Hormetic is developed and operated by Navid Hassani, an individual developer based in Texas, United States. The app may be transferred to Avesta Forge LLC in the future; if that happens, this policy will be updated to reflect the new entity. The substance — what the app does and does not do with your data — will not change.
Hormetic is a sauna and heat-exposure tracking app. With your explicit permission, granted in-app on first use, it reads from and writes to Apple HealthKit on your device. The data classes it requests are:
HealthKit permissions are requested on use, not on launch. You can revoke any of them at any time in iOS Settings → Privacy & Security → Health → Hormetic.
Nowhere. The app has no server. There is no Hormetic backend, no remote API, no cloud sync that we operate. The only place your data exists is on your device, inside HealthKit, encrypted at rest by Apple's standard iOS protections and protected by your device passcode and biometrics.
If you have iCloud sync enabled for Health data in your own iCloud settings, Apple may sync your HealthKit data between your own devices, end-to-end encrypted. This is an Apple feature, between you and Apple. We have no access to it.
You may, at your option, export your Hormetic session data as a CSV file from within the app. Once exported, the file is yours and lives wherever you save it. If you share it, the privacy of its contents is your responsibility from that point. Hormetic never initiates a share, upload, or transmission on its own.
Hormetic computes derived values — a heat-dose score, an estimated wrist temperature delta, a zone classification. Every value derived by the algorithm is labeled "Estimated" in the interface. The algorithm is versioned and documented; each session records the version that produced its values. Historical sessions are never silently recomputed when the algorithm changes. This is not a marketing claim. It is a transparency commitment written into the app's architecture.
Hormetic is rated for users 17 and older on the App Store. It is not directed at children under 13. We do not knowingly collect data from any users, including children. Heat exposure carries physiological risks that are not appropriate for young children regardless of how an app is designed.
Hormetic is a tracking and estimation tool. It is not a medical device. It does not diagnose, treat, cure, or prevent any disease. The information it presents is for educational and self-tracking purposes only. Heat exposure carries real cardiovascular and dehydration risks. Consult a physician before starting any heat exposure protocol if you have cardiovascular conditions, are pregnant, take medications that affect heat tolerance, or have any other condition that may affect your response to heat.
California residents have the right to know what personal information is collected, the right to delete it, the right to correct it, and the right to opt out of its sale or sharing. Because Hormetic does not collect or transmit personal information off your device, the practical answer to each of these requests is the same: there is no data we hold to disclose, delete, correct, or stop sharing. We do not sell personal information.
The data controller for any processing within the app is Navid Hassani, located in the United States. The legal basis for any on-device processing is your consent, given when you grant HealthKit permissions, and you may withdraw that consent at any time in iOS Settings. Because no personal data is transmitted off your device or to us, the rights of access, rectification, erasure, restriction, portability, and objection have no remote data to act upon; they are satisfied locally — deleting the app deletes our local data, and HealthKit data remains under your control regardless.
If this policy changes materially, the new version will be posted at this URL with an updated effective date. If a change affects how the app handles data, the app itself will surface a notice on next launch.
Privacy questions, requests, or notices: privacy@hormetic.app. This address routes to a real human (the developer); replies come from a person, not an autoresponder.