Privacy Policy

The Heartwood app stores everything on your Mac. We operate no server that receives your health data, we run no analytics, and we require no account. Apple's App Privacy label for Heartwood is Data Not Collected.

Your readings, medications, mood entries, notes, tags, reports, and audit history are stored in the app's protected storage on your computer. They are covered by your macOS user account protections and, if you enable it, an app passcode with a Touch ID shortcut, idle auto-lock, and locking on window close.

• No accounts. There is nothing to sign into and no identifier that links your records to you on any server.
• No cloud storage or sync. Heartwood does not upload your records anywhere.
• No analytics or crash-reporting SDKs. The app contains none. Operating-system crash reports remain governed by your own Apple sharing settings.
• A local audit log. Security and data events are recorded on your Mac, for you. The log never leaves your machine unless you export it.

When you use medication-name autocomplete, the characters you type into that field are sent to RxTerms, a public catalog operated by the U.S. National Library of Medicine (clinicaltables.nlm.nih.gov), to fetch suggestions. This is the only network feature in the app.

• It runs only while you actively use autocomplete.
• We operate no proxy and receive nothing from this lookup.
• Heartwood does not log or persist your query text.
• Manual entry without autocomplete involves no network at all.

If you pair a supported blood pressure monitor or scale, Heartwood reads measurements from the device over Bluetooth and stores them locally like any manual entry. The app reads manufacturer, model, and firmware information where the device offers it; serial numbers and personal identifiers are not read. Nothing about your devices or readings is transmitted to us.

Information leaves Heartwood only when you export it yourself. Exports use an encrypted file format by default; producing a plain PDF or CSV requires you to re-authenticate first. Once you share an exported file, its protection is up to the channel you share it through.

This site has no accounts, sets no advertising or analytics cookies, and runs no third-party trackers. Our hosting provider keeps standard, short-lived server logs (IP address, requested page, user agent) to operate and protect the service.

If you use the contact form, the name, email address, subject, and message you submit are delivered over TLS to a private Telegram channel that only the Akticateam can read, together with your browser's user-agent string and a truncated, one-way fingerprint of your IP address used for abuse prevention. We use this information solely to answer you, and Telegram processes the delivery under its own privacy policy. Do not include health information in a contact message; we do not need it to help you.

Because your records live on your Mac, you exercise your rights directly: view, edit, export, or delete anything in the app at any time, and remove every trace by deleting the app and its data. For contact messages, write to us via the contact form and we will delete the conversation on request.

Heartwood and this website are not directed at children under 16, and we do not knowingly collect information from them.

If we change this policy, we will update this page and the date at the top. A change will never retroactively grant us access to data stored on your Mac; that would require a different app architecture and your explicit choice to use it.

Questions about this policy: use the contact form. It reaches the Aktica team directly.