1. Data Collection and Usage

Cathexis is designed as an "Offline-First" application.

• Local Personal Data: Information you input—including Mood Tracking, Journal entries, Panic Attack Logs (intensity, triggers, duration), and Custom Truth Cards—is stored exclusively on your device using encrypted local storage. We do not have access to this data.
• Emergency Contacts: Phone numbers and names added for emergency purposes are stored locally to enable one-tap calling/SMS during a crisis.
• Optional Account Creation: While the app is 100% functional offline, users may optionally use Google Sign-In for future cloud sync features. If used, this data is encrypted in transit and at rest.

2. Third-Party Services and Analytics

• No Third-Party Tracking: We do not use tracking pixels (e.g., Meta/Facebook pixels) or third-party marketing SDKs.
• No Advertisements: Cathexis is an ad-free environment to prevent sensory overload and preserve user privacy.
• Optional Analytics (Opt-In): You may choose to enable Firebase Analytics in Settings to help us understand feature usage and improve the app. When enabled, we collect:
  • Anonymous usage statistics (screen views, feature engagement)
  • Device information (model, OS version)
  • Approximate location (derived from IP address)
  • Session duration and frequency
  • Note: We do NOT collect journal content, attack notes, or emergency contacts
• Optional Crash Reporting (Opt-In): You may enable Firebase Crashlytics to help us identify and fix bugs. When enabled, crash reports include device state and stack traces but no personal content.
• Google Fonts: The app downloads fonts from Google servers for typography. Google may log these requests per their privacy policy.
• Sign-In Services: If you choose to sign in with Google or Apple, those providers collect authentication data per their respective privacy policies. This is optional and not required for app functionality.

3. Regulatory Compliance

• GDPR (Europe) & CCPA (California): We comply with global privacy standards. Because data is stored locally, your "Right to Erasure" is fulfilled by deleting the app or using the in-app "Delete All Data" function, which scrubs data from your device immediately.
• HIPAA (United States): As a direct-to-consumer app not connected to a healthcare provider, Cathexis is not technically a "Covered Entity". However, we employ HIPAA-level security standards, including AES-256 encryption and strict access controls, to ensure your data remains protected.

4. Security Measures

To protect your sensitive information, we implement the following:

• On-Device Encryption: All logs and journal entries are encrypted using iOS-native security frameworks.
• Biometric Lock (Planned): Future updates will include FaceID/TouchID requirements to open the app.
• No Streaming: Critical SOS assets are bundled within the app binary to ensure they work without an internet connection, preventing data leaks during transit.

5. Medical Disclaimer

Cathexis is a General Wellness Tool, not a medical device.

• Not Medical Advice: This app provides information and grounding techniques; it does not provide medical diagnosis or treatment.
• Emergency Protocol: If you are experiencing a medical emergency (such as symptoms of a heart attack), call 911 (US), 999 (UK), or 112 (EU) immediately.

6. Contact Us

If you have questions regarding this Privacy Policy or our data practices, please contact our privacy officer at:

support@ketralabs.com