feat: add Firebase Firestore engine telemetry

.gitignore

@@ -11,6 +11,9 @@ DerivedData/
 .build/
 build/
 
+# Firebase config (contains API keys)
+GoogleService-Info.plist
+
 # Swift Package Manager
 .swiftpm/
 Packages/

apps/HeartCoach/Legal/privacy-policy.md

@@ -0,0 +1,188 @@
+# Privacy Policy
+
+**Last Updated: March 14, 2026**
+
+Thump ("we," "our," or "the app") is a heart health and wellness application for iPhone and Apple Watch. This Privacy Policy explains how we collect, use, store, and protect your information when you use Thump.
+
+By using Thump, you consent to the data practices described in this policy.
+
+---
+
+## 1. Information We Collect
+
+### 1.1 Health and Fitness Data (Apple HealthKit)
+
+With your explicit permission, Thump reads the following data from Apple Health:
+
+- Resting heart rate
+- Heart rate variability (HRV)
+- Heart rate recovery
+- VO2 max
+- Step count
+- Walking and running distance
+- Active energy burned
+- Exercise minutes
+- Sleep analysis
+- Body weight
+- Height
+- Biological sex
+- Date of birth
+
+**Important:** We only read this data to generate wellness insights. We never sell, share, or use your raw health data for advertising, marketing, or data mining purposes.
+
+### 1.2 Account Information
+
+When you sign in with Apple, we receive an anonymous, app-specific identifier issued by Apple. We do not receive or store your name, email address, or other personal information from your Apple ID.
+
+### 1.3 Subscription Information
+
+Thump is free for the first year with full access to all features. No payment information is collected during this period. If you choose to subscribe after the free period, Apple processes your payment. We only receive confirmation of your subscription tier and its status. We do not have access to your payment method, credit card number, or billing address.
+
+### 1.4 Usage Analytics (Opt-In)
+
+If you enable "Share Engine Insights" in Settings, we collect anonymized performance data about how our wellness engines compute your scores. This includes:
+
+- Computed wellness scores (e.g., readiness score, stress level, bio age)
+- Engine confidence levels and timing data
+- App version, build number, and device model
+
+**This data never includes your raw health values** (heart rate, HRV, steps, sleep hours, etc.). Only the computed scores and engine performance metrics are collected.
+
+You can disable this at any time in Settings > Analytics.
+
+In debug/development builds, this data collection is enabled by default for quality assurance purposes.
+
+### 1.5 Device Information
+
+We may collect basic device information such as device model (e.g., "iPhone 16") for engine performance analysis. We do not collect device identifiers (UDID, IDFA) or location data.
+
+---
+
+## 2. How We Use Your Information
+
+We use the information we collect to:
+
+- **Provide wellness insights:** Analyze your health data to generate heart trend assessments, readiness scores, stress levels, bio age estimates, coaching recommendations, and daily nudges.
+- **Sync between devices:** Transfer wellness insights (not raw health data) between your iPhone and Apple Watch via WatchConnectivity.
+- **Send local notifications:** Deliver anomaly alerts and wellness nudges directly on your device. Notification content never includes specific health metric values.
+- **Improve our engines:** If you opt in, anonymized engine performance data helps us improve the accuracy of our wellness algorithms.
+- **Manage subscriptions:** Determine which features are available based on your subscription tier.
+
+---
+
+## 3. How We Store Your Information
+
+### 3.1 On-Device Storage
+
+Your health data is stored locally on your device using AES-256-GCM encryption. Data is stored in the app's sandboxed container and protected by your device's passcode and biometric authentication.
+
+- Health snapshot history: up to 365 days stored locally
+- User profile and preferences: stored in encrypted local storage
+- Apple Sign-In identifier: stored in the iOS Keychain
+
+### 3.2 Cloud Storage
+
+If you opt in to "Share Engine Insights," anonymized engine performance data is stored in Google Firebase Firestore. This data is:
+
+- Linked to a pseudonymous identifier (a one-way SHA-256 hash of your Apple Sign-In ID)
+- Stored on Google Cloud infrastructure with encryption at rest and in transit
+- Not linked to your real identity, email, or personal information
+- Retained for engine quality analysis purposes
+
+**We do not store raw health data in the cloud.** Your heart rate, HRV, sleep, steps, and other HealthKit values never leave your device.
+
+### 3.3 iCloud
+
+We do not store any health or personal data in iCloud.
+
+---
+
+## 4. How We Share Your Information
+
+**We do not sell your data.** We do not share your information with third parties for advertising, marketing, or data mining purposes.
+
+We may share limited information with the following service providers:
+
+| Service | Data Shared | Purpose |
+|---------|------------|---------|
+| Apple (HealthKit) | Health data remains on device | Reading health metrics |
+| Apple (Sign in with Apple) | Anonymous user identifier | Authentication |
+| Apple (StoreKit) | Subscription status | Payment processing |
+| Google Firebase Firestore | Anonymized engine scores, device model, app version | Engine quality analysis (opt-in only) |
+
+No other third parties receive any data from Thump.
+
+---
+
+## 5. Push Notifications
+
+Thump uses **local notifications only** (not remote/cloud push notifications). Notifications are generated entirely on your device based on your health assessments.
+
+- **Anomaly alerts:** Notify you when your health metrics deviate from your personal baseline.
+- **Wellness nudges:** Remind you about daily wellness activities (walking, hydration, breathing exercises, etc.).
+
+Notification content never includes specific health metric values (e.g., your actual heart rate number). You can disable notifications at any time in your device's Settings.
+
+---
+
+## 6. Data Retention
+
+- **On-device data:** Retained as long as you use the app. Deleted when you uninstall Thump.
+- **Firebase data (opt-in):** Anonymized engine performance data is retained for quality analysis. Since this data is pseudonymous and contains no raw health values, it cannot be linked back to you after account deletion.
+- **Apple Sign-In:** Your credential is stored in the Keychain and deleted if you revoke access through Apple ID settings.
+
+---
+
+## 7. Your Rights and Choices
+
+You have control over your data:
+
+- **HealthKit permissions:** You can grant or revoke access to specific health data types at any time in Settings > Health > Thump.
+- **Engine insights:** You can opt in or out of anonymized engine data collection in Thump Settings > Analytics.
+- **Notifications:** You can enable or disable notifications in your device's Settings.
+- **Delete your data:** Uninstalling Thump removes all locally stored data. To request deletion of any cloud-stored anonymized data, contact us at the email below.
+- **Sign-In revocation:** You can revoke Sign in with Apple access at any time through Settings > Apple ID > Password & Security > Apps Using Your Apple ID.
+
+---
+
+## 8. Children's Privacy
+
+Thump is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can delete it.
+
+---
+
+## 9. Security
+
+We implement industry-standard security measures to protect your data:
+
+- AES-256-GCM encryption for locally stored health data
+- iOS Keychain for sensitive credentials
+- SHA-256 hashing for pseudonymous identifiers
+- HTTPS/TLS for all network communications
+- Firebase security rules for cloud-stored data
+
+No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
+
+---
+
+## 10. International Users
+
+Thump processes data on your device and, if opted in, on Google Cloud servers. By using Thump, you consent to the transfer and processing of your anonymized data in the regions where Google Cloud operates.
+
+---
+
+## 11. Changes to This Policy
+
+We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last Updated" date at the top of this policy. Your continued use of Thump after changes are posted constitutes your acceptance of the updated policy.
+
+---
+
+## 12. Contact Us
+
+If you have questions about this Privacy Policy or your data, please contact us at:
+
+**Email:** privacy@thump.app
+
+---
+
+*This privacy policy complies with Apple's App Store Review Guidelines (Section 5.1), HealthKit usage requirements, the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).*

apps/HeartCoach/Legal/terms-of-service.md

@@ -0,0 +1,193 @@
+# Terms of Service
+
+**Last Updated: March 14, 2026**
+
+Please read these Terms of Service ("Terms") carefully before using the Thump application ("the app," "Thump," "we," "our," or "us").
+
+By downloading, installing, or using Thump, you agree to be bound by these Terms. If you do not agree, do not use the app.
+
+---
+
+## 1. Description of Service
+
+Thump is a heart health and wellness application for iPhone and Apple Watch that analyzes health data from Apple HealthKit to provide wellness insights, trend analysis, readiness scores, stress assessments, and daily wellness nudges.
+
+---
+
+## 2. Not Medical Advice
+
+**IMPORTANT: Thump is a wellness and fitness application. It is NOT a medical device and does NOT provide medical advice, diagnosis, or treatment.**
+
+- The insights, scores, and recommendations provided by Thump are for **informational and wellness purposes only**.
+- Thump's algorithms analyze trends in your health data to provide general wellness guidance. These are not clinical assessments.
+- **Do not use Thump as a substitute for professional medical advice.** Always consult a qualified healthcare provider for medical concerns, especially regarding heart health, abnormal symptoms, or changes in your condition.
+- If you experience chest pain, shortness of breath, irregular heartbeat, or any other medical emergency, **call emergency services immediately**. Do not rely on Thump for emergency health decisions.
+- Thump's anomaly alerts indicate statistical deviations from your personal baseline. They are not diagnostic indicators of any medical condition.
+
+---
+
+## 3. Eligibility
+
+You must be at least 13 years old to use Thump. By using the app, you represent that you meet this age requirement. If you are under 18, you should review these Terms with a parent or guardian.
+
+---
+
+## 4. Account and Sign-In
+
+Thump uses Sign in with Apple for authentication. You are responsible for maintaining the security of your Apple ID. We do not create separate accounts or store passwords.
+
+---
+
+## 5. Launch Offer and Subscriptions
+
+### 5.1 First-Year Free Access
+
+All users who download Thump during the launch period receive **complimentary full access to all features for one (1) year** from the date of their first sign-in. No subscription or payment is required during this period.
+
+This includes access to all Pro and Coach tier features at no cost. You will be notified before the free period ends and given the option to subscribe to continue using premium features.
+
+### 5.2 Future Subscriptions
+
+After the one-year free period, Thump may offer paid subscription tiers with different feature access levels. Subscription details and pricing will be displayed within the app before any charges apply. You will never be charged without your explicit consent.
+
+### 5.3 Billing
+
+If you choose to subscribe after the free period, all payments are processed by Apple through the App Store. By subscribing, you agree to Apple's terms of payment. We do not process payments directly or have access to your payment information.
+
+### 5.4 Auto-Renewal
+
+Future paid subscriptions will automatically renew unless you cancel at least 24 hours before the end of the current billing period. You can manage or cancel your subscription at any time through Settings > Apple ID > Subscriptions on your device.
+
+### 5.5 Refunds
+
+Refund requests must be directed to Apple, as they process all App Store payments. We do not have the ability to issue refunds directly.
+
+---
+
+## 6. Acceptable Use
+
+You agree not to:
+
+- Use Thump for any unlawful purpose
+- Attempt to reverse-engineer, decompile, or disassemble the app
+- Introduce false or misleading health data into the app
+- Use the app's insights for commercial health assessments or clinical decisions
+- Circumvent subscription restrictions or feature gates
+- Redistribute, resell, or sublicense the app or its content
+
+---
+
+## 7. Health Data and Privacy
+
+Your use of health data within Thump is governed by our [Privacy Policy](https://thump.app/privacy). Key points:
+
+- Health data is read from Apple HealthKit with your explicit permission
+- Raw health data is stored locally on your device with encryption
+- Raw health data is **never uploaded to our servers** or shared with third parties
+- Anonymized engine performance data may be collected if you opt in
+- Health data is never used for advertising or data mining
+
+---
+
+## 8. Apple HealthKit Compliance
+
+In accordance with Apple's HealthKit guidelines:
+
+- We do not use HealthKit data for advertising or similar services
+- We do not sell HealthKit data to advertising platforms, data brokers, or information resellers
+- We do not use HealthKit data for purposes unrelated to health and fitness
+- We do not store HealthKit data in iCloud
+- We do not disclose HealthKit data to third parties without your explicit consent
+
+---
+
+## 9. Intellectual Property
+
+All content, features, and functionality of Thump — including but not limited to algorithms, design, text, graphics, and software — are owned by us and protected by intellectual property laws. You may not copy, modify, or create derivative works based on the app.
+
+---
+
+## 10. Disclaimer of Warranties
+
+**THUMP IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED.**
+
+To the fullest extent permitted by law, we disclaim all warranties, including but not limited to:
+
+- Implied warranties of merchantability, fitness for a particular purpose, and non-infringement
+- Warranties that the app will be uninterrupted, error-free, or free of harmful components
+- Warranties regarding the accuracy, reliability, or completeness of any wellness insights, scores, or recommendations
+- Warranties that the app's algorithms will correctly identify health trends or anomalies
+
+Health data analysis involves inherent uncertainty. Engine scores, readiness assessments, stress levels, bio age estimates, and other outputs are statistical estimates based on available data and may not accurately reflect your actual health status.
+
+---
+
+## 11. Limitation of Liability
+
+**TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THUMP, ITS DEVELOPER, OR ITS AFFILIATES BE LIABLE FOR:**
+
+- Any indirect, incidental, special, consequential, or punitive damages
+- Any loss of profits, data, use, goodwill, or other intangible losses
+- Any damages resulting from your reliance on the app's wellness insights or recommendations
+- Any damages resulting from delayed, missed, or incorrect anomaly alerts or health assessments
+- Any damages arising from unauthorized access to your data
+- Any damages exceeding the amount you paid for the app in the 12 months preceding the claim
+
+**You expressly acknowledge and agree that you use Thump at your own risk.** The wellness insights provided are informational only and should not be relied upon for medical decisions.
+
+---
+
+## 12. Indemnification
+
+You agree to indemnify and hold harmless Thump and its developer from any claims, damages, losses, or expenses (including legal fees) arising from:
+
+- Your use of the app
+- Your violation of these Terms
+- Your reliance on the app's wellness insights for health decisions
+- Any claim by a third party related to your use of the app
+
+---
+
+## 13. Termination
+
+We reserve the right to suspend or terminate your access to Thump at any time, with or without cause, and with or without notice. Upon termination:
+
+- Your right to use the app ceases immediately
+- Locally stored data remains on your device until you uninstall the app
+- Active subscriptions should be cancelled through Apple to avoid further charges
+
+---
+
+## 14. Changes to These Terms
+
+We may modify these Terms at any time. We will notify you of material changes by updating the "Last Updated" date. Your continued use of Thump after changes are posted constitutes acceptance of the revised Terms.
+
+---
+
+## 15. Governing Law
+
+These Terms shall be governed by and construed in accordance with the laws of the jurisdiction in which the developer resides, without regard to conflict of law principles.
+
+---
+
+## 16. Severability
+
+If any provision of these Terms is found to be unenforceable, the remaining provisions will continue in full force and effect.
+
+---
+
+## 17. Entire Agreement
+
+These Terms, together with our Privacy Policy, constitute the entire agreement between you and Thump regarding your use of the app.
+
+---
+
+## 18. Contact Us
+
+If you have questions about these Terms, please contact us at:
+
+**Email:** legal@thump.app
+
+---
+
+*These terms comply with Apple's App Store Review Guidelines and the Apple Developer Program License Agreement requirements for health and fitness applications.*