Privacy Policy — Adyria

1. Who we are

This Privacy Policy describes how Leonnic Tech Ltda ("Leonnic," "we," or "our") collects, uses, and protects your personal data when you use the Adyria app.

For purposes of Brazil's General Data Protection Law (LGPD), Leonnic Tech Ltda is the data controller.

For purposes of the EU General Data Protection Regulation (GDPR), Leonnic Tech Ltda is the data controller.

2. Data we collect

Adyria operates on a local-first architecture. This means the vast majority of your data never leaves your device. We divide data into two categories:

2.1 Data stored locally on your device

This data exists only on your phone, in a local database. Leonnic does not have access to it.

2.2 Data that may be transmitted to third parties

The following data is processed outside your device, under the conditions described:

Important:

• Crash reports (Crashlytics) are active by default to ensure app stability. They contain only technical data (device model, OS version, stack traces) and do not include personally identifiable information. You can disable this collection in the app settings.
• Usage analytics activation varies by region to comply with local legislation:
• Brazil and USA: Enabled by default (opt-out). You can disable at any time in the app settings. Legal basis: legitimate interest (LGPD Art. 7, IX) and CCPA compliance.
• European Union / European Economic Area: Disabled by default (opt-in). Only enabled if you explicitly consent, as required by the GDPR (Art. 6(1)(a)). Adyria uses Google Consent Mode v2 to manage this differentiation automatically.
• In all regions, events are aggregated and anonymized. We never transmit specific financial amounts, personal goal content, or health data to Firebase.
• In-app purchase data is managed entirely by Apple or Google. Leonnic receives only confirmation that a purchase was made and which product was acquired. We do not receive payment data.

3. How we use your data

What we NEVER do with your data:

• We never sell your personal data to third parties.
• We never share personal data for advertising purposes.
• We never use health data (Apple Health) for advertising, data mining, or third-party sharing.
• We never use specific financial amounts in analytics — only aggregated ranges.
• We never cross-reference your data with third-party profiles.

4. Apple Health (HealthKit)

Adyria may access and record data in Apple Health for the Body and Mind pillars. This integration deserves special attention:

• Reading and recording. Adyria reads data from Apple Health (such as steps and workouts) and records data generated within Adyria (such as hydration and focus sessions). Adyria never modifies or deletes data recorded by other apps.
• Explicit opt-in. Integration only occurs after your authorization in iOS settings.
• Data never transmitted. Data read from and recorded in Apple Health is stored only locally on your device and is never sent to servers, Firebase, or any third party.
• Never used for advertising. In compliance with Apple's guidelines, HealthKit data is never used for advertising or data mining.
• Revocable at any time. In iOS settings (Settings > Health > Data Access & Devices).

5. Sharing with third parties

Leonnic shares limited data with the following third parties, exclusively for the purposes described:

5.1 Google (Firebase)

Google's privacy policy: https://policies.google.com/privacy

5.2 Apple / Google (Payments)

In-app purchases are processed by Apple (App Store) or Google (Google Play). Leonnic receives only confirmation that a purchase was made and which product was acquired. We do not receive payment data.

5.3 We don't share with anyone else

Leonnic has no other partners, processors, or third parties that receive personal data from Adyria users.

6. International data transfers

Firebase (Crashlytics and Analytics) is operated by Google, which may process data on servers located in the United States or other countries.

These transfers are conducted based on:

• LGPD (Art. 33): Standard contractual clauses and guarantees provided by Google.
• GDPR (Chapter V): European Commission Standard Contractual Clauses (SCCs) adopted by Google.
• CCPA: Google acts as a "service provider" as defined by the CCPA.

All other personal data (finances, health, gamification) remains exclusively on your device and is not subject to international transfer.

7. Data retention

When you use the "Delete all data" feature in the app, all local data and Firebase data on your device are permanently deleted.

8. Security

We adopt technical and organizational measures to protect your data:

• Encrypted local database on device.
• Code obfuscation in production builds.
• Input validation on all app forms.
• Text sanitization against malicious character injection.
• No credential storage in plaintext or logs.
• No sensitive data transmission — financial and health data never leave your device.

No system is 100% secure. Should we identify any security incident that may affect your data, we will notify you and the relevant authorities as required by applicable law.

9. Your rights

9.1 Rights for all users

Regardless of where you are, Adyria respects the following rights:

• Access: Know what data we have about you.
• Deletion: Delete all your data ("Delete all data" in Profile).
• Consent withdrawal: Disable analytics, disable crash reports, or revoke Apple Health access at any time.
• Information: Be clearly informed about how your data is processed (this Policy).

9.2 Information for users in Brazil (LGPD)

If you are in Brazil, the General Data Protection Law (Lei nº 13.709/2018) guarantees the following rights regarding your personal data:

1. Confirmation and access (Art. 18, I and II) — Confirm the existence of processing and access your data.
2. Correction (Art. 18, III) — Correct incomplete, inaccurate, or outdated data.
3. Anonymization, blocking, or deletion (Art. 18, IV) — Of unnecessary, excessive, or non-compliant data.
4. Portability (Art. 18, V) — Receive your data in a structured, readable format. Available upon request via email. Portability applies to personal data entered directly by you in Adyria. Data obtained from external sources (such as Apple Health) is subject to the policies and restrictions of the originating platform and is not included in portability. To export your health data, use the native Apple Health export feature (Settings > Health > Export Health Data).
5. Deletion (Art. 18, VI) — Of personal data processed with consent.
6. Information about sharing (Art. 18, VII) — Know which third parties your data is shared with (described in Section 5).
7. Information about consent (Art. 18, VIII) — Know that you can deny consent and what the consequences are.
8. Consent withdrawal (Art. 18, IX) — At any time, at no cost.

How to exercise your rights:

• Data deletion: Directly in the app (Profile > Delete all data).
• Analytics opt-out: In app settings.
• Crash reports opt-out: In app settings.
• Apple Health revocation: In iOS settings.
• Other rights: Email adyria@leonnic.com. We will respond within 15 business days.

Supervisory authority: If you believe the processing of your personal data violates the LGPD, you may file a complaint with the Brazilian National Data Protection Authority (ANPD) at https://www.gov.br/anpd.

Sensitive data (Art. 11): Adyria processes health data (steps, workouts, hydration obtained via Apple Health), classified as sensitive personal data under the LGPD. Processing is carried out with your specific, informed consent, granted when you authorize Apple Health access. You may revoke this consent at any time.

Data controller:

9.3 Information for users in the European Union (GDPR)

If you are in the European Economic Area (EEA), the General Data Protection Regulation (Regulation (EU) 2016/679) guarantees the following rights:

1. Right of access (Art. 15) — Obtain a copy of your personal data.
2. Right to rectification (Art. 16) — Correct inaccurate data.
3. Right to erasure (Art. 17) — Request deletion of your data.
4. Right to restriction of processing (Art. 18) — Restrict the processing of your data.
5. Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format. Portability covers data entered directly by you in Adyria. Data originating from Apple Health is subject to Apple's restrictions and is not included. Apple Health offers native export (Settings > Health > Export Health Data).
6. Right to object (Art. 21) — Object to processing based on legitimate interest.
7. Right to withdraw consent (Art. 7(3)) — At any time, without affecting the lawfulness of prior processing.

Legal bases we use:

How to exercise your rights: Email adyria@leonnic.com. We will respond within 30 days.

Supervisory authority: You have the right to file a complaint with the data protection supervisory authority in your country of residence.

EU Representative: Leonnic Tech Ltda is in the process of designating an EU representative pursuant to Art. 27 of the GDPR. In the meantime, all communications may be directed to adyria@leonnic.com.

9.4 Information for users in California, USA (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), guarantees the following rights:

1. Right to know — What personal information we collect, use, and share.
2. Right to delete — Request deletion of your personal information.
3. Right to opt-out of sale — Adyria does not sell personal information. We have never sold and will never sell it.
4. Right to non-discrimination — We do not treat you differently for exercising your privacy rights.

Categories of personal information collected (past 12 months):

How to exercise your rights: Email adyria@leonnic.com. We will respond within 45 days.

"Do Not Sell or Share My Personal Information": Adyria does not sell or share personal information for cross-context behavioral advertising. No action is required on your part.

10. Cookies and similar technologies

Adyria is a native app and does not use cookies. However, the Firebase SDK may use device identifiers and similar technologies for crash reporting and analytics. These technologies are described in Section 2.2, with analytics subject to your consent (opt-in).

11. Changes to this Policy

We may update this Privacy Policy at any time. The current version will always be available at leonnic.com/adyria/privacy.

For changes that materially modify your rights or how we process your data, we will make reasonable efforts to notify you within the app. For changes affecting the processing of sensitive data (health), we will request new consent.

Continued use of Adyria after publication of changes constitutes acceptance of the updated policy. If you do not agree with the changes, you may delete your data and uninstall the app.

12. Contact

For questions, requests, or complaints about privacy and data protection:

Leonnic Tech Ltda Data Protection Officer Email: adyria@leonnic.com

We are committed to responding to all requests within applicable legal timeframes: - Brazil (LGPD): Within 15 business days. - European Union (GDPR): Within 30 days. - California (CCPA): Within 45 days.

Esta Política de Privacidade também está disponível em Português.