← Back to Protocol

Privacy Manifesto.

01. Sovereignty by Default

PrimeForm was built for individuals who prioritize biological and digital sovereignty. Your protocol lives on your device. We do not run a backend that stores your health data. Outside of the AI Coach disclosures below, nothing leaves your phone.

02. The CloudKit Vault

Protocol logs, workouts, meals, hydration, fasting state, habits, symptoms, medications, cycle entries, intimate-health entries, and progress photos are stored on-device and synced through your Encrypted iCloud Private Database.

The developers of PrimeForm have zero visibility into that vault. There is no PrimeForm server holding your records.

03. AI Coach — What Leaves the Device

When you open the AI Coach and send a message, PrimeForm assembles a context summary from your local data and sends it together with your prompt to a large-language-model provider so the Coach can answer with context.

By default the request is routed through our Cloudflare proxy at ai.primeformapp.com to Google Gemini. You can switch the Coach to OpenAI, DeepSeek, or your own API key from Coach → AI Providers.

What the context summary includes:

  • Your name, body measurements, goals, and self-described struggles
  • HealthKit-derived summaries: steps, active energy, stand minutes, sleep hours, hydration
  • Daily check-in mood, energy, focus, cravings, intention, gratitude notes
  • Active symptoms, current medications, medical-document metadata
  • Menstrual cycle data and intimate-health entries (when logged)
  • Accountability partner names and shared goals (when partner feature is used)
  • The text of every message you send the Coach

What is never sent: raw HealthKit samples, your Apple ID, your email, journal/brain-dump entries, and relapse logs. Profile and progress photos stay on-device.

PrimeForm does not retain Coach requests on its own infrastructure. The proxy forwards each request and returns the response without persistent logging. Upstream providers (Google, OpenAI, DeepSeek) process the data under their own terms — review their policies if you have concerns. If you supply your own API key, the request bypasses the PrimeForm proxy entirely.

If you never use the AI Coach, no health data leaves your device.

04. Image Analysis

Three features upload image data through our Cloudflare proxy at ai.primeformapp.com/vision to Google Gemini Vision for analysis:

  • Meal photo logging — your meal photo is sent so the AI can estimate calories and macros.
  • Coach chat attachments — any image you attach in a Coach conversation is sent so the AI can comment on it.
  • Medical document scans — when you scan a document in the Medical Documents feature, the image is sent to extract text (OCR) and produce a summary.

The proxy holds the upstream Gemini key on our infrastructure so it is never bundled in the app. PrimeForm does not log image content on the proxy. Google processes the image under its own terms. Profile photos and weekly progress photos are never sent off-device.

05. Image Search

Meal and exercise cards display royalty-free imagery from Pexels. PrimeForm sends only the search keyword (e.g., "salmon", "deadlift") to api.pexels.com. No user identity is attached.

06. Accountability Sharing

Data is only shared with accountability partners you explicitly invite. Sharing happens through Apple's CloudKit-sharing primitive — PrimeForm cannot read the shared zone. You retain full control to revoke access at any time.

07. Screen Time & Family Controls

The Detox and Focus modules use Apple's Family Controls and Managed Settings frameworks. The set of apps you block stays on-device in a sandbox PrimeForm cannot read directly — Apple mediates the entire interaction. We never see which apps you block.

08. Analytics & Tracking

PrimeForm does not integrate Firebase, Crashlytics, Sentry, Mixpanel, Amplitude, or any third-party analytics SDK. There is no cross-app or cross-site tracking, no advertising identifier collection, and no usage telemetry sent to PrimeForm or any partner.

09. Not Medical Advice

The AI Coach is a coaching tool, not a doctor. Its responses — including any wording that resembles a diagnosis, follow-up suggestion, or medication reminder — are not professional medical advice and must not be treated as such. Always consult a qualified healthcare provider before making decisions about your medications, symptoms, contraception, fertility, mental health, or treatment of any condition. PrimeForm is not a substitute for clinical care and does not establish a doctor-patient relationship.

10. Your Choices

  • Use the app without ever opening the Coach — your data stays on-device.
  • Switch the Coach to your own API key under Coach → AI Providers to bypass the PrimeForm proxy.
  • Sign out of iCloud or disable iCloud Drive for PrimeForm in iOS Settings to stop CloudKit sync.
  • Delete the app at any time to remove all local data; CloudKit-stored data can be deleted from iOS Settings → Apple ID → iCloud → Manage Account Storage.
  • Revoke Apple Health permissions in iOS Settings → Privacy & Security → Health.

11. Children

PrimeForm is not directed at children under 13. We do not knowingly collect data from anyone under 13.

Questions?

For inquiries regarding our architecture or data practices, contact the protocol leads at support@primeformapp.com.

Last Protocol Update: May 2026