Privacy Policy

Attuned Labs LLC

Effective Date: March 21, 2026 | Last Updated: March 21, 2026

Attuned Labs LLC ("Company," "we," "us," or "our") operates the Follie mobile application (the "App"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use the App. By using Follie, you consent to the practices described in this Privacy Policy.

This Privacy Policy should be read in conjunction with our Terms of Service and End User License Agreement.

1. Information We Collect

1.1 Information You Provide Directly

Account Information. When you create an account, we collect your email address, display name, professional role (e.g., student, CAA, CRNA, resident, attending), and optionally your program or institutional affiliation.

Clinical Input Data. When you use the AI plan generation feature, you input clinical parameters such as patient demographics (age range, sex, weight, height), medical history categories, current medications by class, allergies, laboratory values, airway assessment data, and planned surgical procedure. You are instructed NOT to include directly identifiable patient information (names, dates of birth, medical record numbers, Social Security numbers, or other direct identifiers).

Case Log Data. If you use the case logging feature, you may input information about clinical cases including date, rotation, procedure name, anesthetic type, techniques used, role, duration, and personal notes.

Personal Notes. You may add personal notes to generated plans, including reflections on clinical performance, attending feedback, and self-assessed difficulty and confidence ratings.

Purchase Information. When you make a purchase, payment processing is handled entirely by the Apple App Store or Google Play Store. We receive a transaction confirmation and RevenueCat transaction identifier but do NOT receive or store your credit card number, bank account information, or other payment instrument details.

1.2 Information Collected Automatically

Usage Data. We collect information about how you use the App, including features accessed, AI plans generated, credits consumed, timestamps, and general interaction patterns.

Device Information. We may collect device type, operating system version, unique device identifiers, and app version.

Crash and Performance Data. We may collect crash logs, error reports, and performance metrics to improve the App's reliability and user experience.

1.3 Information We Do NOT Collect

2. How We Use Your Information

Service Delivery. To generate AI-powered anesthetic plans based on your clinical input data, maintain your account, track your credit balance, and provide App functionality.

AI Processing. Clinical input data is transmitted to Anthropic's Claude API via secure server-side Edge Functions for AI plan generation. Only de-identified clinical parameters are transmitted. See Section 5 for details on third-party data sharing.

Product Improvement. To analyze usage patterns (in aggregate and anonymized form) to improve App features, content, and user experience.

Technical Support. To diagnose and resolve technical issues and respond to user inquiries.

Security. To detect and prevent fraud, unauthorized access, and other harmful activities.

Legal Compliance. To comply with applicable laws, regulations, legal processes, or governmental requests.

Communications. To send you service-related communications such as account confirmations, credit balance alerts, and important updates about the App. We do not send marketing emails without your explicit opt-in consent.

3. Data Storage and Security

3.1 Infrastructure

Your data is stored on Supabase's cloud infrastructure, which provides enterprise-grade security including encryption at rest and in transit (TLS 1.2+), role-based access control, and automated backups. All database tables are protected by Row Level Security (RLS) policies ensuring that users can only access their own data.

3.2 API Key Security

All AI API calls are routed through secure server-side Edge Functions. Your device never has direct access to API credentials. Authentication tokens are managed server-side and are not exposed to the client application.

3.3 Security Measures

We implement reasonable administrative, technical, and physical safeguards designed to protect your information, including:

3.4 No Guarantee

While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee the absolute security of your information.

4. Data Retention

Account Data. We retain your account information for as long as your account is active or as needed to provide you with the App's services. You may request account deletion at any time (see Section 7).

Generated Plans and Case Logs. Your generated anesthetic plans and case logs are retained in your account for as long as your account exists. You may delete individual plans or case logs at any time within the App.

AI Processing Data. Clinical input data sent to the Anthropic Claude API for plan generation is processed in real time and is subject to Anthropic's data retention policies. The Company does not independently retain copies of raw API request/response payloads beyond what is stored as the generated plan in your account.

Cached Templates. The App may cache anonymized, generic procedure templates (not containing any user-specific data) to improve performance and reduce API costs.

Purchase Records. Purchase and credit transaction records are retained for accounting, audit, and legal compliance purposes.

5. Third-Party Data Sharing

5.1 AI Service Provider

Anthropic (Claude API). De-identified clinical input data is transmitted to Anthropic's Claude API to generate anesthetic plans. Anthropic processes this data in accordance with its own privacy policy and data processing terms. No directly identifiable patient information is intentionally transmitted.

5.2 Infrastructure Providers

Supabase. Provides authentication, database hosting, Edge Function execution, and storage.

5.3 Payment Processors

RevenueCat. Manages in-app purchase verification and credit provisioning.

Apple / Google. Process payments through the App Store and Google Play Store.

5.4 Other Disclosures

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others.

We do NOT sell, rent, or lease your personal information to third parties. We do NOT share your data with advertisers.

6. Children's Privacy

The App is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

7. Your Rights and Choices

7.1 Access and Portability

You may access your account information, generated plans, and case logs at any time through the App. You may export generated plans as PDF documents.

7.2 Correction

You may update your account information at any time through the App's settings.

7.3 Deletion

You may request deletion of your account and all associated data by contacting us at attunedlabs@gmail.com. Upon receiving a verified deletion request, we will delete your personal information within thirty (30) days.

8. State-Specific Privacy Rights

8.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA/CPRA, including the right to know, right to delete, right to opt out of sale (we do not sell personal information), and right to non-discrimination.

8.2 Other U.S. State Privacy Laws

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy legislation may have additional rights.

9. HIPAA Considerations

As stated in our Terms of Service, Attuned Labs LLC is not a "Covered Entity" or "Business Associate" under HIPAA. The App is not designed for the storage or transmission of Protected Health Information. Users who are healthcare providers subject to HIPAA are solely responsible for ensuring that their use of the App complies with HIPAA requirements, including by refraining from inputting directly identifiable patient information.

The App's architecture is designed with privacy-by-design principles, including PHI minimization, de-identification guidance, server-side API processing, and Row Level Security. However, these design choices do not create a HIPAA compliance obligation on the part of the Company.

10. Data Breach Notification

10.1 Incident Response

In the event of a security breach that results in the unauthorized access, acquisition, or disclosure of your personal information, the Company will promptly investigate the incident and take reasonable steps to contain and remediate the breach.

10.2 Notification

If we determine that a breach has occurred that is reasonably likely to cause material harm to affected users, we will notify affected users without unreasonable delay and in accordance with applicable state and federal breach notification laws, including Ohio Revised Code Section 1349.19 and any other applicable state statutes. Notification may be provided via email to the address associated with your account, through an in-app notification, or by other means as required by law.

10.3 Content of Notice

Breach notifications will include, to the extent known at the time of notification: a description of the nature of the breach, the types of personal information involved, the date or estimated date of the breach, the steps we have taken and are taking in response, steps you can take to protect yourself, and contact information for follow-up inquiries.

10.4 Law Enforcement Delay

Notification may be delayed if a law enforcement agency determines that notification would impede a criminal investigation, in which case notification will be provided promptly after the law enforcement agency determines that it will no longer impede the investigation.

10.5 Third-Party Breaches

In the event of a security breach at one of our third-party service providers (such as Supabase, Anthropic, or RevenueCat), we will work with the affected provider to assess the impact on our users and will provide notification as required by applicable law. We will also evaluate and, where appropriate, update our security measures in response to any such incident.

11. International Users

The App is operated from the United States. If you access the App from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your country. By using the App, you consent to the transfer of your information to the United States.

We do not currently target or offer the App to users in the European Economic Area (EEA) or the United Kingdom. If this changes, we will update this Privacy Policy to address GDPR and UK GDPR requirements.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated Privacy Policy within the App and updating the "Last Updated" date. Your continued use of the App after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Attuned Labs LLC
Email: attunedlabs@gmail.com
Website: https://heyfollie.com

For privacy-specific inquiries, please use the subject line: "Follie Privacy Inquiry."

BY USING FOLLIE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY.