Privacy is the design.

1. Summary in plain language

• Biometric data (heart rate, breathing, oxygen, stress) stays on your Apple devices. We do not have any server that stores it.
• Voice input, when you tap Tap to Speak, is streamed to OpenAI to power the AI companion. OpenAI does not store your voice for training when called via the Realtime API. Audio is never logged on our servers.
• BAM has no user accounts. We do not collect your name, email, or location. There is nothing to sign up for.
• BAM is not a medical device. It is intended for self-awareness and wellness. It does not diagnose, treat, cure, or monitor any condition.

2. What we collect

• From Apple Watch (via HealthKit, on your device only): heart rate, heart rate variability, respiratory rate, blood oxygen saturation, skin temperature delta. Used to power the dashboard and inform the AI companion.
• From the microphone (only when voice is active): short audio frames are captured continuously while you have voice enabled. Frames are processed on-device for breath detection. When the AI companion is active, frames are streamed to OpenAI Realtime API for speech understanding.
• Saved on your device (Apple Vision Pro): your breath calibration profile, your session-mode preference (Wellness / Therapy / Performance), tutorial completion state. These live in iOS UserDefaults and are not transmitted.

3. What we do not collect

• No persistent user identifier or account.
• No advertising IDs.
• No location data.
• No screen recordings, photos, or other media.
• No background data collection. BAM does not run when you are not actively using it.

4. Third-party data flows

BAM transmits data to two third parties — only as needed for live functionality:

• OpenAI — voice audio and short text summaries of your live biometric snapshot are sent to OpenAI Realtime API to power the AI companion. We use ephemeral session credentials issued per session; your audio is not retained for model training when used via the Realtime API. See OpenAI privacy policy.
• Cloudflare — a small Cloudflare Worker (owned by us) mints short-lived OpenAI session tokens on your behalf. The Worker does not log voice audio or biometric data; it only relays credentials. See Cloudflare privacy policy.

5. How we secure data

• All network traffic is encrypted in transit (HTTPS / WSS).
• OpenAI credentials live only in Cloudflare encrypted secret store. The credentials never appear in the app you install.
• Each voice session uses a short-lived ephemeral token (valid ~60 seconds, single-session).
• Biometric data is read from Apple HealthKit using OS-level access controls. You can revoke access at any time from Settings → Privacy & Security → Health.

6. Children and vulnerable users

BAM is intended for adults (18+). It is not designed for children. If you are experiencing a mental-health crisis, please contact a qualified professional or emergency services. BAM is not a replacement for medical or psychological care.

7. Your rights and controls

• Turn off the microphone at any time by tapping the voice button.
• Revoke HealthKit access from system Settings.
• Delete the app to remove all local data.
• Because we do not maintain user accounts or store your data on our servers, there is nothing for us to delete on request — there is no copy of your data outside your devices.

8. Changes to this policy

We will post material changes here and update the Last updated date above. Continued use of the app after a change constitutes acceptance.

9. Contact

Questions: privacy@biometricawarenessmonitor.com

© BAM. BAM is not a medical device. For informational and wellness use only.