attune is built local-first. The bulk of what the app knows about your pet — their profile, medications, vaccinations, walk history, training threads — lives only on your phone. There is no attune account, and nothing is synced to our servers in the background. This page covers what does leave your device, and why.
The short version
- Your pet's profile, medical records, walks, and chat history stay on your device. We don't have a copy.
- When you analyze a clip or ask the Coach a question, that specific request goes to Anthropic via our backend. Anthropic doesn't use it for training.
- Apple HealthKit data (steps, calories, heart rate, distance) stays on your device. We read it to show your activity on walk recaps; we never send it off-device.
- We log app crashes (Sentry, default on) and — only if you opt in — anonymous event counts about feature usage (Aptabase, default off). Neither one collects pet data, message content, photos, or location. Both are toggleable at Settings → Privacy.
What stays on your device
- Pet profiles (name, species, breed, coat color, birthday, weight)
- Medications, vaccinations, vet visits, medication doses you mark given
- Walk history, GPS routes, in-walk markers
- Training threads, including any photos or clips you record
- Notification preferences and per-pet settings
- Your Anthropic API key, if you've added one in Settings → Coach
This data lives in the app's sandboxed local storage. Uninstall attune and it's gone. There is no backup to our servers, no iCloud sync of this data by us, and no second device that knows about your pet.
What we send to Anthropic, and why
attune uses Anthropic's Claude API for its AI features: clip analysis, the Coach chat, walk-pattern synthesis, walk score, mid-walk coach moments, and medication “Learn more.” For each feature, the relevant prompt is sent to Anthropic through a backend we operate.
What's in the prompt depends on the feature:
- Clip analysis — the short video you record, plus your pet's profile (name, species, breed if you've set one).
- Coach chat — your typed message, the running thread for that pet, the pet's profile, and any photo you've attached.
- Walk patterns, score, and mid-walk coach — markers you logged, route stats (distance, duration), and optional HealthKit aggregates if you've enabled the HealthKit toggle. Raw GPS coordinates are never included.
- Medication “Learn more” — the medication name and the pet's species.
Per Anthropic's API data policy, inputs sent to the API are not used to train Anthropic's models, and are retained by Anthropic for up to 30 days for trust-and-safety review before being deleted.
Our backend does not store your request beyond the round-trip needed to return Anthropic's response.
If you supply your own Anthropic API key under Settings → Coach, the same flow applies, but the key is yours and you control revocation in Anthropic's console.
Apple HealthKit
When you turn on the Apple Health toggle in Settings, attune asks for permission to read the following from Apple Health:
- Steps
- Active energy burned
- Walking + running distance
- Heart rate (during walks)
And to write:
- Workout samples for walks you complete
Per Apple's HealthKit policy and ours, this data stays on your device and inside Apple Health. attune does not send HealthKit data to our servers, to Anthropic, or to any third party. The summaries shown on walk recaps are computed on your phone.
If you've also enabled walk-pattern synthesis, your aggregated walk stats (distance, duration, marker counts) are sent to Anthropic — but those numbers come from the walk recording itself, not from HealthKit. We do not extract steps, calories, heart rate, or distance from HealthKit and send them off-device.
You can revoke HealthKit permissions any time at Settings (iOS) → Privacy & Security → Health → attune.
Location
During a walk, attune uses your device's location to draw the route and compute distance. If you grant background location (“when in pocket”), recording continues while your phone is locked.
Route coordinates are stored on your device with the walk record. We do not send raw GPS coordinates to any server. Only aggregate stats (distance, duration) may be included in walk-pattern syntheses sent to Anthropic.
You can revoke location at Settings (iOS) → Privacy & Security → Location Services → attune.
Camera, microphone, photo library
- Camera and microphone are used to record short clips for behavior analysis. Clips are saved to your device's local storage.
- Photo library access is used when you pick an existing clip or attach a photo to a Coach message.
- The specific clip or photo you choose to analyze is sent to Anthropic for that request. We don't retain it server-side; Anthropic's 30-day trust-and-safety retention applies.
Other services the app touches
- OpenFDA Animal Veterinary Drug Database — when the curated medication list doesn't match what you've typed, we query
api.fda.gov. We send the brand-name fragment you're typing. No personal information is included. - OpenStreetMap Nominatim — when you search for a vet clinic, we query
nominatim.openstreetmap.org. We send the clinic-name fragment you typed and a rough viewport hint (your approximate region, not your exact location). - Resend — only relevant if you signed up for the launch list at attune.pet. The app itself doesn't use Resend. Resend's privacy policy applies to email addresses collected there.
Crash reporting (Sentry)
attune uses Sentry to log app crashes and handled errors so we can fix bugs that real users hit. When something crashes, Sentry sends us:
- The stack trace of the error
- OS and device model (e.g., “iPhone 15 Pro, iOS 18.4”)
- App version and build number
- Time of the crash
- A short trail of recent in-app navigation (breadcrumbs)
Before any event leaves your device, we scrub known-sensitive patterns — Anthropic API keys, email addresses — from the payload. We do not include pet data, message content, photo or video bytes, GPS coordinates, or HealthKit values in crash reports.
Crash reporting is on by default, because TestFlight users implicitly opted in to help us find bugs by joining the beta. You can turn it off any time at Settings → Privacy → Crash and error reporting.
Anonymous product analytics (Aptabase)
If you opt in, attune sends a small number of anonymous event counts to Aptabase so we can see which features actually get used (and which sit idle). Examples of events we log:
analysis_completed— with whether a pet was visible and a bucketed clip duration (e.g., “30–60s”)walk_completed— with bucketed distance, duration, and pet countcoach_message_sentmed_dose_marked_givenpaywall_shown
Values that go into events are bucketed, not raw — “1–3km” instead of “2.4km” — so individual users can't be reconstructed from event histories.
What's never in an event:
- Pet names, breeds, coat colors
- Coach message content (yours or the assistant's)
- Photos, videos, or audio
- GPS coordinates or addresses
- HealthKit numeric values
- API keys, email addresses, or any identifier
Aptabase is anonymous by default — there is no user ID, no device fingerprint, no cross-app tracking. Events are hosted on EU infrastructure (eu.aptabase.com).
Analytics is off by default. The first time you launch a version with analytics support, attune shows a sheet asking permission. You can change your answer any time at Settings → Privacy → Anonymous usage analytics.
What we don't do
- No accounts. No login. The app does not collect your email.
- No analytics SDKs other than Aptabase (no PostHog, Mixpanel, Amplitude, Firebase, or similar).
- No advertising identifiers, no ad networks, no cross-app tracking.
- No session replays, heatmaps, or screen recordings.
- No selling or sharing your data with anyone.
- No iCloud sync of HealthKit data by us.
Notifications
Medication, vaccination, and streak reminders are scheduled by the app and fired locally by iOS or Android. There is no push notification server, and we don't know whether you opened a notification.
Medication and vaccination reminders are sent as “time sensitive” on iOS, which means they can pierce Focus modes (including Do Not Disturb) so a missed dose actually surfaces. You can disable time-sensitive notifications for attune at any time under Settings (iOS) → Notifications → attune → Time Sensitive Notifications.
Children
attune is not directed at children under 13, and we don't knowingly collect data from them.
Subscriptions
When paid subscriptions become available, they will be processed by Apple's In-App Purchase system, optionally through a third-party purchases SDK (RevenueCat). Payment details are handled by Apple — we never see your card number. If RevenueCat becomes part of the flow, their privacy practices will apply alongside ours, and this page will be updated.
Your choices
- Reset everything — Settings → Reset everything wipes all on-device data and re-runs onboarding.
- Uninstall — removes everything attune has stored about your pets.
- Per-permission revoke — HealthKit, location, camera, microphone, photo library, and notifications are all controllable in iOS/Android system settings.
- Anthropic key — revoke or rotate at console.anthropic.com any time. attune re-prompts when an invalid key is detected.
Changes
If this policy materially changes, the effective date at the top of this page will move, and we'll note what changed.
Contact
Questions, requests, or anything else: privacy@attune.pet.