Hush

Effective 2026-05-30

Privacy Policy

Hush is built around a single promise: your health data stays on your device, under your control. We run no servers that can read it.

The short version

We do not run any servers that receive your sleep or health data.
There are no accounts and no sign-up. We never see who you are.
We do not use third-party analytics, ad SDKs, crash reporters that include user data, or any tracker that fingerprints your device.
Every insight ("Morning Read", "Tonight", patterns, correlations) is computed entirely on your iPhone.
Optional iCloud Sync (off by default) backs your nights up to your own private iCloud — it never passes through us, because we have no server.
Subscription billing is handled by Apple — Apple sees the transaction, we never do.

Data we read from Apple Health

With your explicit permission, Hush reads (read-only) the following types from HealthKit on your device:

Category	Specific types
Sleep	Sleep analysis (in-bed, awake, core, deep, REM)
Cardio	Heart rate, heart rate variability (SDNN), resting heart rate
Respiration	Respiratory rate, sleeping wrist temperature
Daylight & activity	Time in daylight, workouts, active energy
Optional context	Caffeine intake, alcoholic beverages

We never write anything back to Apple Health.

Data we store locally

Hush stores the resulting nightly summaries in your app's local Application Support directory. This data:

stays in the app's sandbox on your device
is deleted when you delete the app
is included in your iCloud / encrypted iTunes backup only if you have those backups enabled — Apple controls that, not us

The on-device cache is a local Core Data store. It contains only the derived metrics needed to produce your daily Read — it does not contain raw HealthKit samples.

iCloud Sync (optional, off by default)

If you turn on iCloud Sync (Settings → Sync), these same nightly summaries are also written to your own private iCloud database (Apple's CloudKit) so your other devices can restore them. That copy lives in your personal iCloud account — encrypted by Apple and inaccessible to us. Hush runs no server and never receives it. Nothing is shared with anyone, and turning the toggle off stops all syncing.

What we don't collect

Hush does not collect:

your name, email, phone number, or device identifier
precise location, IP address, or network telemetry
analytics events, screen views, button taps, or app sessions
contacts, calendars, photos, microphone, or camera

We have no opinion on what your sleep looks like, because we never see it.

Subscriptions

Hush+ is a paid auto-renewable subscription handled entirely by Apple's App Store / StoreKit. Apple sends us an anonymized transaction signal so the app can unlock paid features. We do not receive your Apple ID, email, or payment details. You can cancel anytime in Settings → Apple ID → Subscriptions.

Notifications

If you grant permission, Hush schedules local-only notifications (morning read, evening wind-down). These are queued on your device. We do not run a push-notification server — there is no remote endpoint that could send you a message.

Your control

You can, at any time:

Revoke Hush's access in Settings → Privacy → Health → Hush.
Delete the local cache from Settings → Reset baseline inside Hush.
Delete the app, which removes every byte Hush has stored.

Children

Hush is not directed to children under 13 and we do not knowingly process data from them. If you believe a minor is using the app, ask them to delete it — there is nothing for us to delete server-side because we don't have a server.

Changes to this policy

If we ever change what Hush reads, stores, or sends, we will update this page and bump the effective date. Material changes will be surfaced inside the app on next launch.

Contact

Questions or concerns: info@hashingcorp.com