Privacy

Your weight, your meals, your meds — yours.

Effective July 3, 2026. The full legal version of what we promise on the homepage.

Who we are

Tonic is made by Prisma Labs, a sole proprietorship (eenmanszaak) registered in the Netherlands.

Prisma Labs is the data controller for information you provide through the Tonic app and this website.

What we collect

From you, directly

Automatically

You can turn off Apple's app analytics in iOS Settings → Privacy & Security → Analytics & Improvements. On Android, you can reset or limit the Android advertising ID in system privacy settings. You can also revoke Apple Health or Health Connect access from the platform's health data settings.

Why we collect it (legal basis)

Under the EU General Data Protection Regulation:

Who we share data with

We never sell or rent your data, and we never share it with data brokers. Your health data — weight, meals, doses, side effects, photos, notes, anything you log — is never shared with advertisers, full stop. And the app shows no ads.

Measuring our own ads

We run ads so people who could use Tonic can find it. To know whether those campaigns work, we share a narrow slice of data with AppsFlyer: device identifiers (Apple's advertising identifier or Android's advertising ID when available, plus app-install identifiers) and basic app events — first open, app launches, retention, and subscription purchases. AppsFlyer may forward campaign measurement to configured ad partners such as TikTok or Google. That's the whole list. Never your health data, never anything you log, never your photos.

This sharing only happens when allowed by the platform and, where required, with your permission. On iOS, the app asks first through Apple's App Tracking Transparency prompt, and you can change your mind at any time in iOS Settings → Privacy & Security → Tracking → Tonic. On Android, you can reset or limit the Android advertising ID in system privacy settings. If tracking is unavailable or declined, we rely on privacy-preserving attribution systems that report campaign results in aggregate without identifying you or your device. AppsFlyer processes this measurement data as described in its own privacy policy.

Beyond that one consent-gated case, we use the following sub-processors to run the service. They are bound by data-processing agreements:

Sub-processor Purpose Region
Apple Inc. Sign in with Apple, HealthKit, App Store, push notifications US & EU
Google LLC Google Sign-In, Health Connect, Google Play Billing, Android platform services, optional speech recognition, and meal-photo analysis via Gemini US & EU
Convex Application database and backend functions US
Cloudflare, Inc. Website hosting, AI gateway routing US & EU
OpenAI, LLC AI features (meal analysis, conversational coaching), via the Cloudflare AI Gateway US
Anthropic, PBC AI features (conversational coaching), via the Cloudflare AI Gateway US
Functional Software, Inc. (Sentry) Anonymous crash reporting US
PostHog Inc. Pseudonymous product analytics, feature flags, experiments, and masked session replay US
RevenueCat, Inc. Subscription purchase validation, entitlement state, and paywall purchase analytics US
AppsFlyer Ltd. Ad attribution & campaign measurement — device identifiers and app events only, gated on consent where required; never health data or content US, EU & Israel

When data is transferred to the United States it is covered by Standard Contractual Clauses, or the EU–US Data Privacy Framework where the recipient is certified. We instruct AI sub-processors not to train their models on your data, via API settings and contract terms where available (e.g., zero-retention modes).

Your rights

Under the GDPR, you can:

To exercise any of these rights, email hi@asktonic.com. We respond within 30 days.

How long we keep your data

We keep your account data for as long as your Tonic account exists. If you delete your account, we delete the underlying data from our systems within 30 days, except where law requires us to retain something longer (e.g., financial records for Dutch tax purposes). Anonymous diagnostic data is retained for up to 90 days.

Children

Tonic is not directed to anyone under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us data, email hi@asktonic.com and we will delete it.

Security

Data is encrypted in transit (TLS 1.2+) and at rest. Backend access is limited to people who need it to operate the service. We log administrative access and review it periodically.

Changes to this policy

If we change this policy, we post the new version here with a new effective date, and notify you inside the app for any material change. The current version always lives at https://asktonic.com/privacy.

Contact

Privacy questions, data requests, or anything you want us to know — email hi@asktonic.com. Or write to Prisma Labs, Maerten van Heemskerckstraat 65, 2021ZH Haarlem, Netherlands.

Looking for help with the app instead?

Go to support