YULA Lab
YULA Lab
Explore Projects
Privacy
LifeOS

LifeOS privacy policy

Last updated: 2026-05-12

One-line summary

LifeOS is an offline-first app that stores your personal data encrypted on your device. No personal data is permanently sent to our servers (except optional cloud sync, which is end-to-end encrypted).

Data that stays on your device

  • Health data (read from Apple Health / Health Connect: steps, heart rate, sleep, exercise)
  • Financial records (income, expenses, goals)
  • Learning and goal tracking
  • Voice journal and Z-Report entries (audio is transcribed on-device)
  • Photos and other attachments

All of this is encrypted on-device with SQLCipher + AES-256. The encryption key is stored in the device's Keychain (iOS) or Keystore (Android).

Data sent to our servers

  • Account information: Email and device ID (only if you create an account). You can use the app with most features without creating an account.
  • Anonymous crash reports: Via Sentry, and DISABLED BY DEFAULT. You can enable it in Settings > Privacy; the data contains no personally identifying information.
  • Purchase state: Apple App Store / Google Play receipt validation. We only store active/inactive and tier (Plus / Pro).
  • Cloud backup (optional): If you explicitly enable it, your data is uploaded to Supabase Storage as an encrypted bundle. The decryption key stays on your device — YULA Lab cannot read or use the data for training.

HealthKit / Health Connect

We request Apple HealthKit (iOS) and Android Health Connect permissions to read health data. You grant these optionally. Health data is processed on-device, is NOT sent to any server, and is NOT used for model training. Fully compliant with Apple's Health Data Use Policy.

Third parties

  • Supabase: Account registration and optional cloud backup. Hosted on EU (Frankfurt) servers.
  • Apple HealthKit / Health Connect: Health data read permission (optional).
  • Apple App Store / Google Play: Subscription payments and receipt validation.
  • Sentry: Crash reports (disabled by default).

Data retention

Device data is kept until you delete it. When you delete your account, server-side records are removed within 30 days. You can delete cloud backups with a single tap at any time.

Children

LifeOS is for users 13 and older. If we learn that we have collected data from a child under 13, we will delete the account and clear the records.

Medical disclaimer

LifeOS is a health tracking tool and does NOT provide medical advice. Please consult a licensed health professional for medical decisions. The app is not intended to diagnose, treat, or prevent any disease.

Your rights

You have rights of access, correction, deletion, portability, and objection under KVKK Article 11 and GDPR Articles 15-22. From within the app you can export or delete all device data with one tap. For server-side records, email merhaba@yulalab.com.

Data security

The device database is encrypted with SQLCipher + AES-256. The key is stored in Keychain/Keystore. Cloud backups are end-to-end encrypted — the server never sees plaintext. Communication uses TLS 1.2+.

Changes

We may update this policy from time to time. Significant changes will be announced via in-app notice and reflected in the 'Last updated' date.

Contact

Data Controller: YULA Lab — Mustafa Kaan Koçak
Email: merhaba@yulalab.com
Location: Istanbul, Turkey