Skip to main content

Privacy Policy

Last updated: March 26, 2026

RedLightOS ("we", "our", or "the app") is operated by RedLightOS. This Privacy Policy explains how we collect, use, store, and protect your information when you use the RedLightOS mobile application and related services.

1. Information We Collect

Account Information

If you create an account, we collect your email address and a securely hashed password. Account creation is optional — you can use RedLightOS without an account for local-only tracking.

Session and Protocol Data

We collect red light therapy session logs including date, duration, body zone, device used, distance, and calculated dose. We also store your protocol configurations, outcome ratings (skin quality, pain levels, energy, sleep, mood), and protocol scores. By default, all session data is stored locally on your device.

Photos

If you use the progress photo feature, photos are captured and stored locally on your device. Photos are never uploaded to our servers unless you explicitly enable cloud sync. Photos are organized by body zone and date for before-and-after comparison.

Health Connect Data

With your permission, RedLightOS reads sleep data and heart rate variability (HRV) from Google Health Connect to correlate with your therapy sessions. We also write exercise session records to Health Connect when you complete a therapy session. This data stays on your device and is not transmitted to our servers.

Device Information

We collect a device identifier for the purpose of syncing data between the app and our servers when cloud sync is enabled. We do not collect device model, OS version, or other hardware identifiers for tracking purposes.

Light Check Measurements

When you use the Light Check feature, camera sensor data is processed entirely on your device to estimate irradiance. No camera images or raw sensor data leave your device.

2. Local Storage by Default

RedLightOS is designed with a local-first architecture. All your session data, protocols, photos, and preferences are stored on your device using an encrypted local database. You can use the full app without ever creating an account or enabling cloud sync.

3. Optional Cloud Sync

If you create an account and enable cloud sync, your session data, protocols, and settings are encrypted in transit (TLS 1.3) and synced to our servers hosted on a secured VPS. Photos are not included in cloud sync — they remain local to your device. You can disable cloud sync at any time from the app settings.

4. Third-Party Services

We use the following third-party services:

  • RevenueCat — Manages subscription purchases and entitlements. RevenueCat receives a pseudonymous user ID and purchase data from Google Play. See RevenueCat Privacy Policy.
  • Plausible Analytics — Privacy-focused, cookieless web analytics for our website only. No personal data is collected. Plausible does not track app usage. See Plausible Data Policy.
  • Anthropic (Claude API) — Powers the AI Coach feature. When you use the AI Coach, your question text is sent to Anthropic's API for processing. We do not send session data, photos, or personal information to Anthropic unless you include it in your question. See Anthropic Privacy Policy.

5. Data Export and Portability

You can export all your data at any time from the app in CSV, XLSX, PDF, or JSON format. Exports are generated locally on your device and are not processed by our servers.

6. Data Retention and Deletion

Local data remains on your device until you delete it or uninstall the app. If you have an account with cloud sync, you can delete your account and all associated server-side data from the app settings. Account deletion is permanent and completed within 30 days.

7. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you have the right to:

  • Access — Request a copy of all data we hold about you.
  • Rectification — Correct inaccurate personal data.
  • Erasure — Request deletion of your data ("right to be forgotten").
  • Portability — Export your data in a machine-readable format (JSON).
  • Opt-out of sale — We do not sell your personal information to third parties. Under CCPA, you have the right to confirm this.
  • Withdraw consent — You may withdraw consent for data processing at any time by disabling cloud sync or deleting your account.

To exercise these rights, contact us at [email protected].

8. Children's Privacy

RedLightOS is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it promptly. If you believe a child under 13 has provided us with data, please contact us at [email protected].

9. Security

We use industry-standard security measures including TLS 1.3 for data in transit, encrypted local storage, and hashed passwords. No method of transmission or storage is 100% secure, but we take reasonable precautions to protect your data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app or by updating the "Last updated" date above. Continued use of the app after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, contact us at: