S amantha C entral

Legal

Privacy Policy

Sam Central is built to keep your data under your control. By default, your check-ins, journals, and insights live on your device. Some features are optional and require data to leave your device (for example: iCloud sync or Sana’s AI assistant).

Last updated: 2026-02-04

Summary

  • On-device by default: core tracking data is stored locally (Core Data / SQLite).
  • Optional iCloud sync: if enabled, your database is stored and synced via Apple iCloud (CloudKit).
  • Optional AI features: Sana and AI insights use your OpenAI API key and send a selected context to the Sana worker or directly to OpenAI to generate responses.
  • Minimal logging: server logs avoid raw question/context content and capture limited metadata for reliability.
  • No selling: we don’t sell your personal data.

Data we handle

Sam Central can store wellness check-ins (for example mood, energy, sleep quality, habits, tags), anxiety check-ins (if enabled), cycle tracking data (if enabled), and journal notes. Depending on settings, the app may also import limited Apple Health data.

  • Apple Health (optional): menstrual flow data for cycle insights; and heart rate / workouts for anxiety alerts (requires explicit opt-in and OS permissions).
  • Settings & preferences: your chosen modes, reminders, and app preferences.

Where your data is stored

  • Local storage: Sam Central stores your core data on-device using Apple Core Data (SQLite).
  • iCloud sync (optional): if you enable “Sync data with iCloud”, the app uses Apple CloudKit to sync the Core Data store across your Apple devices signed into the same Apple ID.
  • iCloud Key-Value Store (optional): some non-sensitive preferences may sync via iCloud KVS (for example: toggles and reminder settings). This is used for preferences, not your full journal database.
  • Keychain: your OpenAI API key and Sana access tokens are stored in the iOS Keychain. If iCloud sync is enabled, the key can be stored as synchronizable to make it available across devices.

Sana (AI assistant) data flow

If you enable Sana, your device builds a structured context on-device, then sends your question and selected context to the Sana server (a Cloudflare Worker). The worker uses your OpenAI API key to call the OpenAI API and generate an answer.

  • What we try not to send: the app avoids sending direct identifiers (like name or precise location) and keeps raw free-text limited when possible.
  • What may be sent: your chat question, selected summaries, structured context, and tool outputs needed to answer.
  • Logs: the worker avoids logging raw question/context content and may record limited metadata (request sizes, timing, error codes) for reliability and debugging.

Direct OpenAI requests (device)

Some AI features (for example AI insights and assessment summaries) may call the OpenAI API directly from your device using your API key. These requests include the same kind of structured summaries used for Sana and are transmitted over HTTPS.

Subscriptions & payments

If paid features are offered, they are handled through Apple’s App Store. Usage of your OpenAI API key is billed directly by OpenAI under your account.

Your controls

  • Enable/disable iCloud sync in settings.
  • Enable/disable Apple Health import and notifications in settings (and revoke permissions in iOS Settings).
  • Export your data and reset/delete your data from within the app.
  • Remove or replace your OpenAI API key in Settings → Sana (AI).

Contact

Questions about privacy? Email hamzeh@alumni.harvard.edu.