Data Privacy in Health Apps — What I Chose Not to Collect

The Default Is to Collect Everything

When I set up analytics for Lunair, every tutorial and SDK I encountered was designed to maximize data collection. Session recordings, user journeys, demographic profiling, device fingerprinting. The default for modern app development is to hoover up everything and figure out what is useful later.

For a mental health app, I decided to go the opposite direction.

What Lunair Does Not Collect

• No personal health data leaves the device. Breathing session history, pattern preferences, and usage frequency stay in local storage. Period.
• No user accounts. No email, no sign-up, no social login. There is nothing to breach because there is nothing stored server-side.
• No location data. I have no reason to know where someone is breathing.
• No third-party analytics SDKs. No Firebase Analytics, no Mixpanel, no Amplitude. Every one of these sends data to third-party servers with their own privacy policies.

What I Do Collect (and Why)

I use Apple's built-in App Analytics through App Store Connect. This gives me:

• Download numbers
• Session counts (aggregate, not per-user)
• Crash reports
• Device type distribution

This is enough to make informed product decisions without knowing anything about individual users.

The Technical Implementation

Keeping data local is surprisingly straightforward with SwiftUI and SwiftData:

@Model
class BreathingSession {
    var patternId: String
    var startDate: Date
    var duration: TimeInterval
    var completedCycles: Int

    init(patternId: String, startDate: Date,
         duration: TimeInterval, completedCycles: Int) {
        self.patternId = patternId
        self.startDate = startDate
        self.duration = duration
        self.completedCycles = completedCycles
    }
}

All session data lives in the local SwiftData container. It syncs via iCloud if the user has it enabled — meaning the data goes to their iCloud account, not mine. I never see it.

The Privacy Nutrition Label

Apple's App Privacy labels forced me to think carefully about every data point. Lunair's label is almost empty:

Data Not Collected
- We do not collect any data from this app.

That label is a feature. Users see it before downloading and it builds immediate trust, especially in the health category where privacy concerns are elevated.

The Business Trade-Off

I will not pretend there is no cost. Without detailed analytics, I cannot do:

• A/B testing of features
• Funnel analysis to optimize onboarding
• Cohort analysis for retention
• Personalized recommendations

These are real capabilities I am giving up. But for a breathing app, the trust equation tilts heavily toward privacy. Users open Lunair during their most vulnerable moments. The implicit promise is that those moments are private.

How I Make Product Decisions Without Data

Without analytics, I rely on:

1. App Store reviews. Qualitative feedback from people who care enough to write.
2. Direct email. The app has a "Send Feedback" option that opens a pre-filled email. No tracking, just human communication.
3. TestFlight beta testers. A small group who provide detailed feedback on new features.
4. My own usage. I use Lunair daily. If something bothers me, it probably bothers others.

// The feedback mechanism is intentionally simple
Button("Send Feedback") {
    let url = URL(string: "mailto:feedback@example.com?subject=Lunair%20Feedback")!
    UIApplication.shared.open(url)
}

Advice for Health App Developers

1. Default to not collecting. Add data collection only when you have a specific, justified need.
2. Avoid third-party SDKs. Each one is a privacy liability you cannot fully control.
3. Make privacy a feature. Communicate it clearly in your App Store listing.
4. Local-first architecture pays off. It is simpler, faster, and eliminates an entire category of security concerns.

The best security for user health data is not having it in the first place.