Privacy Policy
What Tawen Does and Doesn't Do With Your Data — In One Page
| Category | What happens | Does it leave your device? |
|---|---|---|
| Sleep, heart rate, HRV, resting heart rate, skin temperature, body temperature, blood oxygen saturation (SpO₂), steps, exercise (read from Android Health Connect on your device) | Used by the App on your device to compute your readiness score | No — never |
| Readiness score, pillar sub-scores, AI-generated narratives | Stored in the App's local database on your device. Stored on-device only; your history view is limited to the last 7 days (free tier) or last 90 days (Pro tier); you can delete all on-device data at any time in Settings → Privacy → Delete all data | No — never |
| Hourly input snapshots (the Health Connect metrics each score is computed from) | Derived working data stored in the App's local database on your device; never raw Health Connect records | No — never |
| Weekly report (Pro) | Generated on your device each week from your local data and stored in the App's local database. Preserved across the on-device cleanup so your historical narrative is not lost if you switch tiers | No — never |
| Optional day tags you add on the Dashboard ("Tag today") | Stored in the App's local database on your device | No — never |
| App crashes and errors | Sent to Firebase Crashlytics: stack traces, device model, OS version, App version, timestamp — no health data | Yes, to Google LLC |
| Anonymous usage events (only if you turn analytics on; off by default) | Sent to Firebase Analytics — no health data, no numeric scores, no advertising ID | Yes, to Google LLC |
| Device-integrity attestation | Firebase App Check / Play Integrity — no health data | Yes, to Google LLC |
| Tawen Pro purchase token | Issued by Google Play after a Tawen Pro purchase | Stays local; the Company receives only an anonymized order identifier |
The headline: Your health data never leaves your device. The Company does not receive, store, transmit, sell, or share it. The only data that reaches the Company or its service providers is anonymous diagnostic and usage information that contains no health values of any kind.
Washington State residents: A separate Consumer Health Data Privacy Policy applies specifically to consumer health data covered by the Washington My Health My Data Act. See https://tawen.app/health-privacy for that policy.
1. Who We Are; Scope
Icemint LLC (the "Company," "we," "us," or "our") is a limited liability company organized under the laws of the State of Wyoming, United States, with its principal place of business at 30 N Gould St, Ste R, Sheridan, WY 82801. The Company operates the Tawen Android application (the "App") and the website at tawen.app (the "Website" and, together with the App, the "Services").
For privacy questions or to exercise the rights described in this Policy, contact us at [email protected].
Geographic scope. The Services are offered only to users located in the United States and Canada. The App is geo-restricted at the Google Play Store level to limit distribution to the United States and Canada. The Website is offered only in English with United States Dollar pricing, is hosted from United States infrastructure, and is not localized for or marketed to users in any other jurisdiction. The Services are not offered to, marketed to, or directed at users in the European Economic Area, United Kingdom, Switzerland, or any other jurisdiction.
2. Our Privacy-by-Architecture Approach
Tawen is designed so that the wellness data used to compute your readiness score never leaves your device. This is not a marketing claim — it is enforced by the App's architecture:
- Health Connect access is read-only. The App reads Health Connect data directly into device memory and never copies it off your device.
- Scoring runs on your device. Pillar calculations and the readiness score are computed locally on your device.
- AI narratives are generated on your device. When available, Google's on-device Gemini Nano (via the ML Kit GenAI Prompt API) produces your daily insight narrative locally on your device; where it is unavailable, the App falls back to a rule-based explanation. The weekly report is currently produced by an on-device rule-based summary. The prompts and the generated text never reach the Company's servers or Google's cloud.
- Local storage only. The App's local database stores only:
- the computed readiness score (integer 0–100), normalized pillar sub-scores (decimals 0.0–1.0), and AI narrative text;
- the hourly input snapshots of Health Connect metrics from which each score is computed (derived working data, never raw Health Connect records);
- weekly reports (Pro);
- optional day tags you add on the Dashboard ("Tag today"), along with their timestamps;
- internal metadata such as algorithm version and narrative template version that lets the App reason about its own historical rows correctly. The database never stores raw Health Connect records. None of the above is transmitted off your device.
- On-device storage and deletion. Tawen stores its derived data only in a local database on your device, and nothing is uploaded. How much history you can view is limited to the last 7 days (free) or 90 days (Pro) — a display limit, not a deletion schedule. Separately, older on-device data is automatically cleaned up over time by an on-device process, and you can delete all on-device data at any time via Settings → Privacy → Delete all data. The cleanup runs entirely on your device; the Company is not involved and never sees the data.
- No write-back to Health Connect. The App never writes data to Health Connect.
Because of this architecture, the Company does not receive, collect, store, process, sell, or share your health-related data. References below to "we collect" or "we process" apply only to the limited categories of non-health telemetry described in Section 3.
3. The Non-Health Data We Do Receive
3.1 Firebase Crashlytics (crash diagnostics)
When the App encounters an unexpected failure, we receive an automatic crash report containing:
- a Firebase Installation ID (a pseudonymous device identifier);
- a stack trace and the code path that caused the failure;
- device model, Android version, CPU architecture;
- App version and build number;
- timestamp and foreground/background state.
No health data is included. The App's architecture prevents any score, pillar value, or Health Connect record from being attached to a crash report.
Default: Crash diagnostics are enabled by default when you accept the Terms of Service at first launch. You can turn them off at any time.
Retention: Google retains crash reports for 90 days.
Purpose: To diagnose and fix bugs that affect the App's reliability.
Opt-out: Settings → Privacy → Diagnostic data.
3.2 Firebase Analytics (anonymous usage events)
If you turn on usage analytics, we use Firebase Analytics to understand how users interact with the App in aggregate. Usage analytics are OFF by default; no usage events are collected unless you explicitly turn them on. Our Analytics implementation is constrained by code to allow only string event names and a whitelist of string/boolean parameters. Examples of events: onboarding_complete, score_viewed, pillar_drill_down, paywall_view, purchase.
- The Android Advertising ID (AAID) is disabled (
google_analytics_adid_collection_enabled=falsein the App's manifest). - We track no numeric health values, no scores, no advertising identifiers, and no precise location.
- Country is derived from IP address at the request level by Google and is not stored against your installation.
- Analytics data retention is configured to 2 months.
Purpose: To understand which features users find and use, to improve product decisions.
Opt-in / management: Settings → Privacy → Usage analytics. This is independent of Crashlytics.
3.3 Firebase App Check / Play Integrity (anti-abuse)
We use Firebase App Check with the Play Integrity backend to confirm that requests come from a genuine, unmodified Tawen installation on a Play-certified Android device. This involves an attestation token derived from device-integrity signals; the underlying signals are not shared with the Company. App Check tokens are retained by Google for replay protection in accordance with Google's published Firebase retention policy.
Purpose: To prevent abuse of our backend (such as token forgery or automated abuse).
3.4 Google Play Billing
When you purchase Tawen Pro, payment is processed entirely by Google LLC through Google Play. The Company receives only:
- an anonymized order identifier; and
- a purchase token to verify your entitlement.
The Company does not receive or store your name, card number, billing address, or any payment information.
Purpose: To grant and verify your Tawen Pro license.
3.5 Website (tawen.app)
The Website is a static page hosted via Cloudflare. We do not run analytics or tracking on the Website. We do not load fonts or other resources from third-party servers. Cloudflare may set the short-lived __cf_bm cookie for bot management; see our Cookie Policy at https://tawen.app/cookies.
If the Website includes a "Notify me at launch" or similar contact link, your default email client opens with our address pre-populated when you tap it. If you send us an email, we receive your email address and message content; we use this solely to respond to your enquiry. You can request deletion at any time at [email protected].
4. Automated Processing and AI Disclosure
Tawen computes a daily readiness score from data on your device. This is automated processing, but the score does not produce legal effects or similarly significant effects on you. It is a wellness estimate that you can view, contextualize, and ignore at any time. You can always view the pillar breakdown to understand how the score was derived.
AI-generated content disclosure. The daily insight narrative — the one-paragraph "why" behind your score — is AI-generated. It is regenerated on your device as your readiness score updates through the day. On supported devices it is produced by Google's on-device Gemini Nano via the ML Kit GenAI Prompt API, running locally on your device; where on-device AI is unavailable, the App produces a rule-based explanation instead. Your prompts and the resulting text never reach the Company's servers or Google's cloud. AI-generated content is clearly labelled as such in the App. AI outputs may contain errors and do not constitute medical advice. See Section 2 of the Terms of Service.
Weekly reports (Pro) are a weekly synthesis of your week, drawn from the same on-device data. They are currently produced by an on-device rule-based summary (not AI-generated) and are clearly presented as such in the App.
For California users: The Company does not use Tawen's readiness score, narratives, weekly reports, or any other Tawen output to make any decision about you (including any decision relating to employment, housing, credit, insurance, healthcare, education, or essential goods or services). All scores and outputs are informational only; you alone decide whether and how to act on them.
5. Data Retention
| Data | Where it lives | How long |
|---|---|---|
| On-device readiness scores and AI narratives (free tier) | Your device | Stored on-device only. History view limited to the last 7 days. You can delete all on-device data at any time via Settings → Privacy → Delete all data. Nothing is uploaded |
| On-device readiness scores and AI narratives (Pro tier) | Your device | Stored on-device only. History view limited to the last 90 days. If you downgrade from Pro to free, a 30-day grace period applies before the view narrows to 7 days. You can delete all on-device data at any time. Nothing is uploaded |
| On-device hourly input snapshots | Your device | Short-lived working cache on your device. Deletable at any time via Settings → Privacy → Delete all data |
| Optional day tags ("Tag today") | Your device | Stored on-device until you delete them via Settings → Privacy → Delete all data |
| On-device weekly reports (Pro) | Your device | Not purged. Preserved so your historical narrative is not lost if you switch tiers. Approximately 52 rows per year. You can delete them by tapping Settings → Privacy → Delete all data |
| Firebase Crashlytics data | Google servers | 90 days (Google retention) |
| Firebase Analytics data | Google servers | 2 months (configured by the Company) |
| Firebase App Check tokens | Google servers | Per Google's published Firebase retention policy |
| Launch-notification emails | Our email account | Until you request deletion or 12 months after launch, whichever is sooner |
| Tawen Pro purchase tokens | Locally cached | While the license is active |
6. Your Privacy Rights — By Region
You may exercise the rights below by contacting [email protected]. We will acknowledge your request within 10 business days and respond substantively within 45 days (extendable once by an additional 45 days for complex requests, with notice to you). We will not discriminate against you for exercising your rights. You may also designate an authorized agent to submit a request on your behalf — we will verify the agent's authority and may require verification of your identity.
Because most of the data described in this Policy is on your device, not on our servers, the most powerful rights you have are device-side: revoke Health Connect permissions in Android Settings, and tap Settings → Privacy → Delete all data in the Tawen App.
6.1 All users
Regardless of where you live, you may:
- ask what data we hold about you and how we use it;
- ask us to correct data we hold about you;
- ask us to delete data we hold about you;
- manage diagnostic and usage data in Settings → Privacy: turn off crash diagnostics (on by default), and turn on usage analytics (off by default);
- stop using the Services and uninstall the App at any time.
6.2 California residents (CCPA, as amended by the CPRA)
If you are a California resident, you have the following rights:
| Right | What it means here |
|---|---|
| Right to know | Confirm what personal information the Company collects, the categories of sources, the purposes, the categories of third parties with whom we share, and (if applicable) the categories we sell or share for cross-context behavioral advertising |
| Right to access | Receive a copy of personal information we have collected about you |
| Right to delete | Request deletion of personal information we have collected from you, subject to exceptions in Cal. Civ. Code § 1798.105(d) |
| Right to correct | Request correction of inaccurate personal information |
| Right to opt out of sale/sharing | We do not sell or share personal information for cross-context behavioral advertising. There is nothing to opt out of. |
| Right to limit use of Sensitive Personal Information | We do not collect Sensitive Personal Information for purposes beyond those permitted under Cal. Civ. Code § 1798.121(a)(2). There is nothing to limit. |
| Right against discrimination | We will not deny services, charge different prices, or provide a different level of quality because you exercised a CCPA right |
Categories of personal information we collect (CCPA Notice at Collection):
| Category (Cal. Civ. Code § 1798.140(v)) | Examples we collect | Source | Purpose | Recipients |
|---|---|---|---|---|
| Identifiers | Firebase Installation ID, Firebase App Instance ID | Device | Crash diagnostics; product analytics | Google LLC (Firebase) |
| Internet/network activity | App-screen names, anonymous event names | Device | Product analytics | Google LLC (Firebase) |
| Commercial information | Tawen Pro purchase token, anonymized order ID | Google Play | License verification | Google LLC (Play Billing) |
| Geolocation (country only, derived from IP) | Country code | Network request | Aggregate analytics | Google LLC (Firebase) |
| Inferences | None drawn by the Company on its servers. Analytics events are descriptive (e.g., "screen viewed"), not inferential, and contain no health, demographic, or psychographic profile data. | N/A | N/A | N/A |
We do not collect on our servers: precise geolocation, biometric identifiers, government IDs, social security numbers, financial account numbers, account credentials, contents of mail/email/SMS, race, ethnicity, religious beliefs, union membership, genetic data, sexual orientation, or any data that would constitute "Sensitive Personal Information" as defined in Cal. Civ. Code § 1798.140(ae). The readiness score and pillar values derived from Health Connect data — which would qualify as Sensitive Personal Information if collected by us — are processed and stored entirely on your device and are never transmitted to or received by the Company. See Section 2.
Retention: See Section 5.
Authorized agent. A California resident may use an authorized agent. The agent must provide written authorization signed by you and may be required to verify their own identity.
6.3 Washington residents (My Health My Data Act)
Washington's My Health My Data Act, RCW 19.373 et seq., regulates "consumer health data."
In summary, applicable to all Washington residents: the Company does not receive, transmit to its servers, or store on its infrastructure any consumer health data as defined under RCW 19.373.010. All health-derived values — your readiness score, pillar sub-scores, and AI narratives — are computed and stored entirely on your device, under your sole control, and can be deleted by you at any time via Settings → Privacy → Delete all data. None is transmitted to or stored by the Company. You may withdraw consent at any time by revoking Health Connect permissions in Android Settings.
For the full Washington-specific disclosure, including the affirmative non-sale and non-geofencing statements required by RCW 19.373.040 and .060, see the Consumer Health Data Privacy Policy at https://tawen.app/health-privacy (also linked directly from the tawen.app homepage).
6.4 Nevada residents (Nev. Rev. Stat. Chapter 603A; SB 370)
Nevada law regulates the collection, sharing, and sale of "consumer health data." For the same architectural reason described in Section 6.3 — your on-device readiness score and pillar values are never received by the Company's servers — the Company does not receive, transmit to its servers, or store on its infrastructure any consumer health data within the meaning of Nevada law. You may exercise the rights listed in Section 6.1 with respect to any non-health data the Company may hold.
Nevada law also gives Nevada residents the right to opt out of the sale of certain "covered information" as defined in NRS 603A.340. We do not sell your covered information. To submit a verified request to that effect, contact [email protected].
6.5 Connecticut residents (CTDPA, as amended)
Connecticut residents have the rights to access, correct, delete, port, and opt out of the sale/targeted advertising of personal data, plus heightened protections for "consumer health data." For the same architectural reason described in Section 6.3, the Company does not receive, transmit to its servers, or store on its infrastructure any consumer health data as defined under Conn. Gen. Stat. § 42-515(8). You may exercise the rights in Section 6.1 against any non-health personal data the Company may hold about you.
Appeal. If we deny your privacy request, you may appeal by replying to our response within 60 days. If your appeal is denied, you may submit a complaint to the Connecticut Attorney General via portal.ct.gov/AG.
6.6 Other U.S. state privacy laws
Residents of any U.S. state with a comprehensive consumer privacy or consumer health data law — including without limitation Colorado, Virginia, Utah, Texas, Oregon, Montana, Tennessee, Indiana, Iowa, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, Rhode Island, and Kentucky — have rights of access, correction, deletion, portability, and opt-out of sale and targeted advertising. To the extent your state's law confers additional or different rights (including without limitation Maryland's Online Data Privacy Act effective October 1, 2025, which prohibits the sale of sensitive personal data and imposes heightened minimization duties), the Company will honor those rights as required by applicable law. We extend the substantive rights described in this Section 6 to you regardless of which U.S. state's law applies. To exercise them, contact [email protected].
We do not engage in targeted advertising. We do not sell personal data. We do not engage in profiling that produces legal or similarly significant effects.
6.7 Canadian residents (PIPEDA and provincial law)
Canadian residents are protected by the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and, in Quebec, the Act Respecting the Protection of Personal Information in the Private Sector (Quebec Privacy Act, as amended by Law 25), and in Alberta and British Columbia by their respective Personal Information Protection Acts.
Canadian residents may:
- request access to and a copy of any personal information the Company holds about them;
- request correction of inaccurate personal information;
- request deletion of personal information (subject to legal-hold exceptions);
- withdraw consent for processing of personal information (note that this may limit your use of the Services);
- ask questions about the Company's privacy practices;
- file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca, or with the relevant provincial regulator (Commission d'accès à l'information du Québec, Office of the Information and Privacy Commissioner of Alberta, or Office of the Information and Privacy Commissioner for British Columbia).
To exercise these rights, contact [email protected]. For Canadian residents, the Company will respond to access, correction, and withdrawal-of-consent requests within 30 days of receipt, consistent with PIPEDA's general timeline (this is shorter than the 45-day response window described in the introduction to this Section 6, which applies to U.S. residents).
7. International Data Transfers
The Company is established in the United States. The non-health telemetry described in Section 3 is processed by Google LLC and Cloudflare, Inc., also in the United States.
For Canadian users, the transfer of this telemetry to the United States is permitted under PIPEDA and Quebec Law 25 provided that the recipient provides a comparable level of protection. Google LLC and Cloudflare, Inc. each maintain technical and organizational safeguards consistent with PIPEDA and Quebec Law 25 standards through their respective data processing agreements.
The Services are not offered to users in the European Economic Area, United Kingdom, or Switzerland; the Company therefore does not engage in transfers from those jurisdictions.
8. Security
- All on-device data is protected by Android's application sandbox and, where available, device-level encryption.
- All telemetry transmitted to Firebase is encrypted in transit using HTTPS/TLS 1.3.
- Firebase App Check verifies that telemetry is sent only from genuine Tawen App installations.
- We never store raw Health Connect records anywhere — only on-device derivatives.
- Our Analytics wrapper enforces at compile time that no numeric health value can be passed to Firebase Analytics.
Breach notification.
In the event of a personal data breach affecting the limited non-health telemetry described in Section 3:
- We will notify affected U.S. users in accordance with the breach-notification laws of their state of residence.
- We will notify affected Canadian users in accordance with PIPEDA's mandatory breach reporting requirements (without unreasonable delay; report to the Office of the Privacy Commissioner of Canada if the breach poses a real risk of significant harm).
- We will provide any breach notification required by applicable federal law.
Breach scope on your device. Because your wellness data lives on your device, a breach of the Company's servers cannot expose your wellness data. A loss of physical access to your device, however, would expose any data stored locally. Protect your device with a screen lock and keep your OS up to date.
9. Children and Federal Children's-Privacy Overlay
Minimum age. The Services are not directed to children under the age of 13 in the United States or Canada. You must be at least 16 years old to use the Services. The App presents a neutral age statement during onboarding; we do not encourage users to misstate their age.
COPPA (Children's Online Privacy Protection Act, 15 U.S.C. §§ 6501–6506, and the FTC Rule at 16 C.F.R. Part 312, including the amendments finalized April 22, 2025 and enforceable April 22, 2026). COPPA applies to operators of online services directed to children under 13 or with actual knowledge that they are collecting personal information from a child under 13. The Services are not directed to children under 13 — they are positioned, marketed, designed, and rated for adults — and we do not knowingly collect personal information from anyone under 16. We do not collect biometric identifiers, government-issued IDs, precise geolocation, or any of the data categories added to "personal information" by the 2026 COPPA amendments. We do not engage in targeted advertising or third-party data sharing that would require separate opt-in consent under the 2026 amendments.
If we become aware that we have collected personal information from a child under 16 (or under 13 in the United States) without the legally required parental or guardian consent, we will delete it promptly. Parents and guardians with concerns may contact [email protected].
Other federal sectoral regimes. The Services do not collect or process: financial-account information or "nonpublic personal information" about consumers of a financial institution (GLBA / Reg P); education records held by a school or service provider for a school (FERPA); video-viewing records (VPPA); carrier customer proprietary network information (CPNI); DMV records (DPPA); or SMS/calls covered by the TCPA. Where any of these regimes would otherwise overlay our processing, they do not apply because the Services do not engage in the regulated activity.
10. Third-Party Processors
The following third parties process the limited non-health telemetry described in Section 3 as our processors or service providers:
| Processor | Processing | Location | Basis |
|---|---|---|---|
| Google LLC (Firebase Analytics, Crashlytics, App Check, Remote Config) | Anonymous usage events, crash data, device integrity attestation | United States | Firebase Service Terms and Data Processing and Security Terms |
| Google LLC (Google Play Billing) | Tawen Pro entitlement verification | United States | Google Play Developer Distribution Agreement |
| Google LLC (ML Kit GenAI Prompt API / on-device Gemini Nano) | The App invokes Google's on-device generative AI library to produce the daily insight narrative. Inference runs entirely on your device. No prompt, input, or output is transmitted to Google or to the Company. Google's role is limited to providing the on-device library and the model weights that ship with Android | On your device | ML Kit Terms of Service and Google APIs Terms of Service |
| Cloudflare, Inc. (Website CDN and security) | IP addresses and request logs for DoS protection and performance | United States | Cloudflare Subscription Agreement |
We do not sell personal information to any third party. We do not share consumer health data with third parties for marketing, advertising, insurance, or any other purpose — there is nothing to share, because consumer health data stays on your device.
11. Changes to This Policy
We will notify you of material changes to this Policy via the App or (if available) email at least 30 days before the changes take effect. The date of the most recent update appears at the top of this page. A copy of the previous version is available at https://tawen.app/privacy/previous.
Version history:
- Version 1.2 — alignment with the v1.0 shipped build: (a) removed "mindfulness" from the read-data inventory (no longer read); (b) corrected telemetry consent defaults to match the shipped build — crash diagnostics are on by default after Terms acceptance with a Settings opt-out, and usage analytics are off by default and opt-in; (c) restated on-device retention as storage + a history view cap + user-initiated deletion, with no fixed auto-delete figure; (d) added the hourly input snapshots to the on-device storage inventory; (e) corrected the daily-narrative cadence to intra-day and limited AI/Gemini-Nano attribution to the daily insight (the weekly report is currently rule-based); (f) removed the CSV-export, daily-check-in-entry, and correlation-explorer disclosures for features not in the v1.0 build; (g) removed the HIPAA reference from the federal-sectoral-regime list.
- Version 1.1 — additive disclosures for new on-device features. (a) New Section 3.6 explaining the user-initiated CSV export feature. (b) Section 2 expanded to list every category of data stored on your device and to describe the weekly on-device retention purge worker. (c) Section 4 expanded to disclose that the on-device Gemini Nano model produces weekly reports and check-in synthesis in addition to daily narratives. (d) Section 5 retention table expanded to include check-in entries, the tag log, and weekly AI reports. (e) Section 10 expanded to disclose the on-device ML Kit GenAI library with an explicit assertion that no prompt or output is transmitted to Google. None of these changes reduces your rights or expands the data the Company receives.
- Version 1.0 — initial policy.
12. Contact
Privacy enquiries and rights requests: [email protected]
Icemint LLC 30 N Gould St, Ste R, Sheridan, WY 82801 United States
Supervisory authorities (selected):
- Federal U.S.: Federal Trade Commission, ftc.gov
- California: California Privacy Protection Agency, cppa.ca.gov; California Attorney General, oag.ca.gov
- Washington: Washington State Attorney General, atg.wa.gov
- Other U.S. states: the attorney general of your state
- Federal Canada: Office of the Privacy Commissioner of Canada, priv.gc.ca
- Quebec: Commission d'accès à l'information du Québec, cai.gouv.qc.ca
- Alberta: Office of the Information and Privacy Commissioner of Alberta, oipc.ab.ca
- British Columbia: Office of the Information and Privacy Commissioner for British Columbia, oipc.bc.ca
This Privacy Policy is effective June 14, 2026 (v1.2).