Privacy

Your data, yours.

Sosta never sells your data, never uses it for advertising, and health information never leaves your device for any purpose other than generating your personalised schedule.

Last updated · 13 May 2026

What we collect, and why

Account

Email address & display name

Used to create and secure your account via Apple Sign In or email/password (Supabase Auth). Your email is never shared with advertisers or third parties. Your display name is stored only to personalise the app experience.

Health · read only

Sleep, HRV, resting heart rate, active energy, steps

Read from Apple HealthKit with your explicit permission. Used locally on your device to determine your daily readiness and inform how Sosta structures your schedule. This data is never uploaded to our servers or shared with any third party.

Calendar · read only

Calendar events

Read from EventKit with your explicit permission. Used to detect existing commitments so Sosta can schedule around them. Calendar data never leaves your device.

App usage

Schedule blocks, feedback, goals

The blocks you create, the subjects and goals you set, and the feedback you log after sessions are stored in our database (Supabase) and used exclusively to improve your future schedule recommendations. This data is linked to your account and never shared or sold.

What we don't collect

Any advertising identifiers (IDFA, IDFV for ad targeting)
Analytics SDKs (no Firebase Analytics, Mixpanel, Amplitude, etc.)
Precise or coarse location data
Contacts, photos, or microphone data
Cross-app or cross-website tracking

Third-party services

Sosta uses the following infrastructure providers. Each is bound by their own privacy policies and appropriate data processing agreements.

Supabase

Provides authentication and database hosting. Stores your account details and schedule data on servers in the EU (Frankfurt). Data is encrypted at rest and in transit. supabase.com/privacy

Railway

Hosts the scheduling backend that produces your personalised schedule. Receives anonymised task metadata (subject, duration estimates, block type) to produce schedule recommendations. No health data is sent to Railway. railway.com/legal/privacy

Resend

Sends transactional emails (waitlist confirmations, launch notifications). Receives only your email address and the message body. resend.com/legal/privacy-policy

HealthKit data · special protections

Sosta's use of HealthKit data is limited to on-device scheduling logic. We comply fully with Apple's HealthKit guidelines:

HealthKit data is not uploaded to any server
HealthKit data is not used for advertising or market research, or any purpose unrelated to health or scheduling
HealthKit data is not shared with third parties in any form
You can revoke HealthKit permissions at any time in iOS Settings > Privacy & Security > Health > Sosta

Data retention

Your account data (schedule blocks, feedback, learned stats) is retained while your account is active. You can request deletion at any time by contacting us below. We will permanently delete your data within 30 days of a verified request.

HealthKit and Calendar data is accessed transiently on-device and never persisted outside of your iOS device's own secure storage.

Children's privacy

Sosta is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information, please contact us and we will delete it promptly.

Your rights

Depending on where you live, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Object to or restrict certain processing
Data portability (receive your data in a structured format)

To exercise any of these rights, email us at the address below.

Changes to this policy

We may update this policy as the app evolves. When we make material changes, we will update the date at the top of this page. Continued use of Sosta after an update constitutes acceptance of the revised policy.

Contact

Questions about this policy or requests to exercise your data rights can be sent to:

Sosta
contact@sosta.au

Email us