Privacy Policy
Questions: help@nereusdata.io
Privacy transparency for Plunge by Nereus Data.
Privacy Policy
Last Updated: March 6, 2026
Effective Date: March 6, 2026
This Privacy Policy describes how Nereus Data ("we," "us," or "our") handles information in connection with Plunge, a thermal wellness and recovery tracking application for Apple Watch and iPhone (the "App").
Our Core Principle: Local-First, Privacy by Design
Plunge is designed with your privacy as a foundational principle. All session data, health metrics, and personal settings are stored exclusively on your device. We do not operate servers that store your personal data.
1. Information We Do NOT Collect
- No user accounts. Plunge does not require registration, login, or any form of account creation.
- No personal data collection. We do not collect your name, email address, phone number, or any other personally identifiable information.
- No health data transmission. HealthKit data (heart rate, HRV, workouts) is never uploaded to any server.
- No cross-app tracking. We do not track your activity across other apps or websites.
- No data sales. We do not sell, rent, or share any user data with third parties.
2. Information Stored Locally on Your Device
The App stores the following information exclusively on your device using local file storage (JSON). This data never leaves your device and is not accessible to us:
- Recovery sessions (environment type, duration, heart rate snapshots, thermal dose)
- App preferences and settings (selected environments, breathwork patterns, dashboard layout)
- XP progress (level, milestones, session count)
- User biometrics (weight, height — entered by you for calorie estimation)
This data is stored in the app's sandboxed container and is automatically deleted if you uninstall the App. You can export your session data as JSON at any time.
3. Apple HealthKit
Plunge integrates with Apple HealthKit to provide recovery tracking features:
- Read: Heart rate, heart rate variability (HRV SDNN), resting heart rate, body mass, height, date of birth, biological sex, active energy, environmental audio exposure.
- Write: Workout sessions (with heart rate samples and metadata).
Important details about this integration:
- All HealthKit data is processed entirely on your device by iOS.
- We never receive, access, or transmit any HealthKit data to our servers or any third party.
- HealthKit access requires your explicit permission and can be revoked at any time in Settings.
- For more information, refer to Apple's Privacy Policy.
4. Microphone Access
On iPhone, Plunge may request microphone access for ambient sound classification to help detect your session environment (e.g., sauna vs. steam room vs. outdoor).
- Audio is processed on-device in real time using Apple's Sound Analysis framework.
- No audio is recorded, stored, or transmitted. Only the classified sound category is retained.
- Microphone access is optional and can be denied without affecting core functionality.
5. Location Data
Plunge may request location access to retrieve outdoor weather conditions (temperature and humidity) via Apple WeatherKit for environmental context.
- Location is used only for weather lookups and is not stored, tracked, or transmitted to our servers.
- Weather data is cached briefly on-device (10 minutes) and then discarded.
- Location access is optional and can be denied without affecting core functionality.
6. WatchConnectivity
Session data is synced between your Apple Watch and iPhone using Apple's WatchConnectivity framework.
- Data travels only between your own paired devices via Apple's secure transport.
- No data is routed through our servers.
7. Third-Party Services
PostHog (Product Analytics)
Plunge uses PostHog for anonymized product analytics to understand feature usage and improve the app experience.
- No personally identifiable information is collected.
- No user IDs, names, or email addresses are transmitted.
- Analytics are limited to anonymized event counts (e.g., "session started", "environment selected").
- General device information (device model, OS version, app version) may be included.
Sentry (Crash Reporting)
Plunge uses Sentry for anonymized crash reporting to identify and fix bugs.
- Crash reports contain stack traces, device model, and OS version.
- No personal data, health data, or session content is included in crash reports.
Apple App Store
Subscription purchases are processed entirely through the Apple App Store. We do not process payments directly and do not have access to your payment information.
8. Children's Privacy
Plunge is intended for users age 13 and older. We do not knowingly collect personal information from children under 13. Since we do not collect personal data from any users, no special provisions are required.
9. Data Security
Since user data is stored exclusively on your device:
- Your data is protected by your device's built-in security features (passcode, Face ID, Touch ID).
- App data is stored in iOS sandboxed storage, which prevents other apps from accessing it.
- We recommend keeping your device software up to date for the latest security protections.
10. Data Retention and Deletion
- Local data is retained on your device until you delete the App. Uninstalling removes all locally stored data.
- PostHog anonymous analytics are retained according to PostHog's data retention policies.
- Sentry crash reports are retained for 90 days.
- You can export your session data as JSON before deleting the App.
11. Your Rights
Since we do not collect or store personal data on our servers, most traditional data rights (access, correction, deletion, portability) are inherently satisfied. Your data lives on your device and is under your full control.
If you wish to:
- Delete your data: Uninstall the App.
- Export your data: Use the in-app JSON export feature.
- Request information: Contact us at the email below and we will respond within 30 days.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date at the top of this page.
13. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us:
- Email: help@nereusdata.io
- Website: https://nereusdata.io
14. Jurisdiction-Specific Disclosures
For California Residents (CCPA/CPRA)
We do not sell or share personal information as defined by the California Consumer Privacy Act. Since we do not collect personal information, CCPA data subject requests are inherently fulfilled.
For European Residents (GDPR)
We do not collect or process personal data as defined by the General Data Protection Regulation. Our legal basis for any data processing (limited to anonymous PostHog analytics and Sentry crash reports) is legitimate interest in improving the App experience.
For All Users
Regardless of your location, our commitment is the same: your personal data stays on your device, and we do not collect, sell, or share it.