Soul is a local-first orientation and wellness app for iOS and Apple Watch. This policy explains how Soul handles personal data in the current Phase 1 non-EU/EEA TestFlight / App Store release.
This policy describes the current Phase 1 non-EU/EEA release of Soul. Future features such as subscriptions, Soul-managed AI routing, accounts, hosted services, or remote analytics beyond the optional quality sharing described below will be covered by updated terms and privacy notices before they are enabled.
Early builds are designed to learn the user loop before managed AI is enabled. Soul may ask users for feedback, screenshots, exported diagnostics, optional quality diagnostics, or support details they choose to send. Soul does not remotely collect raw notes, journal text, task text, prompts, Coach replies, screenshots, credentials, raw Apple Health values, full Coach packets, or full local data folder contents by default.
The controller for personal data processed in connection with Soul is:
| Detail | Current details |
|---|---|
| Legal entity | Tricker Labs LTD trading as Soul |
| Company number | 17239094 |
| Registered office | 124-128 City Road, London, England, EC1V 2NX |
| soul@trickerlabs.co.uk |
This controller is responsible for personal data processed in connection with Soul, except where third-party providers act under their own terms and privacy practices, such as Apple, folder-sync providers, support email providers, or an AI provider you choose to connect.
Soul is designed so core personal data stays on your device and in the local folder you choose or the app-managed local storage location Soul creates for you.
Local data may include check-ins, journal-like notes, tasks, objectives, summaries, Coach conversations, Apple Health-derived body context, settings, and local diagnostics. Soul does not run a general cloud sync service for this data in the current release.
If you choose a folder that is synced by iCloud Drive, Dropbox, Google Drive, Obsidian Sync, or another storage provider, that provider may copy or process the files according to its own terms and privacy policy. Soul does not control that folder provider.
Depending on your settings and how you use Soul, the app may handle the following data:
| Data category | Examples | Where it is handled |
|---|---|---|
| App content | Check-ins, notes, tasks, objectives, generated summaries, Coach turns, settings, and selected local data files | On device and in your selected or app-managed folder |
| Health and fitness data | Heart rate, resting heart rate, heart-rate variability, movement, sleep analysis, and workouts | Read from Apple Health only with your permission; raw check-in heart-rate windows and workout evidence stay in private app storage |
| AI request content | Your Coach message and the selected Coach context Soul builds for the request | Sent only when you choose to use an AI route |
| Future managed AI usage data, if enabled later | Request time, route, model, approximate token counts, status, error category, entitlement or pseudonymous install identifier | Not active in the current release; would be processed by Soul and managed providers only after updated notices are published |
| Provider credentials and connection state | Supported provider credentials, provider selections, model choices, and sign-in state | Secrets in iOS Keychain where possible; non-secret preferences in UserDefaults |
| Local diagnostics | Coarse JSONL events such as check-in completion, Coach send status, parse failures, suggested or accepted actions, privacy categories omitted, interventions, remeasurements, onboarding, watch check-in sync, health freshness, state assembly, latency, and evidence selection | App container by default; export is user-controlled |
| Optional quality diagnostics, if enabled | Screen or surface opens, named actions, setup and journey state transitions, coarse timing, error categories, Coach route/model/status, token estimates, and context category manifests | Local by default; shared with Soul only if you enable the relevant quality sharing setting or send an export |
| Optional Coach Content Sharing or full-content sharing, if separately enabled or sent | Selected screenshots, screen recordings, support exports, raw Coach packets, prompts, replies, or files you choose to share | Shared only through a separate explicit setting or a user-selected support/export action |
| Support data | Information you send when you contact support, including screenshots, exports, logs, or messages you choose to include | Processed through the support channel you use |
| Website security and hosting records | IP address, request time, user agent, requested URL, and similar server-log data for soul.trickerlabs.co.uk | Processed by the website host for security, reliability, and abuse prevention |
Soul does not sell personal data, does not use third-party advertising, does not use data brokers, does not use cross-app tracking, and does not use Apple Health data for advertising, marketing, or use-based data mining.
Apple Health access is optional. Soul asks Apple Health for read permission before accessing selected health and fitness data. Soul does not write data back to Apple Health in the current release.
Soul uses Apple Health data to provide context inside Soul, such as sleep, heart, movement, workout, and freshness signals. Soul does not use Apple Health data to diagnose, treat, cure, or prevent any condition.
If you enable health or fitness context in Coach, Apple Health-derived summaries that you authorise may be included in the message you choose to send to your selected AI route.
You can grant, deny, or revoke Apple Health permissions in iOS Settings or the Apple Health app. If you revoke permission, Soul stops reading newly authorised Apple Health data. Previously refreshed body context remains on device in private app storage until it is cleared through Soul or removed from the app container.
AI features are optional and user-triggered. Soul does not continuously upload your local data folder.
When you send a Coach request, Soul builds selected Coach context from your current app data, privacy settings, and message. You can control which context categories are included. Soul sends that selected context and your message only when you choose to use an AI feature.
The current release supports local Coach behaviour and optional third-party AI provider routes that you connect or configure. Current app code sends connected-provider AI requests directly from the app to the selected provider; Soul does not run a Soul-managed AI gateway in the current release.
When you use your own third-party AI provider credentials or sign-in, Soul does not operate that provider and the request is governed by the provider's own terms and privacy practices. Provider access, terms, limits, billing, retention, model behaviour, and account status are between you and that provider.
If Soul later enables managed AI, the same consent principle must apply: the user starts the request, chooses which context categories may be included, and receives updated notice before Soul routes the message, selected context, and limited usage metadata through a Soul-managed gateway to an AI provider.
Soul does not use your local data folder, Apple Health data, prompts, or Coach replies for advertising. Soul does not intentionally store raw notes, journal text, task text, raw prompts, raw Coach replies, screenshots, credentials, or raw Apple Health values in local diagnostics.
Provider credentials are stored in the iOS Keychain where possible. Soul may also import supported credential values from a local configuration file in your selected folder if you choose an internal or advanced setup path. After import, Soul stores provenance flags so Settings can explain where a credential came from.
You can remove or replace provider credentials in Settings. You are responsible for the provider account and credentials you choose to connect.
Soul records local diagnostics to help troubleshoot reliability and product behaviour. Diagnostics are stored as newline-delimited JSON in the app container by default.
Local diagnostics use coarse event names, low-cardinality metadata, and correlation IDs. They are designed to avoid raw notes, journal text, task text, prompts, Coach replies, screenshots, credentials, raw Apple Health values, and full local data folder contents.
Soul provides Settings controls to prepare an export and clear local diagnostics. Exporting diagnostics is user-controlled. If you share an exported diagnostics file, save it into a synced folder, or send it through another app, that destination provider may process the file under its own terms.
Soul does not upload local diagnostics remotely by default. If a later version adds remote diagnostics beyond optional quality sharing, Soul will explain the change and update this policy before collecting remote analytics.
Soul may include optional quality sharing so it can understand where setup, check-ins, Today, Coach, tasks, Watch sync, or consent controls are helping or confusing users. This may support private product review by Soul's founder.
Quality sharing is disabled by default, opt-in, and granular. During onboarding, Soul may offer one simple choice for routine metadata diagnostics. Settings then shows the separate controls under "Privacy & Data > Beta quality sharing":
Coach Content Sharing is a separate higher-consent setting. It is not enabled from onboarding or by routine metadata diagnostics, and it requires a typed confirmation phrase before it can be enabled. While it is on, Soul may upload the full Coach turn (your message, Coach's reply, and selected context) for quality research only. It may include excerpts from notes, journal, or task details that were part of the selected context. Provider credentials are never included.
Soul uses a per-install pseudonymous identifier and a per-install upload secret to authenticate uploads. These are stored in the iPhone's Keychain. Soul does not use Apple's advertising identifier, third-party advertising or marketing analytics SDKs, data brokers, or cross-app tracking for quality sharing.
You can change or revoke quality sharing settings at any time in Settings. Revocation stops future collection or upload for that category and clears anything still waiting to upload on the device for that category; an upload already in progress may finish. Local diagnostics remain clearable separately under "Privacy & Data > Local diagnostics". You can request deletion of quality sharing data Soul controls by emailing soul@trickerlabs.co.uk; the in-app "Request deletion" link pre-fills the install identifier so Soul can locate the relevant records.
Soul may use optional quality sharing material privately to understand the product, improve reliability, and support private founder product review. Soul will not use your raw content, quotes, screenshots, or content-derived anecdotes in public or external material without separate express consent for that use.
Soul does not sell quality sharing data, does not use it for advertising, and does not share it with data brokers or use it for cross-app tracking.
Soul's support and policy pages are hosted at soul.trickerlabs.co.uk. The deployed Soul policy content does not show advertising cookies or third-party behavioural analytics for the Soul support and policy pages.
The website host may process normal hosting and server logs, such as IP address, request time, requested URL, user agent, and error information, for security, reliability, debugging, and abuse prevention.
Soul uses data for these purposes:
| Data | Retention |
|---|---|
| Local notes, check-ins, tasks, objectives, summaries, Coach history, settings, and app files | Stored locally until you delete them, clear them through Soul, remove folder access, or uninstall the app. Uninstalling the app may not delete files kept in a folder you control. |
| Local Apple Health-derived body context | Stored on device until cleared through Soul, removed from the app container, or the app is uninstalled. |
| Local diagnostics | Stored in the app container until cleared, deleted by uninstalling the app, or exported/deleted by you. |
| Optional quality diagnostics, if shared | Semantic quality diagnostics are retained for up to 24 months, then deleted or aggregated where practical. Full-content quality material, if separately shared, is retained for up to 90 days unless a longer period is needed for support, security, legal, or dispute reasons. |
| Provider credentials | Stored in Keychain until you remove them, reset the app, or delete the app and its Keychain items according to iOS behaviour. |
| Support correspondence | Up to 2 years after the last interaction, unless a longer period is needed for legal, safety, abuse-prevention, or dispute reasons. |
| Purchase, entitlement, refund, tax, or accounting records, if a paid feature is later enabled | Up to 6 years where needed for tax, accounting, App Store, refund, dispute, or legal obligations. No Soul subscription is active in the current release. |
| Abuse, fraud, security, or legal records | Up to 6 years where needed to protect the app, users, providers, legal rights, or platform integrity. |
| Website security and hosting records | Processed by Cloudflare for delivery, security, reliability, debugging, abuse prevention, and aggregated hosting metrics according to Cloudflare's product settings for the site. Soul does not intentionally keep a separate raw request-log archive for the policy pages in the current release. If configurable raw logs are later enabled, the retention period must be documented here before launch. |
You can request deletion of personal data Soul controls by emailing soul@trickerlabs.co.uk. Because Soul is designed without a general Soul account in the current release, Tricker Labs LTD may need information from you to identify the relevant support thread, device-linked record, or other data.
You can:
Soul is not a crisis service and does not monitor you for emergencies. The app does not contact emergency services, crisis lines, clinicians, family members, or other people on your behalf.
If you are in immediate danger, may harm yourself or someone else, or need urgent help, contact local emergency services, a crisis line, or another appropriate urgent support service in your area.
If UK GDPR or EU GDPR applies to you, you may have rights to access, correct, delete, restrict, object to, or receive a portable copy of personal data processed by Soul. You may also have the right to withdraw consent where processing is based on consent and to complain to your local data protection authority.
Soul's main legal bases are:
Soul is operated by Tricker Labs LTD from the United Kingdom. Third-party providers you choose, such as Apple, folder-sync providers, support email providers, website hosting providers, and AI providers, may process data in other countries under their own terms and privacy practices.
If Soul later introduces Soul-managed services, AI routing, accounts, or remote analytics beyond optional quality sharing, the relevant international-transfer wording and safeguards will be reviewed before those features are enabled.
Soul is intended for users aged 17 or over. Users under 17 should not use the app.
Soul does not knowingly collect personal data from users under 17. If a parent or guardian believes someone under 17 has provided personal data through a channel controlled by Soul, email soul@trickerlabs.co.uk so the data can be reviewed and deleted where appropriate.
Soul uses local-first storage, iOS Keychain for supported secrets, Apple Health permission controls, and scoped folder access where available. No app or transmission method can guarantee perfect security.
You are responsible for choosing safe folders, protecting your device, protecting provider credentials, and understanding whether your selected folder is synced by another service.
Soul may update this policy as the product changes. Material changes to managed AI providers, remote analytics beyond optional quality sharing, account systems, Apple Health handling, subscriptions, or data sharing will be reflected in an updated policy before or when those changes are introduced.