Hermly Early access
Privacy

Your health data never leaves your iPhone.

Hermly's prediction model runs locally. Your sleep, HRV, menstrual cycle, pain levels, medications, and migraine events all stay on the device. The only thing our servers ever see is whether you have an active subscription and aggregated counters for things like “onboarding completed today”.

What stays on your iPhone

  • Every migraine attack you log
  • Pain ratings and medication doses
  • Sleep, HRV, resting heart rate, hydration from Apple Health
  • Menstrual cycle data
  • Barometric pressure history for your area
  • The personal baselines our model learns from your data

Optional iCloud sync uses Apple's end-to-end encrypted Private Database. Your data is encrypted with a key only your iCloud Keychain holds — Apple can't read it, and we can't read it.

What we store on a server

  • Subscription state — whether you're on Free, Trial, or Pro. Keyed by your anonymous Apple transaction ID, never your email or Apple ID.
  • Aggregate event counters — pre-defined counts like “attack_started_in_app” for product analytics. No values, no identifiers.
  • Anonymous Core ML model files in object storage, served to all devices. Identical bits for everyone.

The Doctor / Spouse share path

When you share with your doctor (PDF report) or your partner (Spouse Mode live status), the data leaves your iPhone in a form you approve, going to the recipient you choose. Hermly's servers are not part of that path. Doctor reports are PDFs you send via Mail, AirDrop, or whatever works for your clinic. Spouse Mode uses Apple's CloudKit shared zones — encrypted, peer-to-peer through Apple.

For Spouse Mode specifically, your partner only ever sees live attack status — “tracking now, 1h 24min, pain 6”. They never see medication names, history, or per-day data.

The monthly narrative

When the app shows that calm one-paragraph summary at the top of your monthly report, it's generated by Anthropic's Claude API via our backend. Only a small set of aggregate statistics is sent — month name, attack count, percentage of attacks linked to pressure drops, mean peak pain. Per-day data, individual readings, and anything that could identify you stay on the device.

You can turn the AI summary off in Settings; the app falls back to a deterministic local summary built from the same aggregates.

What we will never do

  • Sell or share your data with advertisers
  • Train ML models on your individual data
  • Send you push notifications to drive engagement
  • Ask for your email to start tracking
  • Implement analytics_user_id / device fingerprinting / cross-app tracking

Your controls

  • Settings → Health data → Apple Health permissions — revoke any category Hermly reads, any time.
  • Settings → Health data → Export all data — download everything Hermly has stored on your device.
  • Settings → Health data → Delete data — wipes Hermly's local store and (if enabled) your iCloud mirror.
  • Settings → Privacy → End-to-end encrypted iCloud — toggle iCloud sync. Off by default.
  • Settings → Privacy → Anonymous research opt-in — opt into sharing aggregate counters. Off by default.