Privacy Policy

For Bifocal

Last Updated: December 31, 2025

Introduction

Welcome to Bifocal, a Dialectical Behavior Therapy (DBT) skills companion app. Your privacy is critically important to us. This Privacy Policy explains how Bifocal ("we", "us", or "our") collects, uses, stores, and protects your information when you use our mobile application.

By using Bifocal, you agree to the collection and use of information in accordance with this policy. This application was created by Henry Lightfoot.

Medical Disclaimer: Bifocal is an educational tool and is NOT a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of your physician or other qualified health provider with any questions you may have regarding a medical condition.

1. Privacy-First Philosophy

Bifocal is designed with a privacy-first, local-first approach. This means:

  • Your sensitive health data stays on your device. All diary entries, skill logs, mantras, cope ahead plans, and other personal therapeutic content are stored locally on your device using Apple's Core Data framework.
  • We cannot read your diary or personal entries. We do not have access to, cannot view, and do not store your personal therapeutic content on our servers.
  • No tracking or selling of personal data. We do not track your behavior across websites, sell your data to third parties, or share your personal information for advertising purposes.
  • You maintain full control. You can delete all your data at any time by uninstalling the app or using the in-app data deletion features.

2. Information We Collect

2.1 Information Stored Locally on Your Device

The following information is created by you and stored exclusively on your device and in your private iCloud account:

  • Diary Entries: Text entries, dates, and associated emotional ratings
  • DBT Diary Card Data: Daily mood tracking, emotion ratings, urge intensity ratings (including but not limited to urges related to suicide, self-harm, substance use, and other behaviors), skill usage tracking, medication adherence, substance use logs, and related therapeutic data. This is highly sensitive health information that remains completely private on your device.
  • Analytics Data: Processed aggregations, visualizations, and statistical analyses of your diary cards, skill logs, and engagement patterns. All analytics are computed locally on your device.
  • DBT Skill Logs: Records of which skills you've practiced and when, including effectiveness ratings
  • Mantras: Custom positive affirmations and repetition tracking
  • Cope Ahead Plans: Personalized crisis management scenarios and coping strategies
  • Prompts and Responses: Daily reflection prompts and your responses
  • Streak Data: Your practice consistency tracking
  • App Preferences: Theme settings, notification preferences, and other customization options

We do not have access to any of this information. It never leaves your device unless you explicitly enable cloud sync (see Section 3).

Important Note on Sensitive Health Data: The DBT Diary Card feature collects highly sensitive mental health information including ratings of suicide urges, self-harm urges, and other potentially concerning behaviors. The Analytics Dashboard may visualize and analyze this sensitive data to show trends and patterns. This data is collected solely for your personal therapeutic tracking and is NOT monitored by us, mental health professionals, or any third party. We have no ability to see, access, or respond to this information. If you are experiencing a crisis, please contact emergency services or a crisis helpline immediately (see our Terms and Conditions for crisis resources).

2.2 Anonymous Analytics Data

To improve app performance, stability, and user experience, we collect anonymous, non-identifiable analytics data through Firebase Analytics, including:

  • App Performance Data: Crash reports, error logs, app launch times, screen load times
  • Basic Usage Statistics: Which features are used most frequently (e.g., "User opened Diary section"), session duration, app version
  • Device Information: Device model, operating system version, app version, screen size, language preference
  • Aggregate User Behavior: General patterns like "80% of users access the skills library weekly" (never tied to individual users)

What we DO NOT collect:

  • The content of your diary entries, mantras, or cope ahead plans
  • Your DBT Diary Card data, including mood ratings, urge ratings, suicide or self-harm urge intensity, or any other sensitive mental health information you track
  • Your Analytics Dashboard visualizations, patterns, insights, or any processed health data
  • Your specific DBT skill practice details or effectiveness ratings
  • Your location data (location is processed locally only for the SOS feature and never transmitted to us)
  • Your name, email address, phone number, or other directly identifying information (unless you contact us for support)
  • Your precise location (we only collect approximate country-level location for general usage analytics, not tied to health data)
  • Any health information that could identify you or your mental health status

All usage analytics data is anonymized and aggregated, meaning we cannot trace it back to you as an individual. Your personal health data (diary cards, analytics) never leaves your device except to sync to your private iCloud.

2.3 Subscription and Payment Information

If you purchase Bifocal Pro, payment processing is handled securely by:

  • Apple App Store: Your payment information (credit card, billing address, etc.) is processed directly by Apple. We never see or store your payment details.
  • RevenueCat: We use RevenueCat to manage subscription status and validate purchases. RevenueCat receives:
    • An anonymous user identifier (not tied to your personal identity)
    • Your subscription status (active, expired, trial, etc.)
    • Transaction IDs from Apple
    • Device and app version information

RevenueCat does not receive your name, email, payment information, or any personal therapeutic content. See RevenueCat's privacy policy at https://www.revenuecat.com/privacy.

2.4 Speech Recognition Data (Mantra Feature)

When you use the Mantra practice feature with speech recognition:

  • Processing happens on-device using Apple's Speech Recognition framework
  • Audio may be sent to Apple's servers for processing, subject to Apple's privacy policy
  • We do not store, transmit, or access your voice recordings or transcriptions
  • The transcribed text is used only to match against your mantra and is not saved permanently

You can review Apple's approach to privacy and speech recognition at https://www.apple.com/privacy/.

2.5 Location Data (SOS Feature - Optional)

The SOS (Crisis Support) feature may request access to your device location to provide region-specific crisis helpline numbers and local mental health resources:

  • Location access is entirely optional. You can use the SOS feature without granting location permission (you will see national/general crisis resources instead of local ones).
  • How we use location: If you grant permission, we use Apple's Core Location framework to determine your approximate location (country, region/state, city) to display appropriate crisis contact information.
  • Processing is local only: Your location is processed entirely on your device. We do NOT transmit, store, or share your location data with our servers or any third parties.
  • No tracking: We do not track your movements, create location history, or use location for any purpose other than displaying relevant crisis resources in the SOS feature.
  • One-time use: Location is checked only when you open the SOS Emergency Contacts screen. It is not continuously monitored.

You can revoke location permission at any time through your device Settings → Bifocal → Location. This will not affect any other features of the app.

3. Cloud Sync

  • Data Storage: Your personal therapeutic content (diary entries, diary cards, skill logs, mantras, cope-aheads, analytics data, etc.) is synced to your private iCloud account using Apple's CloudKit framework
  • End-to-End Encryption: Data synced to iCloud is encrypted and can only be accessed using your Apple ID credentials
  • We Cannot Access Your iCloud Data: Your iCloud data is stored in your personal iCloud storage, which we do not have access to
  • Apple's Privacy Policy Applies: Data stored in iCloud is subject to Apple's Privacy Policy and iCloud Terms of Service
  • Multi-Device Sync: Your data automatically syncs across all your devices signed in with the same Apple ID
  • Analytics Data: Analytics visualizations and computed insights are also synced via iCloud so you can see consistent data across devices

4. How We Use Your Information

4.1 Local Data (Stored on Your Device)

Your personal therapeutic data is used exclusively by you, on your device, for the following purposes:

  • Tracking your DBT skills practice and progress
  • Recording and visualizing your daily moods, emotions, and urges through the DBT Diary Card feature
  • Helping you identify patterns in your emotions, urges, and behaviors over time through the Analytics Dashboard
  • Generating visualizations, charts, and statistical insights in the Analytics feature (computed locally on your device)
  • Providing location-based crisis resources in the SOS feature (if you grant location permission)
  • Generating personalized insights, streaks, and statistics
  • Creating PDF progress reports for you or your therapist, including weekly diary card summaries
  • Providing daily prompts and reflections

We never see, access, or use this data. The DBT Diary Card feature, Analytics Dashboard, and SOS feature, including any suicide or self-harm urge ratings you enter and any concerning trends identified by analytics, are completely private and are not monitored by anyone.

4.2 Anonymous Analytics Data

We use anonymized analytics data to:

  • Identify and fix bugs and crashes
  • Understand which features are most valuable to improve the app
  • Optimize app performance and loading times
  • Make informed decisions about new features and improvements

4.3 Subscription Data

We use subscription information (via RevenueCat) to:

  • Verify your Bifocal Pro subscription status
  • Enable Pro features like cloud sync and unlimited cope ahead plans
  • Provide customer support for billing issues
  • Prevent subscription fraud

5. Data Sharing and Third-Party Services

We use the following third-party services, each with their own privacy policies:

5.1 Firebase (Google)

Purpose: Anonymous crash reporting and analytics
Data Shared: Device information, app performance data, anonymized usage statistics
Privacy Policy: https://firebase.google.com/support/privacy

5.2 RevenueCat

Purpose: Subscription management and purchase validation
Data Shared: Anonymous user ID, subscription status, transaction IDs
Privacy Policy: https://www.revenuecat.com/privacy

5.3 Apple (iCloud/CloudKit, Speech Recognition, App Store)

Purpose: Cloud sync, speech recognition, payment processing
Data Shared: Only if you enable cloud sync or use speech features; processed according to Apple's privacy standards
Privacy Policy: https://www.apple.com/privacy/

We do not sell your data. We do not share your personal therapeutic content with any third party. Anonymous analytics data is used solely for improving the app.

6. Data Security

We take data security seriously and implement industry-standard practices:

  • Local Storage: Data on your device is protected by iOS security features and your device passcode/biometrics
  • Cloud Sync: Data is encrypted in transit and at rest using Apple's CloudKit security
  • No Central Database: We do not maintain a central server with user data, reducing risk of data breaches
  • Secure Connections: All network communications use industry-standard encryption (HTTPS/TLS)

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention and Deletion

  • Local Data: All personal therapeutic data (diary cards, analytics, skill logs, etc.) is stored on your device indefinitely until you delete it or uninstall the app
  • iCloud Data: Data remains in your iCloud account until you delete it from the app on all devices
  • Location Data: Location data is never stored. It is processed in real-time when you open the SOS Emergency Contacts screen and immediately discarded.
  • Anonymous Usage Analytics: Anonymous analytics data is retained according to Firebase's data retention policies (typically 2-14 months, anonymized after 2 months)
  • Subscription Data: RevenueCat retains subscription transaction data as required for business and legal purposes

How to Delete Your Data:

  • To delete local data (including diary cards and analytics): Settings → Danger Zone → Delete All Data
  • To delete iCloud data: Manage your iCloud data using Apple's software, or delete from the app on all devices
  • To completely remove all data: Uninstall the app from all devices and disable cloud sync
  • To request deletion of anonymous usage analytics: Contact us at bifocal@henrylightfoot.co.uk
  • To revoke location permission: Device Settings → Bifocal → Location → Never

8. Children's Privacy

Bifocal is not intended for children under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at bifocal@henrylightfoot.co.uk.

Since we operate with a local-first, privacy-first model and do not collect personal data by design, we are in compliance with the Children's Online Privacy Protection Act (COPPA).

9. Health Data and Regulatory Compliance

9.1 Sensitive Health Information

The DBT Diary Card feature collects what is considered "sensitive health information" under various privacy laws, including data about mental health conditions, suicide ideation, self-harm urges, and related therapeutic information. We want to be completely transparent about how this data is handled:

  • Complete Privacy: All diary card data is stored exclusively on your device and in your private iCloud account (if sync is enabled). We cannot access, view, or monitor this information.
  • No Medical Monitoring: We do not monitor, review, or respond to any health data you enter. The app is not monitored by healthcare professionals.
  • Local Processing Only: Your health data never leaves your device except when synced to your personal iCloud account using Apple's encrypted infrastructure.
  • No Third-Party Sharing: We never share, sell, or transmit your health data to any third parties, insurers, employers, or other entities.

9.2 HIPAA and Healthcare Regulations

Bifocal is NOT a HIPAA-covered entity. We are not a healthcare provider, health plan, or healthcare clearinghouse. The Health Insurance Portability and Accountability Act (HIPAA) does not apply to our app. However, we recognize the sensitive nature of mental health data and have designed Bifocal with privacy-first principles that exceed many regulatory requirements:

  • We do not maintain a central database of your health information
  • We cannot access your therapeutic data
  • Your data remains under your exclusive control

If you are using Bifocal under the guidance of a HIPAA-covered healthcare provider (such as a therapist), and you share your data with them (for example, by showing them your phone or exporting a PDF report), that sharing is your choice and is subject to your provider's HIPAA obligations, not ours.

9.3 Crisis Detection and Mandatory Reporting

Important: Bifocal does NOT have any crisis detection, intervention, or monitoring capabilities. When you enter data indicating suicide urges, self-harm urges, or other crisis-related information, or when the Analytics Dashboard shows concerning trends:

  • We do not receive alerts or notifications
  • No one is monitoring your entries or analytics data
  • The app does not automatically alert anyone based on concerning patterns or high-risk data
  • We cannot and will not contact emergency services on your behalf
  • We have no ability to perform mandatory reporting obligations (which typically apply to healthcare providers, not apps)

We provide crisis resources and emergency contact information within the app (including the SOS feature), but you must take action to contact these resources yourself. The SOS feature does not connect you automatically to emergency services—you must manually dial or contact crisis resources. If you are in crisis, please contact emergency services (911, 988, etc.) immediately.

9.4 SOS Feature and Crisis Contact Information

The SOS (Crisis Support) feature provides:

  • Educational Content: Information about DBT distress tolerance skills (breathing exercises, grounding techniques, TIPP, IMPROVE, self-soothing)
  • Crisis Helpline Directory: Links and phone numbers for crisis helplines, which may be customized based on your location if you grant location permission
  • Emergency Contact Shortcuts: Quick access to emergency numbers (911, 988, etc.)

Important Limitations:

  • Crisis contact information is compiled from publicly available sources and may be outdated or inaccurate
  • We do not monitor, verify, or update crisis helpline information in real-time
  • Location-based recommendations depend on GPS accuracy and may be incorrect
  • The SOS feature does not connect you to emergency services—you must manually dial or contact resources yourself
  • We are not responsible for the availability, accuracy, or quality of third-party crisis services

9.5 Data for Research Purposes

Your personal health data (diary card entries, mood ratings, urge ratings, analytics visualizations, etc.) is NEVER used for research purposes and is never shared with researchers, academic institutions, or any third parties. Only anonymized, aggregate analytics data (which does not include your health information) may be used to improve the app.

9.6 Analytics Feature and Health Data Processing

The Analytics Dashboard processes your diary card data, skill logs, and other tracked information to generate visualizations, patterns, and insights. All analytics processing happens locally on your device.

  • No Server-Side Processing: Your personal health data is NOT sent to our servers for analytics computation. All calculations, visualizations, and pattern detection occur on your device.
  • No Professional Review: Analytics are generated algorithmically. They are not reviewed, validated, or interpreted by mental health professionals.
  • No Automated Interventions: Even if analytics show concerning trends (e.g., increasing suicide urges, declining mood), the app does NOT automatically alert anyone or trigger any interventions. You are solely responsible for interpreting analytics and seeking help if needed.
  • Privacy of Analytics: Like all your therapeutic data, analytics visualizations and insights are stored locally and (if enabled) synced to your private iCloud. We cannot see your analytics data.

10. International Data Transfers

Bifocal is available worldwide. If you are accessing the app from outside the United States:

  • Your local data remains on your device in your country
  • With iCloud Sync, data is stored in Apple's iCloud servers, which may be located in various countries according to Apple's infrastructure
  • Anonymous analytics data may be transferred to and processed in the United States (Firebase servers)

By using Bifocal, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules.

11. Your Privacy Rights

Depending on your location, you may have certain rights regarding your data:

  • Right to Access: You can access all your personal data directly within the app, including diary cards and analytics visualizations
  • Right to Rectification: You can edit or correct your data at any time in the app
  • Right to Erasure: You can delete your data at any time (see Section 7)
  • Right to Data Portability: You can export your data as PDF reports, including weekly diary card summaries
  • Right to Object: You cannot opt out of all usage analytics, but such data is already anonymized and non-identifiable. You can revoke location permission for the SOS feature at any time.
  • Right to Withdraw Consent: You can disable cloud sync, revoke location permission, or uninstall the app at any time

For GDPR (EU), CCPA (California), or other privacy law inquiries, contact us at bifocal@henrylightfoot.co.uk.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Categories of Personal Information Collected: See Section 2
  • Purposes for Collection: See Section 4
  • Third Parties: See Section 5
  • Sale of Personal Information: We do not sell your personal information
  • Right to Know: You can request details about the data we've collected (contact us at bifocal@henrylightfoot.co.uk)
  • Right to Delete: See Section 7
  • Right to Opt-Out: We do not sell personal information, so there is nothing to opt out of
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

  • Legal Basis for Processing: We process data based on your consent (when you use the app and enable features) and our legitimate interest (anonymized analytics for app improvement)
  • Data Controller: Henry Lightfoot is the data controller for Bifocal
  • Data Protection Officer: For inquiries, contact bifocal@henrylightfoot.co.uk
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the new Privacy Policy in the app and on this page
  • Updating the "Last Updated" date at the top of this policy
  • Providing an in-app notification for significant changes

Changes are effective immediately upon posting. We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Email: bifocal@henrylightfoot.co.uk
Developer: Henry Lightfoot
App: Bifocal - DBT Skills Companion

We will respond to your inquiry within 30 days.

16. Consent

By using Bifocal, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree with this policy, please do not use the app.

Specific Consent for Location Services: If you grant location permission for the SOS feature, you consent to the app accessing your approximate location to provide region-appropriate crisis resources. You understand that location data is processed locally and never transmitted to our servers.

Specific Consent for Health Data Processing: By using the DBT Diary Card and Analytics features, you consent to the local processing and visualization of your sensitive health data (including suicide urges, self-harm urges, and other mental health information) on your device. You understand that this data is not monitored by us or any healthcare professionals and that you are solely responsible for seeking professional help when needed.