Taper AITaper AI

Privacy Policy

Last updated: January 2026

Privacy-First Design

All your health data stays on your device. We never see, store, or have access to your medication information, tapering schedules, or mood logs.

1. Company Information & HIPAA Compliance

Taper AI is developed and operated by Webair AI LLC (“Company,” “we,” “us,” or “our”).

HIPAA Compliant Organization

Webair AI LLC is a HIPAA-compliant organization. We adhere to all requirements of the Health Insurance Portability and Accountability Act (HIPAA), including the Privacy Rule and Security Rule. We maintain comprehensive administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of any protected health information (PHI). Our privacy-first architecture—where health data remains on your device—exceeds HIPAA requirements by eliminating the transmission and storage of PHI on our servers entirely.

2. Our Privacy Commitment

At Taper AI, we believe your medical information is deeply personal and should remain completely private. Unlike many health apps, we've designed our architecture so that your sensitive health data never leaves your device.

3. Data Storage

On-Device Storage (SwiftData)

The following data is stored exclusively on your device using Apple's SwiftData framework and is never transmitted to our servers:

  • Medication names and dosages
  • Tapering schedules and plans
  • Mood and symptom logs
  • Progress tracking data
  • Notes and journal entries
  • Reminder settings

This data is encrypted on your device and protected by your device's security features (Face ID, Touch ID, or passcode).

4. What We Do Collect

Firebase Authentication

We use Firebase Authentication for account management. This service only processes:

  • Email address (for login purposes)
  • Authentication tokens
  • Basic account metadata (creation date, last login)

Important: Firebase never receives any of your health data. Authentication is completely separate from your medical information.

Anonymous Analytics (Optional)

If you opt in, we collect anonymous, aggregated usage statistics to improve the app:

  • App crashes and errors
  • Feature usage patterns (not content)
  • Device type and OS version

This data cannot be used to identify you and contains no health information.

5. Data We Never Collect

Medication names or dosages
Tapering schedules
Mood or symptom data
Health conditions
Doctor or provider information
Location data

6. HIPAA Considerations

While Taper AI is not a covered entity under HIPAA (we don't provide healthcare services), we've designed our app with HIPAA principles in mind:

  • Minimum necessary principle: We don't collect data we don't need
  • Data security: All local data is encrypted
  • User control: You own and control all your data

7. Your Rights

You have complete control over your data:

  • Access: View all your data within the app
  • Export: Download your data at any time
  • Delete: Remove all data by uninstalling the app
  • Portability: Export and transfer your data as needed

8. Third-Party Services

We use the following third-party services:

ServicePurposeData Shared
Firebase AuthUser authenticationEmail only
Apple (SwiftData)Local data storageNone (local only)

9. Data Security

We implement multiple layers of security:

  • Local data encrypted using iOS encryption
  • Authentication via secure Firebase protocols
  • No server-side storage of health data
  • Regular security reviews and updates

10. Children's Privacy

Taper AI is not intended for use by children under 13 (or under 16 in the European Economic Area). We do not knowingly collect information from children under these ages. If you believe we have collected information from a child, please contact us immediately and we will take steps to delete such information.

11. Apple App Tracking Transparency

In compliance with Apple's App Tracking Transparency (ATT) framework:

  • We do not track you across apps and websites owned by other companies
  • We do not use your device's advertising identifier (IDFA)
  • We do not share your data with data brokers
  • We do not use your data for targeted advertising

If you have enabled “Ask App Not to Track” in your iOS settings, rest assured that Taper AI respects this preference by default, as we do not engage in any form of cross-app tracking.

12. Apple Privacy Nutrition Labels

In accordance with Apple's App Store privacy requirements, here is a summary of our data practices:

Data Used to Track You

None. We do not track you.

Data Linked to You

  • Contact Info: Email address (for authentication only)

Data Not Linked to You

  • Diagnostics: Crash data, performance data (if analytics are enabled)

Data Not Collected

  • Health & Fitness data is stored on-device only and never collected by us
  • Location, Browsing History, Search History, Identifiers, Purchases, Usage Data, Sensitive Info, Contacts, User Content, and Financial Info are not collected

13. Data Retention

We retain your data as follows:

  • On-Device Health Data: Stored indefinitely until you delete the app or manually clear data within the app. We have no access to this data.
  • Authentication Data: Retained while your account is active. You can request account deletion at any time.
  • Analytics Data (if enabled): Anonymized data is retained for up to 24 months, then automatically deleted.

14. International Data Transfers

Your authentication data may be processed by Firebase (Google) in the United States. Google complies with the EU-U.S. Data Privacy Framework. For users in the European Economic Area, Switzerland, or the United Kingdom, appropriate safeguards are in place for any data transfers.

15. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You can request deletion of your personal information.
  • Right to Opt-Out: We do not sell your personal information, so this right does not apply.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at hello@webairai.com.

16. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data (“right to be forgotten”)
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

Legal Basis for Processing: We process your email address based on contractual necessity (to provide the service) and your consent. Analytics, if enabled, are processed based on your explicit consent.

To exercise these rights or file a complaint with your local data protection authority, contact us at hello@webairai.com.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy in the app and updating the “Last updated” date. For material changes, we will provide prominent notice (such as an in-app notification or email). Continued use of the app after changes constitutes acceptance of the updated policy.

18. Contact Us

If you have questions about this Privacy Policy, our privacy practices, or wish to exercise your privacy rights, please contact us:

Email: hello@webairai.com
Subject Line: Privacy Inquiry

We will respond to your request within 30 days (or sooner if required by applicable law).