your data.
yours.

three commitments. non-negotiable.

• we will never sell your data to any third party, ever, under any circumstances.
• we will never show you advertising or allow advertisers to target you based on your data.
• we will never share your health or financial data with employers, insurers, or any organisation that could use it to make decisions about you.

these are not aspirations. they are the foundation the product is built on. if xaelr ever changed ownership, these commitments would be contractually binding on any acquirer.

what we collect

xaelr collects only what it needs to build your personal health-wealth picture. nothing more.

health data

• sleep duration and quality (from apple health or your wearable)
• heart rate variability (HRV) and resting heart rate
• step count and movement data
• mood scores from your daily check-ins

financial data

• transactions you log manually or import via CSV
• your income and outgoings as entered during setup
• spending categories and merchant names
• bill and subscription data you add manually

account data

• your first name and email address
• your age range
• your spending trigger (what you told us during onboarding)
• your device type and app version (for crash reporting)

what we do with your data

every piece of data xaelr collects is used for one purpose: building your personal health-wealth picture and making the intelligence in xaelr work for you specifically.

• health and financial data is combined to calculate your xaelr index. your personal health-wealth correlation.
• your spending trigger is used to personalise observations and predictions based on what you told us.
• your mood check-ins are used to build the mood-spend correlation in your xaelr index over time.
• transaction data is used to calculate your weekly number and identify patterns in your spending.
• all data combined is used to generate your monthly portrait and growth arc.

we use AI to generate your monthly portrait and power ask xaelr. when data is processed it is handled securely and is not used to train any AI models. we send only the minimum data necessary to generate each response.

what we will never do

• sell your data to data brokers, advertisers, or any third party.
• use your data to train AI models without your explicit consent.
• share your health data with insurance companies, employers, or financial institutions.
• use your financial data to push particular financial products for commercial gain.
• retain your data after you delete your account (see deletion below).
• send your raw health or financial data to external servers beyond what is necessary to run the product.

where your data is stored

your data is stored securely on your device and on encrypted servers in the UK and EU. we do not store data in jurisdictions without adequate data protection laws.

transaction data, health history, mood logs, and your xaelr index are stored on your device where possible. data that requires server processing (monthly portrait generation, ask xaelr responses) is transmitted over encrypted connections and not retained on our servers after processing.

your rights

under UK GDPR you have the following rights. xaelr is designed to make exercising them as easy as possible.

• right to access. see everything xaelr holds about you via the memory view screen in settings.
• right to correction. correct any inaccurate data directly in the app.
• right to deletion. delete your account and all associated data from settings. deletion is immediate and permanent. we retain no backups of deleted accounts.
• right to portability. export your data in a standard format from settings.
• right to object. object to any processing of your data by contacting us (see below).
• right to restrict processing. restrict how we use your data while a complaint is being investigated.

to exercise any of these rights contact us at the address below. we will respond within 30 days.

data retention

we keep your data for as long as your account is active. when you delete your account all personal data is permanently deleted within 30 days. anonymised aggregate data (with no connection to your identity) may be retained for product improvement.

if you stop using xaelr but do not delete your account, your data is retained until you choose to delete it. we will send a reminder after 12 months of inactivity.

third parties

xaelr uses a small number of third-party services to operate. each is listed below with what data they receive.

• AI processing. anonymised health and financial summaries are used to generate monthly portraits and ask xaelr responses. not used to train models. data is not retained after processing.
• Apple (TestFlight / App Store). receives standard app usage data under Apple's privacy policy. we do not pass health or financial data to Apple beyond what iOS handles natively.
• Switchcraft (bill switching). if you choose to compare bills, your postcode and bill type are shared with Switchcraft to generate quotes. no health or financial account data is shared.
• TrueLayer (open banking). if you connect open banking, TrueLayer receives your bank connection credentials under FCA authorisation. xaelr receives read-only transaction data. no payment initiation.

we do not use advertising networks, social media trackers, or analytics platforms that share data with third parties.

children

xaelr is not intended for users under 18. we do not knowingly collect data from anyone under 18. if you believe a minor has created an account please contact us and we will delete it immediately.

changes to this policy

if we make material changes to this policy we will notify you by email at least 30 days before the changes take effect. you will have the option to delete your account if you do not agree with the changes.

the three commitments at the top of this page will never change without your explicit agreement. all other terms may evolve as the product develops.

contact

for any privacy-related questions, data requests, or complaints: