Mortis
Privacy Policy
Last updated: April 12, 2026 · Effective: April 12, 2026
Mortis ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use the Mortis mobile application and website (collectively, the "Service"), how we use it, and what rights you have.
By using Mortis you agree to this policy. If you do not agree, please stop using the Service.
1. Information We Collect
1.1 Information You Provide
- Voice recordings. When you use the voice intake feature, your spoken words are recorded and sent to OpenAI's Whisper API for transcription. We do not store raw audio files after transcription is complete.
- Account information. If you create an account, we collect your email address and a display name.
- Subscription and payment data. Purchases are processed by Apple (App Store). We receive a subscription status token from RevenueCat; we do not receive your card number or billing address.
1.2 Health and Biometric Data
- Heart Rate Variability (HRV). With your explicit permission, Mortis reads HRV data from Apple HealthKit to personalize sessions and display your recovery trends. This data is stored on your device and, if you are signed in, synced to our backend. We never sell biometric data.
- You can revoke HealthKit access at any time in iOS Settings → Privacy → Health → Mortis.
1.3 Automatically Collected Data
- Usage analytics. We use PostHog to collect anonymized event data (screens visited, sessions started, features used). No personally identifiable information is attached to these events by default.
- Device information. OS version, device model, app version, and timezone for debugging and analytics.
- Crash reports. Stack traces that help us identify and fix bugs. These do not include audio recordings or health data.
1.4 Voice Transcripts and AI Analysis
Your voice is transcribed by OpenAI Whisper. The transcript is then analyzed by Claude (Anthropic) to infer your emotional and physiological state for session personalization. Transcripts are processed in-session and are not retained beyond 30 days. We do not use your voice data to train AI models.
2. How We Use Your Information
- To deliver and personalize your meditation sessions
- To track your HRV trends and session history
- To process subscription payments and manage your account
- To improve the app through aggregated, anonymized analytics
- To send transactional emails (account confirmation, password reset)
- To comply with legal obligations
We do not use your data for advertising, do not sell your data to third parties, and do not share your health data with insurers, employers, or government entities.
3. Data Sharing and Third Parties
We share data only with the following service providers, each bound by their own privacy policies and data processing agreements:
- OpenAI, voice transcription (Whisper)
- Anthropic, session personalization analysis (Claude)
- ElevenLabs, AI voice synthesis for guided meditation audio
- RevenueCat, subscription management
- PostHog, product analytics (anonymized)
- Railway / PocketBase, backend hosting and database
We may disclose information if required by law or to protect the rights, property, or safety of Mortis, our users, or the public.
4. Data Retention
- Voice transcripts: deleted within 30 days
- Session records and HRV data: retained while your account is active; deleted within 60 days of account deletion
- Analytics events: retained for 24 months in anonymized form
- Account data: retained until you delete your account
5. Your Rights
Depending on your location, you may have the right to:
- Access a copy of the data we hold about you
- Correct inaccurate data
- Request deletion of your data ("right to be forgotten")
- Restrict or object to certain processing
- Data portability (receive your data in a machine-readable format)
To exercise any of these rights, email us at privacy@nonmagic.app. We will respond within 30 days.
You may delete your account at any time from Profile → Settings → Delete Account in the app.
6. Children's Privacy
Mortis is not directed to children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us at privacy@nonmagic.app and we will delete it promptly.
7. Health Disclaimer
Mortis is a wellness tool, not a medical device. The app does not diagnose, treat, cure, or prevent any medical condition. HRV data and frequency recommendations are for personal wellness use only. Always consult a qualified healthcare provider for medical advice.
8. Security
We use TLS encryption for all data in transit, encrypted storage for sensitive fields, and access controls that limit who on our team can see user data. No method of transmission or storage is 100% secure; we cannot guarantee absolute security but we take it seriously.
9. International Transfers
Mortis operates primarily in the United States. If you use the Service from outside the US, your data may be transferred to and processed in the US. By using the Service you consent to this transfer. For users in the EEA or UK, we rely on Standard Contractual Clauses where required.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
11. Contact
Questions, requests, or concerns about this Privacy Policy:
Mortis
privacy@nonmagic.app
nonmagic.app