Physiological data is sensitive — far more so than your email address. We treat it accordingly:
- On-device by default. Your heart rate, HRV, sleep, motion, and session data lives in the Verge app's local store on your iPhone. It does not leave your device unless you explicitly enable cloud sync.
- End-to-end encrypted when synced. If you turn on cloud sync (to back up across devices or restore on a new phone), the data is encrypted with a key derived from your account password before it ever leaves your device. We hold the encrypted bytes; we cannot read the plaintext.
- No model training on identifiable data. We do not train machine-learning models on personally-identifiable health data. Period. The contextual baseline that powers Verge is built and lives on your device. Aggregated, fully-anonymised statistics may be used to improve algorithms — but never in a way that traces back to you.
- You can delete everything. Account deletion removes all your data from our servers within 30 days. Local data deletes immediately when you delete the app.
The full data-handling story is in our Privacy Policy.