Privacy - Thier

Quick summary

Thier is a personalised longevity product for iPhone, plus a public web mirror at thier.app. We collect: account and profile data, optional health and wearable data you choose to connect, free-text content you submit (chat with the AI features, posts, support messages), and limited technical operational logs. We never use your Health data for advertising, never share it with third parties for their own purposes, and never sell it. Where AI features respond to you, the relevant context (including health metrics you have asked them to consider) is sent to OpenAI for model inference and not used by OpenAI to train their public models.

What you can do at any time: request a copy of your data, ask for it to be corrected, or delete your account. The in-app path is Profile → Sign Out / Delete Account. The manual fallback is hi@thier.app.

Who is the data controller

Thier is operated by Steven Kippax, a sole-trader business based in Glasgow, United Kingdom. For privacy questions, data subject access / erasure requests, or any other matter under UK GDPR, EU GDPR, the California Consumer Privacy Act, or any equivalent law, contact hi@thier.app.

What we collect

Account and profile

email address, sign-in identifier (Apple / Supabase auth)
display name, username, profile image you upload
onboarding answers: chronological age band, biological sex, primary longevity goals, lifestyle factors, conditions you disclose
subscription state from Apple (active, renewed, cancelled, expired)

Health and wellness data (if you connect it)

HealthKit signals you grant: resting heart rate, heart rate variability, exercise minutes, sleep duration and stages, weight, body composition, VO₂ max, blood pressure, oxygen saturation, step count, workouts
connected-wearable tokens and synced rollups for: Strava, Oura, Garmin, Fitbit, Withings, Polar — only the providers you explicitly OAuth into
manual entries you log: blood pressure, body fat, weight, sleep, mood, supplements, medications, family history
optional: lab PDF uploads (HbA1c, ApoB, Lp(a), full panel), and the AI-extracted markers from those uploads
optional: cognitive test results (reaction time, word recall, spatial memory, symbol match) and physical-function tests (grip, sit-to-stand)
optional: genetic markers you choose to import (e.g. APOE ε4 status from a 23andMe / Ancestry / VCF upload)

AI feature interactions

your free-text messages to the AI features
the AI's responses
"memory facts" the AI saves so future conversations are personalised — you can review and delete these in Profile → Personalisation → What Your AI Knows

Social and community

posts, comments, likes, follows, club memberships, RSVPs, direct messages, blocks and reports
media you attach to posts or messages (images, GIF picks, optional location tag)

Waitlist (web only)

email address you submit on the marketing site, the page or campaign source associated with that submission, and the time of submission
If a waitlist submission fails, the site may store a temporary local backup of your email in your browser's local storage on your device only, so the signup is not lost. This local backup is not sent anywhere until you submit again successfully.

Operational logs

API request logs at Supabase (IP address, timestamp, route, response code) for security and debugging
edge-function execution logs (no body content stored)
crash and exception traces from the iOS app

What we share, with whom, and why

Thier does not sell personal data. We do, however, route data through service providers (sub-processors) who help us run the product. Here is the complete current list of sub-processors and what each one sees.

Sub-processor	Purpose	What is sent	Where
Supabase (Supabase Inc., USA)	Authentication, Postgres database, storage, edge functions, realtime channels — the core backend.	All account data, all data in the bullet list above except free-text payload to OpenAI's servers, including health rollups (`daily_wearable_snapshots`, `healthkit_bio_age_snapshots`), lab uploads, chat history, and posts.	Hosted in the EU (Frankfurt) where possible; some control-plane traffic transits the US.
OpenAI (OpenAI, L.L.C., USA)	AI feature inference: chat responses, lab-marker extraction, genetic-report interpretation, supplement / medication interaction checks, diet plan generation, image moderation.	For chat: the conversation, your selected goals + recent biological-age + recent VO₂ + recent labs + medications + family history + mental-health flags + relevant memory facts. For lab inference: the lab report text/markers. For genetic inference: the markers you imported. For diet plan: your dietary preferences and constraints. OpenAI does not use these requests to train their public models per their API terms.	USA.
Vercel (Vercel Inc., USA)	Web hosting for thier.app, share-link redirect (/share/...), serverless rendering of public pages (/post/:id, /@username, /lesson/:id, /learn, /clubs/:id, /events/:id).	Public content only: published posts, public profile pages, lesson pages, club and event pages — i.e. the same content Google can already index. Vercel terminates TLS and serves the response.	Edge network, primarily USA / EU.
PostHog (PostHog Inc., USA / EU)	Product analytics — what features get used, retention cohorts, funnels — to improve the app.	Anonymous device-level events (e.g. "viewed dashboard", "completed lesson"). No raw HealthKit values. No chat content. No lab contents.	EU region.
Giphy (Giphy Inc., USA — owned by Shutterstock)	GIF picker in the post composer and direct messages, only when you actively open it.	Search query you type, plus standard CDN telemetry (IP address, user agent) when your device fetches a GIF preview.	USA / global CDN.
Apple	Authentication (Sign in with Apple), in-app subscription billing, push notification delivery, HealthKit on-device storage.	Subscription state, push tokens, the standard Apple receipt. Apple is the merchant of record for paid subscriptions.	USA / Ireland.
Connected wearable providers — Strava, Oura, Garmin, Fitbit, Withings, Polar (only the ones you connect)	OAuth + sync of activity, sleep, heart, body composition data you have already stored with that provider.	Only the OAuth handshake and pull-down requests. We never push your data to those providers.	The provider's own region (US / EU).
Google Sheets / Google Workspace (Google LLC, USA)	Waitlist intake from the marketing site only.	Email address, page or campaign source, timestamp.	USA / EU.

We will update this table when sub-processors change. Material changes (a new sub-processor for AI inference, for example) will be notified in-app. Where any of the above sub-processors sit outside the UK/EEA, we rely on Standard Contractual Clauses or equivalent transfer mechanisms for international transfers.

HealthKit data — specific commitments

Where Thier receives data from Apple HealthKit, the following commitments apply, in addition to anything else in this policy. These mirror Apple's HealthKit data policy requirements:

We never use Health data for advertising, marketing, or other use-based data mining beyond the direct in-app personalisation features the data was collected for.
We never share Health data with third parties for those third parties' own purposes.
We never sell Health data.
HealthKit data is stored on your device by default. The rollups Thier syncs to its backend (e.g. daily_wearable_snapshots, healthkit_bio_age_snapshots) exist so the experience can survive a device reinstall and so the AI features can take recent metrics into account. You can delete them by deleting your account.
HealthKit access is read-only — Thier never writes back to your Health data.

Why we use your data — purposes and lawful bases

Where the UK GDPR or EU GDPR applies, the lawful bases we rely on are listed below. Where we process special category data (data concerning health, including biological-age inputs, sleep, heart-rate metrics, lab results, genetic markers, mental-health flags), we additionally rely on your explicit consent (UK GDPR Art 9(2)(a)) — we ask you in-app before backend storage of any of these items begins, and you can withdraw that consent at any time.

Purpose	Lawful basis (Art 6)	Special category basis (Art 9, where relevant)
Run your account, sync across devices, deliver the product	Performance of a contract	—
Personalise the experience to your goals, conditions, and metrics	Performance of a contract	Explicit consent
Run AI features (chat, lab inference, genetic inference, diet plan, interaction check)	Performance of a contract	Explicit consent
Improve product quality and reliability (analytics, crash logs)	Legitimate interests in operating and improving the service	Not used (analytics excludes raw health values)
Fraud, abuse, and security investigations	Legitimate interests + legal obligation	—
Process subscription billing	Performance of a contract (handled by Apple)	—
Marketing emails (beta updates), where you opted in	Consent	—

How long we keep your data

Account and profile data: while your account is active, then deleted within 30 days of an account-deletion request, except where law requires longer retention.
Health rollups, AI chat, lab uploads, genetic markers, memory facts: while your account is active, then deleted with the account.
Waitlist emails: 12 months from collection, unless you ask for deletion sooner.
Operational logs: 30–90 days for security and debugging, then purged.
Backups: Supabase point-in-time recovery retains a rolling 7-day backup. Deletions are honored in the live database within minutes; the rolling backup window then ages the data out within ~7 days.
Subscription records (Apple): we retain the active state only; transaction history is held by Apple under their own retention.

Your rights

Wherever you live, you can ask us to delete your account. In addition, the following rights apply under UK GDPR and EU GDPR (and you may have similar rights under California's CCPA / CPRA, Washington's My Health My Data Act, Colorado CPA, Quebec Law 25, Australian Privacy Act, and others):

Access — get a copy of the data we hold about you
Rectification — correct anything inaccurate
Erasure ("right to be forgotten") — delete your account and the data tied to it
Portability — get a machine-readable export of your data so you can take it elsewhere
Object to processing based on legitimate interests, and restrict some processing
Withdraw consent where processing depends on consent (without affecting any earlier processing made on the basis of that consent)
Lodge a complaint with your supervisory authority

To exercise any of these, email hi@thier.app from the email tied to your account, or use the in-app path: Profile → Sign Out / Delete Account. We aim to respond within 30 days.

Supervisory authorities

You have the right to complain to a supervisory authority if you believe we have not handled your data properly:

United Kingdom — Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint
European Union: the Data Protection Authority of your country of residence — see the European Data Protection Board's list at edpb.europa.eu/about-edpb/members
Ireland (where many EU users will route via): Data Protection Commission — dataprotection.ie

Account deletion

You can delete your account at any time:

In the app: open the Profile tab, scroll to the bottom, and tap Delete Account. This calls a server-side cascade that removes your profile, posts, comments, likes, conversations, biological-age history, daily wearable snapshots, lab uploads, doctor memory, chat messages, connected-account tokens, screenings, and supplement stack — and finally your authentication record.
Manual fallback: if the in-app flow does not work, email hi@thier.app from the email on your account and we will manually trigger the cascade.

Once deleted, an internal log entry is retained recording the user id and the deletion timestamp (no personal data), for ops and audit purposes only.

AI features in detail

Thier offers several AI-assisted features. They share a common pattern: your input plus the relevant context from your account is sent to OpenAI for inference, and the response is returned to you. We do not pass your data to OpenAI for training — OpenAI's API terms exclude API traffic from public model training by default.

AI chat (the Longevity Doctor / Coach): sends your free-text question + recent biological-age estimate + recent VO₂ max + recent labs + medications + family history + mental-health flags + memory facts you've saved.
Lab inference: sends the parsed lab values from a PDF you uploaded.
Genetic inference: sends the markers you imported (e.g. APOE ε4 status).
Diet plan generation: sends your dietary preferences and constraints.
Interaction check: sends your medication / supplement stack.
Image moderation: sends images you upload to social posts to OpenAI for safety classification.

The AI features are intended to provide educational guidance only. They are not a substitute for professional medical advice, diagnosis, or treatment. See our Terms of Use for the full medical disclaimer.

Cookies and local storage

The marketing site (thier.app) currently does not run advertising cookies or cross-site marketing trackers. We use Vercel Speed Insights and Vercel Analytics for site-performance and aggregate visitor metrics — these run on a strictly necessary / legitimate-interests basis and do not set advertising cookies or share data with third parties for their own purposes.

The site may store a temporary local backup of a failed waitlist submission in your browser's local storage, on your device only, so the signup is not lost. This is cleared once a successful submission goes through.

If we add cookies that are not strictly necessary (advertising, third-party analytics), we will surface a consent banner that asks you to opt in before any of those cookies load — as required by UK PECR 2003 / the EU ePrivacy Directive — and we will update this page.

Security

We use technical and organisational measures appropriate to a small product handling sensitive health data:

TLS 1.2+ for all network traffic
Row Level Security (RLS) on every Supabase table that holds personal data — every read and write is gated by the requesting user's session
Apple-managed authentication (Sign in with Apple), with refresh tokens stored in app-group storage on the device
Periodic review of Supabase security advisors
Account deletion via a SECURITY DEFINER server-side cascade rather than client-side row-by-row delete

No internet service can promise absolute security. If we ever become aware of a breach affecting your data we will notify you and the relevant supervisory authority within the timeframe required by applicable law (72 hours under UK / EU GDPR for high-risk breaches).

Children

Thier is intended for adults aged 18 and over. Onboarding enforces a minimum age of 18. We do not knowingly collect data from children. If you believe a minor has registered, email hi@thier.app and we will delete the account.

California, Washington, Quebec — region-specific notices

California (CCPA / CPRA): we do not "sell" or "share" your personal information for cross-context behavioural advertising. You have the right to know, the right to delete, the right to correct, and the right to limit the use of sensitive personal information — exercise any of these by emailing hi@thier.app.

Washington (My Health My Data Act): consumer health data — including biological age inputs, biometric readings, mental-health flags, and reproductive data — is treated as sensitive. We collect it only with your consent in-app, and we do not share, lease, or sell it for any purpose other than running the product.

Quebec (Loi 25): our designated privacy officer is the email address above. Quebec residents have the same access, rectification, and deletion rights as under UK GDPR.

Changes to this policy

We update this page whenever our practices change. The "Last updated" date at the top reflects the most recent revision. Material changes (a new sub-processor for health data, a change of legal basis, a new region's rights) are flagged in-app the next time you open it.

Questions or requests

For privacy questions, deletion requests, or anything else under this policy:

Your health data, plainly explained.