Privacy Policy — Starlene Oracle

01

Who we are

We are yForest LLC, a software company based in Flower Mound, Texas. We build Starlene Oracle — an AI-powered personalized oracle app for iOS. If you have privacy questions or requests, the best place to reach us is support@yforest.ai.

02

What Starlene reads

To give you a reading that names something true about your actual day, the app draws on the following sources — each one only if you choose to connect it:

Your name and birth information Provided during onboarding. Used to personalize readings and calculate astrological context.
Calendar events Read from Apple Calendar via EventKit. Event titles and times only — not attendees, not notes, not descriptions. Sensitive events (therapy, medical, legal, financial) are removed automatically before any reading is generated.
Location, at city level From CoreLocation. We coarsen your location to city and region — your precise GPS coordinates are never used, never stored, never sent.
Weather where you are From Apple WeatherKit, using your city-level location. Current conditions, temperature, and forecast. Weather is part of the reading because the sky is part of your day.
Sleep, heart rate, HRV, and step count From Apple HealthKit, read-only. These four categories only. Summarized into broad patterns (e.g., "rested," "running on reserves") before any data leaves your device.
Upcoming birthdays from your contacts First names and birth dates only, for contacts who have birthdays in the near future. Last names, email addresses, and phone numbers are never read.
What you type into Pull a Thread or other manual fields If you choose to write something — a feeling, a word, a sentence — that text is included in your reading context. You're always in control of what you share.
The glyph you pull each morning A single selection from a small set of symbolic states. It takes two seconds and colors the tone of the morning reading. No analysis. Just a signal.

03

What Starlene never reads

To be specific about what stays private:

Last names from your contacts
Email addresses or phone numbers
Your full contact list — only contacts with imminent birthdays are surfaced
Event attendee details, event notes, or event descriptions
Sensitive events — therapy appointments, medical visits, legal or financial events — removed automatically before any reading context is built
Your precise GPS coordinates — city and region only
Any HealthKit data outside sleep, heart rate, HRV, and step count
Your message history, browser history, photos, or any other app data

04

How your data flows

We believe you should know exactly what happens to your information and when. Here is the complete picture:

On your device. All data collection happens locally. Your calendar, health data, and location are read on-device and assembled into a structured summary — a brief set of signals about your day.

Health data transformation. Before any health information leaves your device, it is converted from raw numbers into broad descriptive categories. "You slept 5.5 hours and your HRV is low" becomes something like "running on reserves." Raw values never leave your device.

To our secure proxy. The day-summary is sent over HTTPS to a Cloud Function hosted on Google Cloud (Firebase, us-central1, Blaze plan). This function acts as a secure proxy — it receives the summary, forwards it to Anthropic's Claude API, and returns the generated reading. It does not log or store your data.

Anthropic generates your reading. Anthropic's Claude AI receives the context summary and generates the reading text. Per Anthropic's API terms, they do not use API customer data to train their models. The request is processed and discarded.

Back to your device. The generated reading is returned to your app and stored locally using Apple's SwiftData framework. It lives on your device. Nothing about you is stored on our servers in any persistent form.

We do not operate a user database. We do not store accounts, profiles, or reading histories on our servers. If you delete the app, your data is gone from our reach entirely.

05

Anthropic as a sub-processor

We use Anthropic PBC to power the language of each reading. Anthropic is named here as a documented sub-processor under GDPR Article 28. They process your reading context according to their published API terms (anthropic.com/legal/commercial-terms) and do not train on API customer data by default.

We rely on Anthropic's published terms for this relationship and do not have a separate data processing agreement in place at this time. If you have concerns about Anthropic's data handling practices, their privacy policy is available at anthropic.com/legal/privacy.

06

Your control

You are always in charge of what Starlene can see. At any time:

Disconnect any data source individually in the app's Settings screen. Starlene will stop reading that source immediately.
Delete the app. Deleting Starlene from your device removes all locally stored readings and settings. Because we don't maintain server-side accounts, there is nothing more to delete.
Request deletion via email. If you believe we hold any data linked to you, email support@yforest.ai and we will respond within 30 days.

07

Your rights

Privacy law gives you specific rights depending on where you live. Here is what applies to you:

California — CCPA

You have the right to know what data we collect, the right to delete it, and the right to opt out of sale. We do not sell your data. We have never sold your data. We will not sell your data.

European Union & United Kingdom — GDPR / UK GDPR

You have the right to access, rectify, erase, restrict, and port your data, and to object to its processing. Because we do not maintain persistent server-side records linked to you, most of your data exists only on your device — and is therefore already within your direct control.

Washington State — My Health My Data Act

Health data receives additional protections under Washington's MHMD Act. We collect health data (sleep, heart rate, HRV, steps) only for the purpose of generating your personalized reading. This data is never sold, never shared with third parties for their own purposes, and never used for advertising. You may withdraw consent at any time via the Settings screen.

Virginia, Colorado, Connecticut, Utah, and other US states

Equivalent consumer data rights apply under your state's privacy law, including the right to know, the right to delete, and the right to opt out of sale. We honor all of these without requiring you to jump through hoops. Email support@yforest.ai.

To exercise any of these rights, email support@yforest.ai. We will respond within 30 days, and within 15 days for California requests under CCPA.

08

Children

Starlene Oracle is intended for users 13 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has used the app and provided personal information, please contact us at support@yforest.ai and we will take steps to remove that information.

09

Security

All data in transit is encrypted via HTTPS/TLS. Data at rest on your device is protected by iOS sandboxing and the security guarantees of the Apple platform. Because we do not maintain a persistent server-side database of user records, the attack surface for your personal data is minimal by design.

No security system is perfect. If you discover a security issue with Starlene Oracle, please report it to support@yforest.ai.

10

Changes to this policy

We may update this privacy policy as the app evolves. When we do, we will update the "Last updated" date at the top of this page, bump the version number in the app, and — for material changes — prompt you to review and consent to the updated terms inside the app before continuing.

We will not retroactively change how we treat data you have already provided without your explicit consent.

11

Contact

For any privacy question, data request, or security concern:

support@yforest.ai
yForest LLC
Flower Mound, TX, United States