Who we are
Tonic is made by Prisma Labs, a sole proprietorship (eenmanszaak) registered in the Netherlands.
- Chamber of Commerce (KVK): 99547368
- VAT: NL005393832B11
- Address: Maerten van Heemskerckstraat 65, 2021ZH Haarlem, Netherlands
- Contact: hi@asktonic.com
Prisma Labs is the data controller for information you provide through the Tonic app and this website.
What we collect
From you, directly
- Account. When you Sign in with Apple on iOS or Google on Android, we receive a stable user identifier and the account details the provider returns, such as email, display name, or profile photo. We never see your Apple ID or Google password.
- Health and lifestyle data you log. Weight, body measurements, meals, GLP-1 medication and doses, injection sites, side effects, mood, water intake, notes, and any other data you choose to enter.
- Apple Health and Health Connect (opt-in, per data type). On iOS, if you allow it, Tonic reads metrics such as weight, activity, nutrition, and workouts from Apple Health, and can write weight and water back. On Android, if you allow it, Tonic reads Health Connect steps and exercise sessions to show activity summaries. You choose the data types you grant, and you can revoke them in iOS Settings or in Android's Health Connect settings at any time.
- Photos. Meal-scan photos, progress photos, and any other images you capture or pick. Meal photos are sent to our backend for AI analysis (see below); the recognized food details are stored in your account. The original images are retained only as long as needed to analyze them and to let you re-open the meal entry, and are not used to train any AI model.
Automatically
- Diagnostics. Pseudonymous crash reports and performance traces via Sentry. Pseudonymous product-event analytics and masked session replay via PostHog (e.g., "opened logging sheet"). We minimize these events and do not intentionally include health logs, photos, meal details, or free-text notes.
- Device info. iOS or Android version, device model, app version, and locale, used to debug issues.
- Ad attribution (only when allowed or consented). If you allow tracking where the platform asks, we share device identifiers (such as Apple's advertising identifier, Android's advertising ID where available, and app-install identifiers) and basic app events — first open, app launches, and subscription purchases — with AppsFlyer to measure our own ad campaigns. Details in Who we share data with.
You can turn off Apple's app analytics in iOS Settings → Privacy & Security → Analytics & Improvements. On Android, you can reset or limit the Android advertising ID in system privacy settings. You can also revoke Apple Health or Health Connect access from the platform's health data settings.
Why we collect it (legal basis)
Under the EU General Data Protection Regulation:
- Account, logging, subscription, and platform health data are processed to perform our contract with you — i.e., provide the Tonic service (Art. 6(1)(b)).
- Health-related data is processed on the basis of your explicit consent (Art. 9(2)(a)), given when you create an account and accept this policy, and renewed for each Apple Health or Health Connect type you grant.
- Diagnostics and analytics rely on our legitimate interest in improving the app (Art. 6(1)(f)) — minimized, pseudonymous, and disabled when you opt out as described above.
- Ad-attribution sharing with AppsFlyer and configured ad partners relies on your consent (Art. 6(1)(a)) where required, such as Apple's App Tracking Transparency prompt. You can withdraw it in platform privacy settings where available, which stops that sharing going forward.
Who we share data with
We never sell or rent your data, and we never share it with data brokers. Your health data — weight, meals, doses, side effects, photos, notes, anything you log — is never shared with advertisers, full stop. And the app shows no ads.
Measuring our own ads
We run ads so people who could use Tonic can find it. To know whether those campaigns work, we share a narrow slice of data with AppsFlyer: device identifiers (Apple's advertising identifier or Android's advertising ID when available, plus app-install identifiers) and basic app events — first open, app launches, retention, and subscription purchases. AppsFlyer may forward campaign measurement to configured ad partners such as TikTok or Google. That's the whole list. Never your health data, never anything you log, never your photos.
This sharing only happens when allowed by the platform and, where required, with your permission. On iOS, the app asks first through Apple's App Tracking Transparency prompt, and you can change your mind at any time in iOS Settings → Privacy & Security → Tracking → Tonic. On Android, you can reset or limit the Android advertising ID in system privacy settings. If tracking is unavailable or declined, we rely on privacy-preserving attribution systems that report campaign results in aggregate without identifying you or your device. AppsFlyer processes this measurement data as described in its own privacy policy.
Beyond that one consent-gated case, we use the following sub-processors to run the service. They are bound by data-processing agreements:
| Sub-processor | Purpose | Region |
|---|---|---|
| Apple Inc. | Sign in with Apple, HealthKit, App Store, push notifications | US & EU |
| Google LLC | Google Sign-In, Health Connect, Google Play Billing, Android platform services, optional speech recognition, and meal-photo analysis via Gemini | US & EU |
| Convex | Application database and backend functions | US |
| Cloudflare, Inc. | Website hosting, AI gateway routing | US & EU |
| OpenAI, LLC | AI features (meal analysis, conversational coaching), via the Cloudflare AI Gateway | US |
| Anthropic, PBC | AI features (conversational coaching), via the Cloudflare AI Gateway | US |
| Functional Software, Inc. (Sentry) | Anonymous crash reporting | US |
| PostHog Inc. | Pseudonymous product analytics, feature flags, experiments, and masked session replay | US |
| RevenueCat, Inc. | Subscription purchase validation, entitlement state, and paywall purchase analytics | US |
| AppsFlyer Ltd. | Ad attribution & campaign measurement — device identifiers and app events only, gated on consent where required; never health data or content | US, EU & Israel |
When data is transferred to the United States it is covered by Standard Contractual Clauses, or the EU–US Data Privacy Framework where the recipient is certified. We instruct AI sub-processors not to train their models on your data, via API settings and contract terms where available (e.g., zero-retention modes).
Your rights
Under the GDPR, you can:
- Access the data we hold about you.
- Correct anything inaccurate.
- Delete your account and all associated data. In the app: Settings → Account → Delete account. Or email us.
- Export a portable copy of your data.
- Withdraw consent at any time (e.g., revoke Apple Health or Health Connect access, disable analytics where offered, or turn off ad tracking in iOS or Android privacy settings).
- Object to processing, or restrict it.
- Lodge a complaint with the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl), or the supervisory authority in your country of residence.
To exercise any of these rights, email hi@asktonic.com. We respond within 30 days.
How long we keep your data
We keep your account data for as long as your Tonic account exists. If you delete your account, we delete the underlying data from our systems within 30 days, except where law requires us to retain something longer (e.g., financial records for Dutch tax purposes). Anonymous diagnostic data is retained for up to 90 days.
Children
Tonic is not directed to anyone under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us data, email hi@asktonic.com and we will delete it.
Security
Data is encrypted in transit (TLS 1.2+) and at rest. Backend access is limited to people who need it to operate the service. We log administrative access and review it periodically.
Changes to this policy
If we change this policy, we post the new version here with a new effective date, and notify you inside the app for any material change. The current version always lives at https://asktonic.com/privacy.
Contact
Privacy questions, data requests, or anything you want us to know — email hi@asktonic.com. Or write to Prisma Labs, Maerten van Heemskerckstraat 65, 2021ZH Haarlem, Netherlands.
Looking for help with the app instead?
Go to support →