Privacy Policy — Aster Hills Apps & Website

Effective date: 14 October 2025

Who we are. Aster Hills ("we", "us") builds minimal wellness & productivity apps for iOS — HabitFlow, MyMeal AI, Ease Meditations, and RemindMe — and operates the website asterhills.co (collectively, the "Services").

Controller: Aster Hills LLC, 2093 PHILADELPHIA PIKE #1117

CLAYMONT, DE19703. Contact: support@asterhills.co

We do not make games. This Policy explains what we collect, how we use it, and your choices.

1) Scope

This Policy covers our iOS apps and our website (Squarespace-hosted).
If a feature links to a third party (e.g., App Store, Apple Health, external support form), their privacy terms apply to their processing.

2) Data we collect

2.1 Data you provide

Account/Contact: emails you send us, support requests, newsletter sign‑ups.
App Content: entries you choose to save on device or in iCloud (e.g., habits, schedules, notifications, meditations preferences, affirmations, meals/notes, optional vitamin & supplement tracking).
AI Inputs: text, images (e.g., meal photos), prompts.

2.2 Data we receive automatically

Device & diagnostics: app version, device/OS, crash logs, performance events.
Purchase status: subscription/receipt status from Apple (no payment card data).
Website: cookies and similar tech for core site functions and analytics.

Sensitive note: Entries like sleep, mood, supplements, or meals can be health‑related. Treat anything you record as private; use the Apps in private spaces as you prefer.

3) How we use data

Provide and operate features (logging, reminders, progress, meditations, nutrition estimation).
Personalize content (e.g., meditation scripts, affirmation categories), improve accuracy, and troubleshoot.
Communicate support and service updates.
Advertising/measurement (if enabled and consented): show ads and measure their performance.

Legal bases (EEA/UK): Contract (to deliver the Services); Legitimate interests (improve, secure); Consent (marketing emails, personalized ads/identifiers where required).

4) Third‑party processors & SDKs we use

We only share data with service providers that operate under contracts limiting their use to our instructions. Here are the ones we currently use and what they do.

Service

Purpose

Data categories (examples)

Where used

Controls/notes

Apple (App Store / IAP / Receipts)

Purchases, subscriptions

masked receipt data, subscription status

Apps

Manage in iOS: Settings → Apple ID → Subscriptions

Meta (Facebook SDK / Meta Ads / Meta Pixel)

Ads delivery, analytics, attribution

IDFA (if allowed), device info, IP, app events (e.g., opens, purchases), coarse location

Apps & Site

ATT prompt on iOS; cookie banner/consent on Site; you can disable “Allow Apps to Request to Track” or reset IDFA in iOS Settings

Google AdMob / Google Ads

In‑app ads & ad measurement

IDFA/Advertising ID (if allowed), device/OS, IP, app events

Apps

ATT gating; you can turn off personalized ads in iOS / reset ad ID

Amplitude Analytics

Product analytics to improve UX

app events, device/OS, IP (truncated), region

Apps

Respect system limit‑ad‑tracking; used for aggregated product insights

Firebase Remote Config (Google)

Feature flags & configuration

anonymized instance ID, app version/OS, country, remote parameters

Apps

Not used for advertising; used to safely roll out features

OpenAI API

AI processing (e.g., meditation text, food parsing from text/image)

text prompts, optional images you submit for analysis

Apps

Content sent only to return results/ensure service integrity; we instruct providers not to use your content to train models without your consent

Squarespace

Website hosting & analytics

site usage, IP, device/region, cookies

Site

Cookie banner available; essential cookies required for Site operation

CocoaPods is a dependency manager we use to install SDKs; it is not a data recipient.

5) Ads, identifiers & consent (very important)

On iOS we respect App Tracking Transparency (ATT): we only access the IDFA and enable personalized ads/attribution if you grant permission.
If you decline tracking, we’ll limit our SDKs to contextual ads and SKAdNetwork (aggregated measurement).
On the Site, we request consent for marketing/analytics cookies where legally required (e.g., EEA/UK).
You can reset your advertising identifier or limit ad tracking at Settings → Privacy & Security → Tracking (iOS).

US (CPRA) disclosure: We do not sell your personal information for money. When we use Meta/Google for ads/measurement, that may be considered “sharing for cross‑context behavioral advertising.” You can opt out via (i) the in‑app consent/toggles where available, (ii) your device settings, and (iii) a “Your Privacy Choices / Do Not Sell or Share” link on our Site.

6) Data retention

We retain personal data only as long as needed for the purposes above, then delete or de‑identify it. AI inputs sent to processors are kept only as long as necessary to return results and ensure service integrity, then are deleted or de‑identified per provider policy.

7) Security

We use industry‑standard safeguards (encryption in transit, access controls). No method is 100% secure; keep your device and Apple ID secure.

8) International transfers

Where processors are outside your region, we rely on lawful transfer mechanisms (e.g., EU Standard Contractual Clauses).

9) Your rights

Depending on your location: access, correction, deletion, portability, objection/restriction, and marketing/ads opt‑out.
Contact: support@asterhills.co. For App Store purchases, manage in Apple settings.

10) Children

Our Services are not directed to children under 13 (or 16 in EEA/UK). We don’t knowingly collect children’s data.

11) Not medical advice

Our Apps are wellness/information tools, not medical devices. Nutrition values are estimates. Seek professional advice for medical or dietary decisions.

12) Changes

We’ll update this Policy from time to time; the Effective date shows the latest version. Material changes will be announced in‑app or on the Site.