top of page

Privacy Policy

Effective Date: January 16, 2026

​

Introduction

Lowkey Enterprises, Inc. ("LOWKEY," "we," "us," or "our") is a personal pattern detection and notification system that passively notices behavioral patterns using objective data you authorize us to collect from your device. When statistical deviations from your established baseline are detected, you receive a notification first. You may optionally designate recipients to receive escalation notifications. This Privacy Policy explains how we collect, use, store, and protect your information.

Core Principle: Your privacy is non-negotiable. We collect only what's necessary to detect pattern deviations and send alerts to you. We process sensitive data on your device whenever possible, and we will never sell your data. No personal information is shared with other LOWKEY members unless you specifically choose to share it.

​

Information We Collect

Data You Provide

  • Account Information: Name, email address, phone number

  • Inner Circle Information: Contact information for your chosen Inner Circle members

  • User Preferences: Notification settings, pattern tracking preferences

Data We Collect Automatically

Health & Activity Data (via Apple HealthKit):

  • Steps, heart rate, active calories, exercise minutes, walking/running distance, flights climbed, sleep and HRV

  • This data is aggregated hourly and stored securely

  • You control HealthKit permissions through iOS Settings

Motion Data:

  • Phone pickup patterns detected through iOS motion sensors

  • Used to understand engagement patterns

Location Pattern Data:

  • GPS coordinates are processed entirely on your device and never transmitted to our servers

  • Only anonymized location pattern IDs (e.g., "Home," "Work") are stored

  • We track when you enter/leave user-defined locations, not your precise GPS coordinates

Usage Data:

  • App interaction patterns, feature usage, alert responses

  • Technical data: device model, iOS version, app version (for troubleshooting only)

​​

How We Use Your Information

  • Pattern Detection: Analyze patterns to detect deviations from your personal baseline

  • Notifications: Notify you when pattern deviations are detected. If you've chosen Inner Circle members, they receive notifications only if you've specified them

  • Service Improvement: Improve algorithm accuracy and app functionality

  • Research & Development: De-identified data and aggregated population trends may be used for research, product advancement, and improving pattern detection algorithms. De-identified data help us improve detection for everyone.

  • Support: Respond to your questions and technical issues

  • Safety & Security: Prevent fraud and maintain service security

​​

Privacy by Design

On-Device Processing:

  • GPS coordinates never leave your phone

  • Location calculations happen entirely on-device

  • Only anonymized pattern IDs are transmitted

Minimal Data Collection:

  • We collect only what's necessary for the service to work

  • No advertising IDs or cross-app tracking

  • No device fingerprinting

Aggregation:

  • Health data is aggregated hourly, not stored second-by-second

  • Inner Circle notifications contain only high-level context, never raw metrics

​​

Data Sharing

We Do Not Sell Your Personal Data. Ever.

Your personal information — name, email, phone number, GPS coordinates, raw health metrics, and any data that identifies you — will never be sold to advertisers, data brokers, insurance companies, or any third parties.

Limited Sharing:

  • Your Inner Circle: Receives only notifications with high-level context when patterns are concerning. They never see raw health data, GPS coordinates, or detailed activity logs.

  • Service Providers: We use trusted third-party services for hosting, notifications and analytics. These providers are bound by strict data protection agreements and cannot use your data for their own purposes.

  • Legal Requirements: We may disclose information if required by law, court order, or to protect safety in emergency situations.

We will never share your data with:

  • Advertisers or marketing companies

  • Data brokers

  • Insurance companies

  • Employers

​​

Data Security

Encryption:

  • TLS 1.3 encryption for all data in transit

  • AES-256 encryption for data at rest

  • Secure authentication with JWT tokens

Access Controls:

  • Row-level security ensures you can only access your own data

  • Bcrypt password hashing

Infrastructure:

  • SOC 2 compliant hosting infrastructure

  • Automated backups with 7-day retention

​​

Your Rights & Controls

You have the right to:

  • Access: View all data we've collected about you

  • Export: Download your data in a portable format

  • Delete: Permanently remove your account and all associated data

  • Pause: Suspend pattern tracking anytime using Vacation/Illness mode

  • Control: Adjust what data is collected through iOS permissions and app settings

  • Object: Opt out of optional data collection

To exercise these rights: Email support@lowkeyprotection.com or use in-app settings.

​

Data Retention

  • Active accounts: Data is retained while your account is active

  • Deleted accounts: All data is permanently deleted within 30 days of account deletion

  • Backups: Deleted data is removed from backups within 7 days

​​

Children's Privacy

LOWKEY is intended for users 16 and older. We do not knowingly collect information from children under 16 without parental consent. If you believe we've collected data from a child under 16, contact us immediately.

​

Third-Party Services

We use:

  • Supabase: Secure database and authentication

  • Firebase Cloud Messaging: Push notifications

  • Apple HealthKit: Health data access (governed by Apple's privacy policies)

These services are carefully selected for their security and privacy practices. Personal health information is never sent to Firebase or analytics services.

​

Automated Decision-Making

LOWKEY uses algorithms to detect pattern deviations from your personal baseline and generate notifications. These algorithms analyze your behavioral data (steps, sleep, location patterns, phone usage) to identify meaningful changes. You can provide feedback on notifications directly in the app to improve accuracy for your unique patterns.

​

California Privacy Rights

For California Residents: Under the California Consumer Privacy Act (CPRA), California residents have the right to:

  • Request information about what personal data we collect and how we use it

  • Request deletion of your personal data

  • Opt out of the sale of personal data (though we do not sell personal data)

  • Not be discriminated against for exercising these rights

To exercise these rights, email support@lowkeyprotection.com or use the in-app data controls in Settings.

​

Changes to This Policy

We may update this Privacy Policy to reflect service changes or legal requirements. We'll notify you of material changes via email or in-app notification. Continued use after changes constitutes acceptance.

​

Contact Us

Questions about this Privacy Policy or our data practices?

Email: support@lowkeyprotection.com

Address: Lowkey Enterprises, Inc., 2525 Arapahoe St Unit E4 #715, Boulder, CO 80302

bottom of page