, stolen, or compromised, any data stored in the App may be accessible to unauthorized parties.

3.4 Authentication Security

Sign in with Apple and Sign in with Google use industry-standard OAuth 2.0 protocols. Attuned Labs never receives, processes, or stores your Apple or Google password. Authentication tokens are managed securely by Supabase Auth.

4. Data Retention and Deletion

4.1 Local Data

All data stored locally on your device persists until you delete it within the App or uninstall the App. You have full control over your local data at all times. Uninstalling the App from your device permanently removes all locally stored App data.

4.2 Synced Data (Signed-In Users)

If you have signed in, your synced data (plans, case logs, favorites) is stored on our cloud database for as long as your account is active. You may delete individual synced items at any time from within the App.

4.3 Account Deletion

You may delete your account and all associated synced data at any time from within the App's settings. When you delete your account:

4.4 Crash Reports

Anonymous crash report data retained by Sentry is subject to Sentry's own data retention policies and does not contain clinical or personal information.

5. Third-Party Services

5.1 Apple App Store and Google Play Store

The App is distributed through the Apple App Store and Google Play Store. Your purchase of the App is processed entirely by Apple or Google, as applicable. We do not receive or store your payment card information, billing address, or other financial details. Your purchase is governed by the terms and privacy policies of the applicable app store.

5.2 Sign in with Apple and Sign in with Google

If you choose to create an account, authentication is handled by Apple or Google, as applicable. We receive only the limited information described in Section 1.2. We do not receive your password. Apple's "Hide My Email" feature is fully supported, allowing you to sign in without sharing your real email address. These authentication services are governed by Apple's and Google's respective privacy policies.

5.3 Supabase (Cloud Database and Authentication)

For signed-in users, account data and synced clinical data are stored on Supabase, a cloud database platform hosted on Amazon Web Services (AWS). Supabase is SOC 2 Type II compliant. All data is protected by Row Level Security and encrypted in transit and at rest. Supabase's privacy practices are governed by Supabase's own privacy policy. Guest users' data is never transmitted to Supabase.

5.4 Sentry (Crash Reporting)

The App uses Sentry for anonymous crash reporting and error monitoring. Sentry receives only technical diagnostic information (stack traces, device model, OS version, app version). Sentry does not receive clinical data, personal information, or account credentials. Sentry's privacy practices are governed by Sentry's own privacy policy.

5.5 Expo (Over-the-Air Updates)

The App uses Expo EAS to deliver over-the-air updates (JavaScript bundle downloads). When the App checks for or downloads an update, limited technical information (device type, OS version, app version) may be transmitted to Expo's servers. No clinical data or personal information is transmitted. Expo's privacy practices are governed by Expo's own privacy policy.

5.6 RevenueCat (In-App Purchases)

The App includes the RevenueCat SDK for managing in-app purchases. When in-app purchases are available, RevenueCat processes purchase verification and entitlement management through the Apple App Store or Google Play Store. RevenueCat does not receive clinical data, health information, or App content. RevenueCat's privacy practices are governed by RevenueCat's own privacy policy.

5.7 No Other Third-Party Data Sharing

We do not transmit your data to any AI service, analytics platform, advertising network, data broker, or other third party not listed in this section. We do NOT sell, rent, trade, or lease your information to any third party. We do NOT share your data with advertisers.

6. Your Rights

6.1 Guest Users

If you use the App without an account, all data is stored locally on your device and you have complete control over it. You can view, modify, or delete any data within the App at any time. Uninstalling the App permanently removes all App data from your device. Because we do not hold any server-side copy of guest user data, there is no need to submit a data access, correction, or deletion request to us.

6.2 Signed-In Users

If you have an account, you have the right to:

6.3 Data Portability

If you wish to obtain a copy of your synced data, please contact us at attunedlabs@gmail.com with the subject line "Data Export Request."

7. Children's Privacy

The App is intended for licensed healthcare professionals and healthcare professional students who are at least 18 years of age. We do not knowingly collect personal information from individuals under 18 years of age. If you are under 18, you should not use the App.

8. HIPAA Considerations

Attuned Labs LLC is not a "Covered Entity" or "Business Associate" as defined under the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"). The App does not collect, transmit, or store Protected Health Information (PHI).

Guest users: All clinical data entered into the App remains on the user's local device and is never transmitted externally.

Signed-in users: The App de-identifies clinical data before syncing to our cloud database. No patient names, medical record numbers, dates of birth, Social Security numbers, or other direct patient identifiers are transmitted or stored on our servers. The synced data consists of de-identified clinical parameters (such as age, weight, medical history categories, and procedural details) that do not constitute PHI.

Users who are healthcare providers subject to HIPAA are solely responsible for ensuring that their use of the App complies with their own HIPAA obligations. Users should exercise appropriate judgment regarding what information they enter, particularly on shared or unsecured devices. The App's architecture — local-first storage with de-identified cloud sync — is designed to minimize PHI exposure.

9. Geographic Applicability

All clinical content, drug references, dosing guidelines, and clinical protocols provided in the App are based on United States medical standards, guidelines, and regulatory approvals. Drug names, approved indications, dosing ranges, and clinical protocols may differ in other countries. Users outside the United States should verify all information against their local medical standards, institutional protocols, and regulatory requirements.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Privacy Policy on our website and update the "Last Updated" date. Material changes will also be noted in the App's release notes when applicable. Your continued use of the App after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

Attuned Labs LLC
Email: attunedlabs@gmail.com
Website: https://heyfollie.com

For privacy-specific inquiries, please use the subject line: "Follie Privacy Inquiry."

BY USING FOLLIE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY.