Privacy

Last updated: 25 May 2026

The short version

Linism is built around one rule: your data stays on your device. The app does not send your health information, voice recordings, location, or notes to us or to anyone else. We do not run analytics, ad networks, or crash reporting. The only network requests the app makes are those you trigger yourself (for example, a one-time App Store purchase, or optional Garmin Connect login). This website does not set cookies and does not track you.

Data collected by Linism is not linked to your identity (Non-Linked Data) and is not used to track you across third-party apps and websites.

1. Who is responsible

The controller for processing of personal data within the meaning of Art. 4 (7) GDPR is:

Benjamin Tokgöz
Mengeder Str. 716
44359 Dortmund, Germany
Email: hello@linism.app
Phone: +49 1567 8336978

A data protection officer is not required (Art. 37 GDPR), as Linism is operated by a single individual without large-scale processing of special categories of data outside the user's own device.

2. This website (linism.app)

Hosting. linism.app is delivered through Cloudflare Pages (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare automatically processes your IP address, the URL you requested, the time of the request, your user agent, and the HTTP response status. This is necessary to deliver the page to you and to protect the site against abuse (Art. 6 (1) (f) GDPR, legitimate interest in a functioning and secure website). Cloudflare keeps these access logs for a short retention period defined in its own policy (cloudflare.com/privacypolicy). A data processing agreement under Art. 28 GDPR is in place.

International transfers. Cloudflare may process data outside the EEA. Cloudflare is certified under the EU-US Data Privacy Framework, and we additionally rely on the EU Standard Contractual Clauses (Art. 46 (2) (c) GDPR).

Cookies, tracking, fonts. This site sets no cookies, embeds no third-party fonts, loads no external scripts, and runs no analytics. Its Content Security Policy permits only first-party resources.

Contact by email. If you write to hello@linism.app, your message and email address are processed to answer your request (Art. 6 (1) (b) or (f) GDPR). Messages are kept only as long as needed to handle your enquiry and any follow-up.

3. The Linism iOS & Apple Watch app

Linism is designed so that your personal data stays on your iPhone and Apple Watch. We (the controller) have no servers receiving your health data, voice samples, location, mood entries, or routines. The sections below describe what the app reads on your device, how it stores it, and the rare situations in which something leaves your device.

3.1 Data the app processes

The app may read or store the following categories of data, only after you grant the relevant iOS permission:

• Health data via Apple HealthKit (special category of data under Art. 9 GDPR): heart rate, heart rate variability (HRV/SDNN), sleep analysis, blood oxygen saturation, respiratory rate, wrist temperature, and environmental audio exposure. The app requests read access through Apple's HealthKit consent screen. You decide which categories to grant.
• Microphone for ambient noise level. When the noise detection feature is active, the device microphone is sampled to compute an instantaneous decibel level (dB SPL). The short audio buffer is processed in memory or written to a temporary file that is deleted immediately after the level is computed. We never retain the audio content; only the computed noise level is stored.
• Location (optional). If you enable the "stress location" feature, the app uses your device's location (when the app is in use) to tag detected stress moments to a place on your own map. The location sample stays on your device.
• Data you enter yourself. Profile (name, autism level, difficulty tags, optional emergency contact), mood self-reports, pain and symptom logs, custom routines, social-battery levels, sleep-feedback ratings, time-blindness records, and an optional profile picture.
• App-derived data. Stress scores computed from the signals above, paired with timestamps.
• Local notifications. The app schedules local notifications through iOS (for example, a soft nudge when stress rises). These never leave your device and do not use Apple Push Notification servers.

HealthKit specifically: we do not use or disclose HealthKit data to third parties for advertising, marketing, or other use-based data mining purposes. HealthKit data is read on your device for the sole purpose of computing the local features you have enabled.

What the app does not access: contacts, calendar, photos library (beyond a picture you explicitly choose for your profile), camera, advertising identifier, or your address book.

3.2 Where the data is stored

All of the above is stored on your iPhone (and synced to your Apple Watch through the secure on-device WatchConnectivity channel, in an App Group container shared between the phone, watch, and widget extensions). Concretely:

• Records are encrypted at rest with AES-256-GCM (CryptoKit) using authenticated encryption with associated data (AEAD). The master key is a 256-bit symmetric key.
• The master key is generated on first launch and stored in the iOS Keychain with accessibility flag kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly. It cannot leave the device, is not synced to iCloud, and is unavailable while the device is locked before first unlock after boot.
• Files in the app's Documents directory (for example, your profile picture) are protected with iOS's .completeFileProtection attribute, so they are unreadable while the device is locked.
• No data is written to iCloud, CloudKit, or any other cloud backup that we control.

The technical and organisational measures described here are intended to meet the security requirements of Art. 32 GDPR for processing of health data.

3.3 Data that may leave your device

The app has no ambient telemetry. The only situations in which network traffic occurs are the ones you initiate:

• Optional Garmin Connect integration. If you connect a Garmin account, the app directly performs an OAuth 1.0a flow with Garmin (connect.garmin.com and connectapi.garmin.com) from your device, without any Linism middleware in between. It then fetches your Garmin wellness data (heart rate, HRV, stress, sleep, blood oxygen, temperature) from Garmin's servers. The data flows from Garmin's servers to your device. Use of Garmin Connect is subject to Garmin's own privacy policy (garmin.com/privacy/connect). You can disconnect at any time in the app settings.
• App Store subscriptions. If you purchase a subscription, the transaction is handled directly by Apple via StoreKit, subject to Apple's privacy policy (apple.com/legal/privacy). We receive only an anonymous subscription status from Apple, not your name, email, or payment details.
• Manual export. You can export your data as a file via the iOS share sheet. Where that file goes (AirDrop, Mail, iCloud Drive, another app) is entirely your choice. The exported file is plaintext; treat it with the same care as any other personal document.

What we do not run: no analytics (no Firebase, Mixpanel, Amplitude, PostHog), no crash reporting (no Sentry, Crashlytics, Bugsnag), no advertising SDKs, no fingerprinting. The app does not contact a Linism server, because no such server exists.

3.4 Legal basis for processing

• Art. 9 (2) (a) GDPR (explicit consent for special-category data): for HealthKit access. You grant this through Apple's system consent screen and can revoke it at any time in iOS Settings > Privacy & Security > Health.
• Art. 6 (1) (a) GDPR (consent): for microphone, location, and optional Garmin integration.
• Art. 6 (1) (b) GDPR (contract performance): for processing strictly necessary to provide the features you enable, including local processing of data you enter into the app.

3.5 Retention and deletion

Because data stays on your device, you remain in direct control of its lifetime. You can delete individual entries, reset categories from the app's settings, or delete the app entirely. Deleting the app removes the encrypted on-device storage and the Keychain master key, rendering any residual ciphertext mathematically unrecoverable (cryptographic erasure).

4. Your rights under GDPR

You have the following rights regarding personal data we process:

• Right of access (Art. 15 GDPR). Because your app data is on your device, you can already view it inside the app and export it via the share sheet. For any data we hold (for example, your support email correspondence), write to hello@linism.app.
• Right to rectification (Art. 16 GDPR). Edit your entries directly in the app.
• Right to erasure (Art. 17 GDPR). Delete entries in the app, or uninstall the app to wipe all locally stored data and the encryption key.
• Right to restriction (Art. 18 GDPR) and right to object (Art. 21 GDPR). Revoke HealthKit, microphone, location, or notification permissions in iOS Settings.
• Right to data portability (Art. 20 GDPR). Use the in-app export to obtain your data in a machine-readable format.
• Right to withdraw consent (Art. 7 (3) GDPR). Withdraw any of the permissions above at any time, without affecting the lawfulness of processing carried out before withdrawal.
• Right to lodge a complaint (Art. 77 GDPR) with a supervisory authority. The competent authority for Linism is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), Kavalleriestraße 2 to 4, 40213 Düsseldorf, Germany, ldi.nrw.de.

5. Automated decision-making and profiling

The app computes a local stress score from your HealthKit signals and ambient noise level, and uses it to decide when to nudge you with a soft notification. This computation runs only on your device, has no legal or similarly significant effect on you in the sense of Art. 22 GDPR, and never leaves your device.

6. Children

Linism is intended to support autistic users of all ages, which may include children. The app does not require account creation and does not collect data online, so we do not knowingly receive personal data from minors. If a minor uses the app on their own device, the data they enter stays on that device. We recommend that parents or guardians supervise app installation, HealthKit consent, and any sharing of exported data.

7. Changes to this policy

We may update this policy when the app or its data practices change. The current version is always available at this URL and dated at the top.

8. Contact

Questions about this policy or about your data: hello@linism.app.