PRIVACY POLICY

For the Mobile Application "Totem: Life & Health Tracker"

Effective Date: 2026-12-25

1. INTRODUCTION

This Privacy Policy describes how personal and sensitive health data is handled by the mobile application "Totem: Life & Health Tracker" ("Totem," "the App," "we," "us," or "our"). We understand the paramount importance of your privacy, especially when dealing with health-related information. Totem is designed with a "privacy-by-design" and "privacy-by-default" approach, ensuring that your data remains under your direct control and on your device.

By using Totem, you acknowledge and agree to the practices described in this Privacy Policy. Please read it carefully.

2. DATA CONTROLLER

For the purposes of the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Federal Law of the Russian Federation No. 152-FZ "On Personal Data," you, the user, are the primary data controller of your personal data processed within the Totem application. Totem operates without server-side processing of your data, meaning all data resides solely on your device.

3. DATA COLLECTION AND TYPES OF DATA PROCESSED

Totem is a local, offline application designed to give you full control over your health and habit tracking data. We do not collect, transmit, or store any personal or health data on our servers or cloud systems. All data processing occurs exclusively on your device.

The types of data you may choose to input and store locally within the App include:

• Identifiable but Locally Stored Data (Pseudonymised):
  • User-defined Tags/Categories: For organizing lab results, workouts, and habits. While these may indirectly relate to an individual, they are not used by us to identify you.
• Sensitive Health Data (Processed Locally):
  • Medical Laboratory Results: Specific blood marker values (e.g., glucose, cholesterol, hormone levels), their units, reference ranges, and dates of testing.
  • Fitness Metrics: Details of your workouts, including exercise names, sets completed, repetitions, weights lifted, and dates.
  • Habit Tracking Data: Records of specific habits, their frequency, completion status, and dates (e.g., "drank 2L water," "meditated," "read book").
  • Notes: Any free-text notes you choose to add related to your health, workouts, or habits.
• Technical Data (Non-Personal):
  • Application Usage Analytics (Strictly Anonymous & Local): We may collect anonymized, non-identifiable usage statistics *locally* on your device to understand how features are used within the app (e.g., frequency of opening certain screens). This data is never transmitted externally.
  • Error Logs (Strictly Anonymous & Local): If the app crashes, anonymized error reports may be stored locally to help diagnose and fix issues. These reports contain no personal data and are not transmitted externally.

No user accounts are created, and we do not ask for your name, email address, phone number, or any other direct identifiers.

4. PURPOSE OF DATA PROCESSING

The data you input into Totem is processed solely for the following purposes, exclusively on your device:

• Personal Health Tracking: To allow you to monitor, analyze, and visualize your medical lab results, fitness metrics, and daily habits over time using charts and heatmaps.
• Self-Management and Optimization: To empower biohackers, patients with chronic conditions, and quantified self enthusiasts to derive insights from their data for personal health and wellness decisions.
• App Functionality: To provide the core features of the App, such as data entry, data visualization, historical record keeping, and local data backup/restore functions.

5. DATA STORAGE AND LOCALIZATION

• Local Storage Only: All data you input into Totem is stored exclusively on your mobile device. We do not use any cloud services, remote servers, or external databases for storing your data.
• Database Technology: Data is stored using local database solutions such as SQLite or Drizzle on your device.
• No Data Transfer: Your data never leaves your device unless you explicitly choose to export it (e.g., for backup or sharing purposes, which remains under your control).
• Data Localization (152-FZ): By storing all personal data exclusively on the user's device, Totem inherently complies with the data localization requirements of Russian Federal Law 152-FZ. All personal data related to Russian citizens, if entered into the app, remains within the territory of the Russian Federation (i.e., on the user's device located within the РФ).

6. DATA SECURITY

We implement reasonable technical and organizational measures designed to protect the data stored on your device from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption at Rest (Device-Dependent): Your device's operating system (e.g., iOS, Android) typically offers encryption features (e.g., full disk encryption). We strongly recommend enabling these device-level security features to protect your local data.
• No Network Transmission: As data is not transmitted, the risks associated with network breaches are eliminated.
• Access Control (Device-Dependent): Access to the App and its data is governed by your device's security features (e.g., passcode, PIN, biometric authentication).
• Privacy-by-Design: The architecture of Totem prioritizes privacy by minimizing data collection and centralizing processing on the user's device.

While we strive for maximum security, no system is entirely impenetrable. You are responsible for maintaining the security of your device and its access credentials.

7. USER RIGHTS

As the primary data controller of your data, you retain full rights over all information stored within Totem, in accordance with applicable data protection laws, including GDPR and 152-FZ. Since all data is local to your device, you can exercise these rights directly:

• Right to Access: You can access all your data directly within the App at any time.
• Right to Rectification: You can correct or update any of your data directly within the App.
• Right to Erasure ("Right to Be Forgotten"): You can delete any individual data entries or uninstall the App to erase all local data. Be aware that uninstalling the App will permanently delete all data from your device unless you have manually created a backup.
• Right to Restriction of Processing: You can choose to stop entering certain types of data.
• Right to Data Portability: The App may offer functionality to export your data in a structured, commonly used, and machine-readable format (e.g., CSV, JSON), allowing you to transfer it to another system.
• Right to Object to Processing: Since we do not process your data externally, this right applies to your control over data entry within the App.

To exercise these rights, simply use the functionalities provided within the Totem application. We, as the App developer, do not have access to your data and therefore cannot fulfill external requests related to your personal data directly.

8. THIRD-PARTY ACCESS AND DISCLOSURE

We do not share, sell, rent, or disclose any of your personal or health data with any third parties, advertisers, or analytics providers.

• No Third-Party SDKs for Data Collection: We do not embed third-party SDKs specifically designed for tracking or collecting personal data for external commercial purposes.
• Operating System Providers: Your device's operating system provider (e.g., Apple, Google) may have its own privacy policy regarding your device and its general usage. We encourage you to review those policies. Our commitment is that Totem itself does not transmit your specific health and habit data to them.

9. CHILDREN'S PRIVACY

Totem is not intended for use by individuals under the age of 16. We do not knowingly collect personal or health data from children under 16 years of age. If we become aware that we have inadvertently received personal data from a user under the age of 16 and that data has been transmitted to us (which is not our design), we will take steps to delete such information from our records where it exists.

10. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by updating the "Effective Date" at the top of this policy and, where appropriate, through in-app notifications or other means. Your continued use of Totem after the effective date of the revised Privacy Policy constitutes your acceptance of the terms.