Last updated: 20 June 2026

1. Who we are

LetoCare ("we", "our", "us") is operated by Leto SAS, a company incorporated in France. You can contact us at [email protected].

This policy explains what personal data we collect when you use the LetoCare iOS app ("the App"), why we collect it, how we use it, and your rights under the General Data Protection Regulation ("GDPR") and other applicable privacy laws.

2. What data we collect

Account data. When you sign up, we create an account using Sign in with Apple or an anonymous identifier. If you use Sign in with Apple, we receive the email address (or Apple's private relay address) associated with your Apple ID and, only if you allow it, your name. We do not otherwise collect your name or email.

Profile data. During onboarding, you provide your age, sex, height, weight, sleep target, training frequency, and diet style. You may also add free-text personal context (job, lifestyle, goals).

Scan data. When you complete a face or voice scan, we compute wellness estimates including heart rate, heart rate variability, respiratory rate, voice mood, mental fitness score, and stress score. These are general wellness estimates, not medical measurements.

The face scan uses your device's front camera, including the TrueDepth camera, to track and stabilise the position of your face during the scan. The depth and face-geometry data produced by the TrueDepth camera are used only in real time for this purpose. They are never used to identify or authenticate you, are never used to build a facial-recognition model, and are never stored on your device or transmitted to us or to any third party.

To compute the metrics, individual face-scan camera frames are transmitted to our scan provider VitalLens (Rouast Labs), and your voice recording is transmitted to Sonde Health. These providers process the data to return the computed metrics and do not retain the raw media beyond what is needed for processing. We do not store raw video, and raw audio is deleted within 24 hours of processing. Only the computed wellness metrics are retained.

Health data from Apple Health. With your permission, we read heart rate variability, resting heart rate, sleep, steps, active energy, VO2max, and workout records. We never write to Apple Health.

Usage and marketing data. We collect basic in-app events (e.g. app opened, scan completed, briefing opened, onboarding completed) to understand product usage, and aggregate ad-attribution signals to measure how our marketing performs. These are processed on our behalf by our analytics provider, PostHog, and our attribution provider, Singular. They are identified only by your account identifier and standard device/attribution signals: we never send health or biometric data to either provider. We do not use third-party advertising SDKs, we do not use the device advertising identifier (IDFA), and we do not track you across other apps or websites. Marketing attribution uses Apple's privacy-preserving SKAdNetwork framework only.

Conversation and AI-processed data. To generate your personalized insights, daily briefings, and recommendations, the App sends your computed scan metrics, the Apple Health metrics you connect, your profile and personal context, and the messages you send to your AI Twin to our AI provider, Anthropic, PBC (operator of Claude). Anthropic processes this data solely to generate responses for you, does not use it to train its models, and does not sell it. Conversation messages are stored so the assistant can remember context across sessions.

3. Why we collect it

We do not sell your data. We do not use your data for advertising.

4. Legal basis (GDPR)