Privacy Policy

1. Introduction

Welcome to Mellow Miles. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web services.

Mellow Miles is designed with privacy as our top priority. We understand the sensitive nature of health data and maintain the highest standards of privacy and security.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, password (encrypted), and optional profile details
• Home Address: Optional location used for route planning and context analysis

2.2 Automatically Collected Data

• Driving Data: GPS location, speed, acceleration, braking patterns, route information
• Biometric Data: Heart rate, heart rate variability (when connected to Apple Watch)
• Motion Data: Accelerometer and gyroscope readings during driving sessions
• Vehicle Data: Optional OBD-II data (RPM, fuel level, diagnostic codes) when connected
• Device Information: Device model, operating system, app version, battery level
• Usage Data: Session timestamps, trigger alerts, bookmarks, music interventions

2.3 Health Information

With your explicit consent through HealthKit permissions, we collect heart rate data from your Apple Watch. This data is used exclusively for stress detection and biometric analysis during driving sessions. We never share this data with third parties without your explicit consent.

3. How We Use Your Information

• Driving Analysis: Analyze your driving patterns to identify stress triggers and provide insights
• Stress Detection: Monitor biometric signals to detect elevated stress during driving
• Pattern Recognition: Identify recurring situations that may cause distress (location, time, traffic conditions)
• Music Interventions: Deliver calming music during detected stress episodes
• Trip Replay: Provide detailed post-drive analysis with timeline and biometric visualizations
• Service Improvement: Improve our algorithms and features (using aggregated, de-identified data only)
• Communication: Send important updates about your account and service changes

4. Data Storage and Security

4.1 Where Your Data is Stored

Your data is stored securely using industry-standard cloud infrastructure with encryption at rest and in transit. We use Supabase (built on PostgreSQL) for database storage and implement Row-Level Security (RLS) policies to ensure data isolation.

4.2 Security Measures

• End-to-end encryption for data transmission
• AES-256 encryption for data at rest
• Multi-factor authentication support
• Regular security audits and penetration testing
• Strict access controls and audit logging
• Automatic session timeout after inactivity

4.3 Data Retention

• Raw Sensor Data: 90 days
• Trip Summaries: 24 months
• Account Data: Retained until account deletion
• Billing Records: 7 years (legal requirement)

5. Data Sharing and Disclosure

5.1 We DO NOT Share Your Data Except:

• With Your Consent: When you explicitly authorize data sharing
• Service Providers: Third-party providers who assist in delivering our services (cloud hosting, analytics) under strict data processing agreements
• Legal Obligations: When required by law, court order, or to protect safety
• Business Transfers: In the event of a merger or acquisition (you will be notified)

5.2 We NEVER:

• Sell your personal data to third parties
• Share health data with insurers or employers
• Use your data for advertising or marketing purposes
• Share identifiable data with researchers without explicit consent

6. Your Privacy Rights

6.1 Access and Control

You have the right to:

• Access: View all data we have collected about you
• Export: Download your data in JSON format
• Correct: Update inaccurate information
• Delete: Request permanent deletion of your account and data
• Opt-Out: Disable specific data collection features
• Portability: Transfer your data to another service

7. HIPAA Compliance

Mellow Miles is designed to be HIPAA-compliant for covered entities. We implement:

• Business Associate Agreements (BAA) for healthcare providers
• Administrative, physical, and technical safeguards
• Audit controls and integrity controls
• Transmission security and access controls

8. Children's Privacy

Mellow Miles is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have collected data from a minor, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification. Continued use of Mellow Miles after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests regarding your privacy: