Privacy Policy
How Ready Planner handles your data
1. Introduction
Ready Planner is an iOS app for private day planning. It builds a daily schedule from your goals, tasks, and commitments, and — if you choose to connect a wearable — from how rested your body actually is. This policy explains what data we process, why, and what rights you have. The short version: your plans and your health data belong to you. We show no ads, we sell no data, and we use no advertising trackers.
2. Controller
The controller responsible for data processing in connection with Ready Planner is:
Philipp Fritz
Baden-Baden
Germany
Email: fritz@dsmp.info
3. Data we collect
Account
- Email address and optional name
- Password (stored only as a cryptographic hash)
- A random account identifier
Planning content
- Tasks, goals, appointments, and activities you create
- Work hours, commitments, and scheduling constraints
- The plans generated from them
- The text you type — or the transcribed content of what you say — when you ask Ready Planner to change your day
Health data (only if you connect a provider)
- Daily recovery, strain, and sleep summaries from WHOOP or Apple Health
- Metrics such as heart rate variability, resting heart rate, respiratory rate, blood oxygen, sleep duration and sleep stages
- Governed by the consent rules in section 5
Purchases
- Subscription status only (active/expired, product, period)
- Payment is handled entirely by Apple; we never receive your payment details
Diagnostics
- Crash reports and performance events limited to technical metadata (operation names, timings, error codes, device model, OS version)
- These deliberately exclude the text of your tasks, goals, and plans
Support
- Whatever you send us when you contact support
4. How we use your data
- Planning: to generate and adjust your daily schedule. Plan generation uses AI: the inputs needed for a plan (task and goal titles, schedule constraints, and — if connected — summary health signals) are processed by OpenAI's API. Voice adjustments are transcribed and interpreted the same way. Per OpenAI's API terms, these inputs are not used to train OpenAI's models.
- Quality: plan-generation traces — which contain the same planning inputs, including any summary health signals — may be evaluated in Braintrust, an LLM quality-monitoring service, to detect and fix bad plans.
- Operations: authentication, syncing across your devices, notifications, widgets, and subscription entitlement.
- Stability: diagnosing crashes and performance problems from technical metadata.
We do not use your data for advertising, we do not sell it, and we do not share it with data brokers.
5. Health data
Health data is special-category data under the GDPR, so stricter rules apply:
- Only with your consent: health data is processed only if you explicitly connect a provider (WHOOP or Apple Health) in the app. Connecting constitutes your explicit consent (Art. 9(2)(a) GDPR).
- Purpose: shaping your daily plan — nothing else. Never advertising, never sold.
- Withdrawal: disconnect the provider in Settings → Health at any time; new health data stops flowing immediately.
- Deletion: stored health data is deleted when you delete your account.
- Sharing: never shared beyond the processors listed in section 6.
6. Processors and third-party services
We use a small number of service providers, bound by data processing agreements, to run Ready Planner.
Supabase
Database, authentication, and backend hosting. Your app data is stored in the European Union (AWS eu-west-1, Ireland).
OpenAI
AI plan generation and voice interpretation (see section 4). Processing may occur in the United States. Per OpenAI's API terms, your inputs are not used to train OpenAI's models.
Braintrust
LLM quality evaluation of plan-generation traces, which contain the planning inputs including any summary health signals. Processing may occur in the United States.
RevenueCat
Subscription status management. Processing may occur in the United States.
Apple
App Store distribution, payment processing, and push notifications.
Sentry
Crash and performance diagnostics (EU region), technical metadata only.
WHOOP
If you connect it. WHOOP's own privacy policy governs your WHOOP account; we receive the daily summaries described in section 3 via WHOOP's API with your authorization.
Apple Health
If you enable it, health summaries are read from HealthKit on your device with your permission and synced to your account to shape your plan. We never write to Apple Health, and Apple Health data is never used for advertising or shared with third parties.
7. Legal bases
- Contract (Art. 6(1)(b) GDPR): account, planning content, adjustment requests, purchases — everything needed to provide the service you signed up for.
- Explicit consent (Art. 9(2)(a) GDPR): health data, granted by connecting a health provider and withdrawable at any time.
- Legitimate interests (Art. 6(1)(f) GDPR): diagnostics, abuse prevention, and service quality monitoring.
- Legal obligations (Art. 6(1)(c) GDPR): where we must retain or disclose data by law.
8. Payment processing
Subscriptions are purchased through Apple's App Store and billed by Apple. We never see your payment method. We receive only subscription status information (via RevenueCat) to unlock Pro features on your account.
9. International transfers
Your app data is stored in the EU. Where processors operate in the United States (OpenAI, Braintrust, RevenueCat), transfers are protected by the EU Standard Contractual Clauses and/or the EU-U.S. Data Privacy Framework, as provided in each processor's data processing agreement.
10. Data security
We protect your data with standard industry measures:
- All traffic between the app and our backend is encrypted in transit (TLS)
- Databases enforce row-level security, so your data is only readable by your account
- Passwords are stored as salted hashes
- Health-provider connections use OAuth tokens stored server-side, never exposed to other users
11. Retention
- Account and planning data: kept while your account exists; deleted when you delete your account.
- Health data: kept while a wearable is connected; deleted with your account.
- Diagnostics: retained by Sentry for at most 90 days.
- Plan-generation traces: retained for quality evaluation for a limited period, then deleted.
12. Your rights
Under the GDPR you have the right to:
- Access: a copy of the personal data we hold about you
- Rectification: correction of inaccurate data
- Erasure: deletion of your personal data
- Portability: your data in a machine-readable format
- Restriction and objection: limits on how we process your data
- Withdrawal of consent: at any time, with effect for the future
The fastest way to erase everything is in the app itself: Settings → Account → Delete Account permanently deletes your account and data. For any other request, email fritz@dsmp.info — we respond within 30 days. You also have the right to lodge a complaint with a data protection supervisory authority.
13. Children
Ready Planner is not directed at children. You must be at least 16 years old to create an account. We do not knowingly collect data from children below this age; if you believe a child has provided us data, contact us and we will delete it.
14. Not medical advice
Ready Planner offers wellness-oriented planning suggestions based on your data. It does not provide medical advice, diagnosis, or treatment. Never disregard professional medical advice because of something the app suggested.
15. Changes
If this policy changes materially, we will update it here with a new date and inform you in the app where appropriate.