Sam Central

Legal

Privacy Policy

Sam Central is built to keep your data under your control. By default, your check-ins and insights live on your device. Some features are optional and require data to leave your device (for example: iCloud sync or Sana’s AI assistant).

Last updated: 2026-01-16

Summary

  • On-device by default: core tracking data is stored locally (Core Data / SQLite).
  • Optional iCloud sync: if enabled, your database is stored and synced via Apple iCloud (CloudKit).
  • Optional AI assistant (Sana): if enabled, your question and selected context are sent to the Sana worker service, which calls the OpenAI API to generate a response.
  • No selling: we don’t sell your personal data.

Data we handle

Sam Central can store wellness check-ins (e.g., mood, energy, sleep quality, habits, tags), anxiety check-ins (if enabled), and cycle tracking data (if enabled). Depending on settings, the app may also import limited Apple Health data.

  • Apple Health (optional): menstrual flow data for cycle insights; and heart rate / workouts for anxiety alerts (requires explicit opt-in and OS permissions).
  • Settings & preferences: your chosen modes, reminders, and app preferences.

Where your data is stored

  • Local storage: Sam Central stores your core data on-device using Apple Core Data (SQLite).
  • iCloud sync (optional): if you enable “Sync data with iCloud”, the app uses Apple CloudKit to sync the Core Data store across your Apple devices signed into the same Apple ID.
  • iCloud Key-Value Store (optional): some non-sensitive preferences may sync via iCloud KVS (for example: toggles and reminder settings). This is used for preferences, not your full journal database.

Sana (AI assistant) data flow

If you enable Sana, your device sends your question plus selected context to the Sana server (a Cloudflare Worker). The worker checks subscription entitlements and then calls the OpenAI API to generate an answer.

  • What we try not to send: the app is designed to avoid sending direct identifiers (like name/location) and avoids including certain raw fields in the AI context when possible.
  • What may be sent: your chat question, selected structured context, and tool outputs needed to answer.
  • Logs: the worker may log limited metadata for reliability and debugging (for example request sizes, timing, and error codes). Do not include sensitive personal identifiers in your questions.

Subscriptions & payments

Subscriptions are handled through Apple’s App Store. To verify premium access for Sana, Sam Central may use a server-side entitlement check through RevenueCat.

Your controls

  • Enable/disable iCloud sync in settings.
  • Enable/disable Apple Health import and notifications in settings (and revoke permissions in iOS Settings).
  • Export your data and reset/delete your data from within the app.

Contact

Questions about privacy? Email hamzeh@alumni.harvard.edu.