Privacy Policy
Effective date: July 5, 2026
This Privacy Policy explains how Aura Crafts LLC ("we", "us") collects, uses, and protects your information when you use the spike mobile application ("spike", the "App") and the spikehealth.app website. spike is designed around a simple principle: your health data exists to give you answers, not to be sold, shared, or used for advertising.
1. Health data from Apple Health (HealthKit)
With your explicit permission, spike reads and writes the following through Apple's HealthKit framework:
- We read: blood glucose (from your CGM), steps, active energy, exercise time, workouts, and water intake.
- We write: the water you log and the nutrition of meals you log (calories, protein, carbohydrates, sugar, fiber, cholesterol, fat, sodium).
Here is exactly what happens with your glucose data:
- Glucose readings are read from Apple Health on your device to display your daily curve and analyze your responses to meals.
- Raw glucose readings are not uploaded to our servers. When a meal's response is analyzed, only summary values for that meal (baseline, peak, the change between them, and recovery time) are stored in your private account record so they sync across your sessions.
- Health data from HealthKit is never used for advertising or marketing, never sold, and never shared with data brokers. We do not use HealthKit data for any purpose other than providing the App's features to you, consistent with Apple's HealthKit guidelines.
You can revoke Health access at any time in iOS Settings > Privacy & Security > Health > spike.
2. Other information we collect
- Account information: your email address and name from Sign in with Apple or Google, and a user identifier.
- Profile and goals: information you provide during onboarding, such as gender, date of birth, height, weight, goals, activity level, diet preference, and which CGM you use.
- Food logs: meals you log, including photos you take of food, nutrition data, and the meal-response summaries described above.
- Progress data: weight entries and progress photos you choose to add.
- Usage and diagnostics: app interaction events, crash reports, and device information used to fix bugs and improve the App.
3. How we use information
- To provide the App: analyzing meal responses, showing your glucose curves, calculating nutrition targets, and syncing your data across sessions.
- To process AI meal recognition: photos of food you submit are processed to identify foods and estimate nutrition.
- To manage your subscription and free trial.
- To respond to support requests and send service notifications you've enabled.
- To understand aggregate usage and improve the App.
4. Service providers
We use a small number of processors to run spike. They process data on our behalf and are not permitted to use it for their own purposes:
- Google Firebase (authentication, database, storage, crash reporting, analytics): stores your account, profile, food logs, and meal-response summaries.
- RevenueCat (subscription management): processes purchase receipts; it does not receive health data.
- AppsFlyer (install attribution): receives device-level install data; it does not receive health data.
Payment is processed by Apple; we never see your payment details.
5. What we don't do
- We do not sell your personal information.
- We do not share your health data with advertisers, data brokers, or social networks.
- We do not use glucose or other HealthKit data for advertising, marketing, or machine-learning training unrelated to providing your features.
6. Data retention and deletion
Your data is retained while your account is active. You can delete your account at any time in the App (Account tab > Delete Account) or by following the steps on our account deletion page. Deletion removes your account, profile, food logs, photos, and meal-response summaries from our systems. Data in Apple Health belongs to you and remains under your control on your device.
7. Children
spike is not intended for anyone under 17, and we do not knowingly collect data from children. Over-the-counter CGMs supported by spike are indicated for adults 18+.
8. Security
Data in transit is encrypted with TLS. Data at rest is stored in Google Firebase with industry-standard protections and access controls scoped to your account.
9. Your rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal information. Contact us at support@spikehealth.app and we'll honor these requests.
10. Changes
If we make material changes to this policy, we'll update the effective date above and notify you in the App.
11. Contact
Aura Crafts LLC
support@spikehealth.app