Privacy notice — UK GDPR

HushOS is operated by Sifotech UK Ltd from the United Kingdom. For any privacy question, exercise of your rights, or data complaint, contact us at privacy@sifotech.co.uk. You can also use the feedback page or open an issue on GitHub. We aim to respond within 48 hours.

Sifotech UK Ltd is registered in England & Wales (Companies House number TBC). ICO registration number TBC.

• · No advertising trackers, no fingerprinting, no Google Analytics.
• · No selling, renting, or sharing of any data.
• · No account is required to use any feature of HushOS.
• · No cookies for tracking. (See the analytics section below.)

Everything you do in HushOS is stored locally in your browser, on your device, using two technologies:

• · localStorage — small, structured records: your pitch-match profile, TFI / Khalfa scores, daily check-ins, sleep and focus sessions, saved mixes, saved matcher presets, programme progress.
• · IndexedDB — larger data, specifically any audio files you upload yourself in the "Your uploads" section of /sleep.

Clearing your browser's site data removes all of it. We have no server-side copy of this data and no way to restore it.

Three narrow categories of data leave your device. Each is detailed below.

1. Privacy-respecting page-view analytics (Vercel Web Analytics)

• · What: page path, country, browser type, device class.
• · What it is NOT: no IP address stored, no cookies, no fingerprinting, no cross-site tracking.
• · Why: to know roughly how many people use HushOS so we can keep building it.
• · Lawful basis: legitimate interest (Art. 6(1)(f)) — measured against the minimal nature of the data.
• · Retention: handled by Vercel; aggregated and time-limited.

2. Feedback and story submissions (only if you send one)

• · What: your rating, your optional message, your optional email, the page you submitted from, and the IP address logged by Vercel.
• · Why: to read what works and what doesn't, and to reply to you if you asked for one.
• · Lawful basis: legitimate interest for the rating and message; consent (your decision to leave an email) for the email itself.
• · Retention: Vercel deployment logs retain entries for approximately 30 days by default. We do not separately export, store, or aggregate this data anywhere else.

3. Optional sign-in for cloud sync

The login route exists in the code but is currently not connected to a backend — sign-in attempts fail gracefully. If we activate it later, this notice will be updated before we do, and only users who explicitly choose to sign in will be affected.

• · Vercel Inc. (USA) — hosting and the analytics service described above. Vercel is our infrastructure provider.
• · No other third parties process your data on our behalf.

Vercel processes some data in the United States. Where this involves UK / EEA data, we rely on the UK International Data Transfer Addendum and Vercel's Data Processing Addendum to meet UK GDPR transfer requirements.

Under UK GDPR / GDPR you have the following rights:

• · Access — ask what data we hold about you.
• · Erasure — ask us to delete your data. For on-device data this is one click in your browser; for any feedback you sent us with an email address, contact us and we will remove the relevant log entry.
• · Rectification — ask us to correct anything inaccurate.
• · Restriction and objection — ask us to stop or limit processing where you object to the legitimate-interest basis.
• · Portability — your local data is already on your device. The PDF export at /progress/export is one way to take it with you.
• · Withdraw consent — for anything you consented to (e.g. leaving an email), you can withdraw consent at any time.

To exercise any right, email privacy@sifotech.co.uk or use the feedback page.

You also have the right to lodge a complaint with the UK Information Commissioner's Office: ico.org.uk.

HushOS is intended for adults. If you are under 16, please use HushOS only with the involvement of a parent or guardian, and do not send feedback containing personal data without their knowledge.

HushOS is a wellbeing app. The check-ins, TFI scores, audiogram screens and other measures inside HushOS are tools to help you understand your own tinnitus. They are not formal medical records, they are not shared with the NHS or any clinician unless you deliberately print or share the PDF tinnitus summary at /progress/export, and they should not replace seeing a doctor for symptoms that need a doctor.

We will update this page if we change what we collect, who processes it, or how long we keep it. Material changes will also be announced in the changelog.