Privacy Policy

Last updated: March 2026

1. Data Controller and Contact

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Alexander Köhn
Spechtweg 9, 21376 Salzhausen
Email: support@levida.app
Website: https://levida.app

2. Overview of Data Processing

Levida is an iOS app for the personal documentation of GLP-1 medications. The protection of your personal data is our highest priority.

Core principle: All your personal health data is stored exclusively on your iPhone. Your health data is never transmitted to our servers or the servers of third parties. We do not operate any server infrastructure for the storage of personal user data.

The following data is processed within the app:

• User profile (name, weight, height, year of birth, gender) — stored locally on device only
• Injection logs (medication, dose, injection site, pain level, side effects) — stored locally on device only
• Weight entries — stored locally, optionally synced with Apple Health
• Progress photos — stored locally with iOS Complete File Protection encryption
• Symptom logs — stored locally on device only
• Step data — read-only access from Apple Health

3. Legal Basis

The processing of personal data is carried out on the following legal bases:

• Art. 6(1)(a) GDPR (Consent): For the use of Apple Health (HealthKit), push notifications, camera access for progress photos, and optional analytics services (PostHog).
• Art. 6(1)(b) GDPR (Performance of a contract): For the provision of app functionality, the management of in-app purchases and subscriptions, and the processing of local user data necessary for the performance of the service.
• Art. 6(1)(f) GDPR (Legitimate interest): For bug fixes, improvement of app stability, and anonymous usage statistics.
• Art. 9(2)(a) GDPR (Explicit consent): For the processing of health data (special category of personal data), which takes place exclusively on your device.

4. Local Data Storage

All personal and health-related data is stored exclusively on your iPhone. We use the secure storage mechanisms provided by iOS:

• App database: Your injection logs, weight entries, symptoms, and profile settings are stored in a local database on your device.
• Progress photos: Photos are stored in the protected app directory with iOS Complete File Protection. This encryption ensures that photos are only accessible when your iPhone is unlocked.
• No cloud sync: There is no automatic synchronisation of your data with iCloud, our servers, or any other cloud services.
• Data deletion: Uninstalling the app permanently deletes all locally stored data. Alternatively, you can delete your data at any time with a single tap in the app settings.

5. Apple Health (HealthKit) Integration

Levida can optionally connect to Apple Health (HealthKit). The use of HealthKit is entirely voluntary and requires your explicit consent via the iOS permission dialogs.

Data read (Read access):

• Weight
• Steps
• Blood glucose (premium feature)
• Blood pressure (premium feature)
• Sleep (premium feature)

Data written (Write access):

• Weight entries (weight only)

Important information regarding HealthKit:

• Each HealthKit permission is requested individually and explicitly.
• You can revoke permissions at any time in iOS Settings under Privacy & Security > Health.
• HealthKit data is never shared with third parties.
• HealthKit data is not used for advertising or data mining.
• HealthKit data is used solely for display within the app on your device.

6. Third-Party Services

Levida uses the following third-party services that process limited data:

6.1 RevenueCat (Subscription Management)

Purpose: Management of in-app purchases and subscriptions.

Data processed: Anonymous user ID, purchase receipts (from Apple), subscription status.

Note: No personal health data is transmitted to RevenueCat.

Privacy policy: https://www.revenuecat.com/privacy

6.2 PostHog (App Analytics)

Purpose: Anonymous usage analytics to improve app stability and functionality.

Provider: PostHog Inc., San Francisco, USA (EU servers: Frankfurt, Germany)

Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in improving the app)

Data Processed:

• Anonymous usage events (e.g., "injection entry created", "recipe viewed")
• Device type and iOS version (for compatibility testing)
• Anonymous usage ID (no personal identification possible)
• NO health data: We do not transmit dosages, weight values, symptoms, or other health information to PostHog
• NO personally identifiable information: No names, email addresses, IP addresses (anonymized), or other identifiers

Hosting & Data Transfer:

• All data is stored on PostHog servers in the EU (Frankfurt)
• IP addresses are automatically anonymized
• Session recording is disabled (no screen recordings)

Retention Period: Maximum 90 days, then automatically deleted

Opt-out: You can disable analytics at any time in the app settings under "Privacy" → "Disable Analytics". The app will continue to function without limitations.

Further Information:

• PostHog Privacy Policy: https://posthog.com/privacy
• PostHog GDPR Compliance: https://posthog.com/docs/privacy/gdpr-compliance

6.3 OneSignal (Push Notifications)

Purpose: Delivery of optional push notifications (e.g., tips and offers).

Data processed: Device token, anonymous segment information.

Note: Local notifications (e.g., injection reminders) function without OneSignal and without any data transfer.

Privacy policy: https://onesignal.com/privacy_policy

6.4 AWS S3 (Recipe Content Delivery)

Purpose: Delivery of recipe content.

Data processed: No personal data. Only recipe content is retrieved.

6.5 Brevo (Newsletter)

Purpose: Sending weekly recipes, tips, and information about your GLP-1 therapy.

Data processed: Email address.

Legal Basis: Art. 6(1)(a) GDPR (Consent).

Retention Period: Until you withdraw your consent (unsubscribe).

Recipients: Brevo (Email Service Provider, EU servers).

Double Opt-in: After registration you'll receive a confirmation email. The newsletter will only be sent after clicking the confirmation link.

Your Rights:

• Withdrawal possible anytime via "Unsubscribe" in the app or newsletter
• No sharing with third parties
• Data deletion upon request

Privacy policy: https://www.brevo.com/legal/privacypolicy/

7. Push Notifications

Levida distinguishes between two types of notifications:

• Local notifications: Injection reminders, weight reminders, and step goal notifications are generated locally on your device. No data is transmitted in this process.
• Remote notifications (optional): Tips and offers may be delivered via OneSignal. This feature is optional and can be disabled at any time.

You can disable all notifications at any time in iOS Settings under Notifications > Levida.

8. Photos and Camera

Levida offers the ability to take progress photos:

• Camera access requires your explicit consent via the iOS permission dialog.
• Photos are stored exclusively in the protected app directory on your iPhone.
• Photos are encrypted with iOS Complete File Protection and are only accessible when your device is unlocked.
• Photos are never transmitted to servers, cloud services, or third parties.
• You can delete individual or all photos at any time within the app.

9. In-App Purchases

Levida offers optional premium features via in-app purchases:

• Monthly subscription: EUR 4.99/month
• Annual subscription: EUR 29.99/year
• Lifetime access: EUR 79.99 (one-time payment)

All payments are processed through Apple's App Store. Levida does not receive any payment information (credit card numbers, bank details, etc.) from you. Apple processes your payment data in accordance with the Apple Privacy Policy.

The subscription management provider (RevenueCat) receives only anonymised purchase receipts and subscription status information from Apple.

10. Your Rights

Under the GDPR, you have the following rights with respect to your personal data:

• Right of access (Art. 15 GDPR): You have the right to request information about the personal data we process. Since all data is stored locally on your device, you have direct access at all times.
• Right to rectification (Art. 16 GDPR): You can edit your data at any time directly within the app.
• Right to erasure (Art. 17 GDPR): You can delete all your data with a single tap in the app settings or by uninstalling the app. No data is retained on our servers.
• Right to restriction of processing (Art. 18 GDPR): You can disable individual features (e.g., HealthKit, analytics, push notifications) at any time in the settings.
• Right to data portability (Art. 20 GDPR): Your data is stored locally on your device and is available to you at all times.
• Right to withdraw consent (Art. 7(3) GDPR): You may withdraw any consent given at any time with effect for the future, e.g., by disabling individual permissions in the iOS settings.
• Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority. The competent authority is the data protection authority of the federal state in which you reside.

To exercise your rights, please contact us at: support@levida.app

11. Data Security

We rely on the proven security mechanisms of iOS to protect your data:

• All health data is stored exclusively on your device.
• Progress photos are encrypted with iOS Complete File Protection.
• All communication with third-party services is conducted exclusively via encrypted connections (HTTPS/TLS).
• No passwords or login credentials are stored in the app, as no account creation is required.
• The app uses iOS sandbox technology, which prevents other apps from accessing Levida data.

12. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in the law or changes to the app. The current version is always available at https://levida.app/en/privacy.html.

We will notify you of material changes via the app.

13. Last Updated

This privacy policy was last updated in March 2026.