Privacy posture

Your stack is your business.

Regimio is built privacy-first. Not as a marketing line · as an architectural precondition. Protocol data is sensitive. Trust is the foundation, not a tab.

Local-first SQLiteNo account requiredNo analytics on dosesOne-tap erase

Principles

What we promise, and what it actually means.

Local by default

All data lives in an on-device SQLite database. No cloud sync, no remote logging of doses, symptoms, or labs unless you explicitly enable it.

No account required

Free and Pro tiers work without sign-up. App Store / Play Store handle billing. An account is only created if you turn on multi-device sync.

Sync is opt-in

When you turn on sync, your data is encrypted at rest with a key in iCloud Keychain. You can disable sync at any time and your device keeps a full local copy.

One-tap erase

Settings → Danger zone → Erase everything. Drops SQLite, Keychain, secure store, and any cached files. Final. No recovery prompt.

No analytics on values

Sentry is opt-in and scrubbed of compound names, doses, and lab values. We track crash signatures, not what you logged.

Visible in the UI

A 🔒 Local indicator stays on the Home screen so you never have to dig into a settings panel to confirm where your data lives.

Where your data lives

Every category, every destination.

No hand-waving. Here is the literal data map.

Data kind	Where it lives	Sent off-device	Encryption
Compounds, doses, schedules	On-device SQLite	Never (unless sync is enabled)	Encrypted at rest if sync is enabled
Symptom check-ins	On-device SQLite	Never (unless sync is enabled)	Encrypted at rest if sync is enabled
Lab values, PDFs	On-device + Documents folder	Never by default. Imports and exports stay user-controlled.	Yes (sandboxed file storage)
Wearable data (HRV, sleep, weight)	Roadmap integrations, opt-in only	Not sent off-device in the MVP	Encrypted at rest if sync is enabled
Reconstitution math	Computed on-device (pure module)	Never. No remote calculation.	n/a · computed only
Crash signatures (Sentry)	Sentry (opt-in only)	Only stack traces, scrubbed of values	TLS in transit
Subscription receipts	Apple / Google	Standard IAP receipt flow	Apple / Google encryption
Email address	Not collected by default	Only if you opt into the newsletter	TLS in transit

What we will never do

The forever list.

×Sell your data to anyone. Period.
×Share data with research partners by default.
×Show 'consult your doctor' pop-ups before you log a compound.
×Restrict which compounds you log.
×Build features that require an account before you can use the app.
×Auto-enroll you in cloud sync without asking.
×Auto-write doses or symptoms back to HealthKit.
×Send analytics events that include compound names, doses, or lab values.
×Make the privacy policy harder to read than a settings page.
×Send you marketing email without explicit opt-in.

One-tap erase

The button is always there.

No dark patterns. No 'are you really sure'. Settings → Danger zone → Erase everything.

SQLite database

Dropped. Schema reinitialized to empty on next launch.

iCloud Keychain

Sync key purged. Any cloud-stored snapshot is signaled for deletion.

Caches & files

Cached PDFs, photos, exported reports. All removed.

Erase is final. We do not keep a hidden recovery copy. This is the trade we make for being a privacy-first app.

Steady is a strategy

The privacy posture is the product.

If we ever weaken it, you'll find out from the changelog · not from a press release.

Read the full policy→Security details