CREVIK Healing
Privacy Policy
CREVIK Healing ("the App", "we", "us") is the companion mobile application for CREVIK tuning fork customers. This Privacy Policy explains what personal information the App collects, how it is used and stored, and the choices you have over your data.
1. Data we collect
The App collects only the data described below. We do not request access to contacts, calendar, photos, microphone, camera, location, or any other device sensors.
| Data | When collected | Purpose |
|---|---|---|
| Email address | When you create an account or sign in | Account identification and authentication |
| Password (hashed) | At account creation | Authentication; never stored in plain text |
| Account identifier | Generated when your account is created | Linking your data to your account |
| Mood entries (e.g. calm, tired, anxious, happy, low) and timestamps | When you log a mood in the App | Tracking your healing journey, displaying trends, optional pre/post-session reflection |
| Session completion records (which session, start/end time, duration) | When you complete a healing session | Showing your history, streaks, and statistics |
| Achievement badges | When you unlock a badge | Personal progress display |
| Owned products (which CREVIK tuning forks you own) | When you indicate ownership in the App | Filtering session content to forks you can practice with |
| App preferences (e.g. theme, sound settings) | When you change a setting | Persisting your preferences across launches |
Data we do not collect
- We do not collect advertising identifiers (IDFA / GAID).
- We do not use third-party analytics SDKs (no Google Analytics, no Firebase Analytics, no Sentry, no Mixpanel, etc.).
- We do not track you across other apps or websites.
- We do not access your location, contacts, photos, microphone, or camera.
- We do not collect biometric data, financial information, or government identifiers.
2. How your data is stored
Your data lives in two places:
- On your device. The App stores a local copy of your mood entries, session history, badges, and preferences in the App's private sandbox storage so it works offline.
- In our cloud backend (only after you sign in). When signed in, your mood entries, session history, and badges are synced so they are available across your devices and survive device loss. Authentication is handled by Supabase and your synced data is stored in a Supabase Postgres database with row-level security — only your account can read or write your rows. Public, read-only content (sessions, articles, audio files) is hosted on Cloudflare infrastructure (Workers, D1, R2).
Data in transit is protected with HTTPS/TLS. Passwords are never transmitted or stored in plain text — Supabase salts and hashes them on the server.
3. Sharing with third parties
We do not sell your personal data. We do not share it for advertising or marketing. We use the following service providers strictly to operate the App:
| Provider | Role | What they receive |
|---|---|---|
| Supabase | Authentication and synced user data storage | Email, hashed password, account ID, mood entries, session history, badges, settings |
| Cloudflare | Hosting public app content (Workers, D1, R2) | Standard request metadata (IP address, user agent) — no account data |
| Apple / Google | App distribution and platform services | Whatever the App Store or Play Store collects per their own policies |
These providers act as data processors and are contractually required to protect your data with at least the same standard described in this Policy. If you sign in with a third-party identity provider (e.g. Apple, Google), that provider's privacy policy also applies to the sign-in flow.
4. Data retention and deletion
- While your account is active: we keep your account data and synced content for as long as you use the App.
- Account deletion: you can delete your account at any time by emailing support@crevik.com. Within 30 days of receiving your request, we permanently delete your account, all your synced data (mood entries, session history, badges, settings), and revoke all access tokens. Backups are purged on their normal rotation cycle (typically within 90 days).
- Local data: data stored on your device is removed when you delete the App from your device.
5. Children's privacy
The App is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
6. Your rights
Depending on where you live, you may have rights under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), or other privacy laws. These include the right to:
- Access a copy of the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your data ("right to be forgotten").
- Object to or restrict certain processing.
- Receive your data in a portable format.
- Withdraw consent at any time.
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, email support@crevik.com. We will respond within 30 days. We do not "sell" or "share" your personal information as those terms are defined under California law.
7. International transfers
Our service providers may store and process your data in jurisdictions outside your country, including the United States. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses to protect cross-border transfers.
8. Security
We use industry-standard security measures including TLS encryption in transit, encryption at rest for backend storage, scoped access tokens with PKCE, row-level security on our database, and the principle of least privilege for internal access. No method of transmission over the internet is 100% secure, but we work to protect your data with reasonable safeguards.
9. Changes to this Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you within the App. Your continued use of the App after the effective date of any change constitutes acceptance of the updated Policy.
10. Contact us
If you have questions, requests, or complaints regarding this Policy or your data, contact us at:
- Email: support@crevik.com
- Website: https://crevik.com