Ephra & FlickerSense by EphyrTech OÜ
Last Updated: January 24, 2026
Introduction
At EphyrTech OÜ (“EphyrTech”, “we”, “us”, or “our”), we believe your privacy is fundamental. This Privacy Policy explains how we collect, use, and protect your information when you use our applications:
- Ephra — A mental health platform connecting patients with care providers
- FlickerSense — A light analysis app for detecting flicker and measuring lighting quality
Company Information
EphyrTech OÜ
Registry Code: 17054069
Harju maakond, Tallinn
Estonia
Email: privacy@ephyrtech.com
Website: https://landing.ephyrtech.com
Information We Collect
Ephra (Mental Health Platform)
Account Information (Required)
- Email address and full name
- Profile photo (optional)
- Authentication credentials (managed by our secure identity provider)
Health & Wellness Data
- Sleep duration, calories, and step counts
- Emotional journal entries and mood tracking
- Body mapping data (sensation intensity across body regions)
- Health goals and preferences
Appointment Data
- Booking details and scheduling information
- Appointment status and history
- Provider notes (visible to your care team)
Apple Health Integration (Optional, iOS only)
- With your permission, Ephra can read and write health data from Apple Health
- This includes sleep, activity, and other wellness metrics
- You control which data types are shared
Care Provider Data (For Providers)
- Professional profile information
- Availability and scheduling preferences
- Patient assignment records
FlickerSense (Light Analysis App)
Account Information (Optional)
- FlickerSense works without creating an account
- If you contact support, we may collect your email address
Camera Access (Required for scanning)
- Used solely for real-time light analysis
- We do NOT save, store, or transmit photos or videos
- Camera data is processed locally and immediately discarded
Scan Results (Stored Locally)
- Flicker frequency and intensity measurements
- Color temperature and brightness readings
- Scan timestamps and names you assign
- All stored on your device only
Location Data (Premium Feature, Optional)
- GPS coordinates when you perform a scan
- Used to organize scans by location
- Stored locally on your device, never transmitted
Health Data Integration (Premium Feature, Optional)
- Sleep and activity data from Apple Health
- Used to correlate light exposure with wellness
- Processed locally, never transmitted
Information Collected Automatically (Both Apps)
Device and Usage Information
- Device type and operating system version
- App version and settings
- General usage patterns (screens viewed, features used)
- Crash reports and performance data
Purchase Information
- Transaction records for premium subscriptions
- Processed by Apple (we do not access payment details)
How We Use Your Information
Ephra
- Facilitate communication between patients and care providers
- Track and display your health metrics and wellness trends
- Manage appointments and send reminders
- Enable care providers to monitor assigned patients
- Improve the platform based on usage patterns
- Comply with healthcare regulations (HIPAA)
FlickerSense
- Perform light analysis using your camera
- Store scan history on your device
- Process premium feature purchases
- Improve the app based on usage patterns
- Support research on lighting impacts (with your opt-in consent)
Data Storage and Security
Ephra
Cloud Storage (Required for functionality)
- Health metrics, journals, and appointments are stored securely in our cloud infrastructure
- All data encrypted with AES-256 at rest
- All transmissions encrypted with TLS 1.3
- Access controlled through role-based permissions
- Comprehensive audit logging for all data access
- Data retained according to HIPAA requirements (minimum 6 years)
HIPAA Compliance
- Ephra is designed to comply with HIPAA regulations
- Business Associate Agreements (BAAs) in place with all vendors
- Regular security assessments and monitoring
FlickerSense
Local Storage (Privacy by default)
- Scan history and results stored only on your device
- Location data (if enabled) stored only on your device
- Health correlations (if enabled) stored only on your device
- Deleting the app removes all local data
Third-Party Services
Ephra Uses:
| Service | Purpose | Data Shared |
|---|---|---|
| Logto | Authentication | Email, login credentials |
| PostHog | Analytics | Anonymous usage data |
| Firebase Cloud Messaging | Push notifications | Device tokens |
| Cloud Infrastructure | Datxa storage | Encrypted health data |
FlickerSense Uses:
| Service | Purpose | Data Shared |
|---|---|---|
| Firebase Analytics | Usage analytics | Anonymous statistics |
| Firebase Crashlytics | Crash reporting | Crash logs, device info |
| Apple StoreKit | Purchases | Transaction data (handled by Apple) |
Neither App Uses:
- Advertising networks
- Social media tracking
- Data brokers or resellers
Data Sharing
We do NOT sell your personal data. We may share information only in these circumstances:
Service Providers
- Only with vendors necessary to operate our services
- All vendors bound by data processing agreements
Care Providers (Ephra only)
- Your assigned care providers can view your health data
- This is essential to the service’s purpose
- You control which providers have access
Legal Requirements
- When required by law or valid legal process
- To protect rights, privacy, safety, or property
Research (FlickerSense, with consent)
- If you opt in, anonymized scan data may be used for research
- Data is fully anonymized and cannot identify you
- You can opt out anytime in Settings
Business Transfers
- In connection with merger, acquisition, or sale of assets
- You will be notified of any such change
Your Rights
For All Users (GDPR)
As we operate from the European Union, you have the right to:
- Access — Request a copy of your personal data
- Rectification — Request correction of inaccurate data
- Erasure — Request deletion (“right to be forgotten”)
- Restriction — Request limitation of processing
- Portability — Receive your data in a portable format
- Objection — Object to processing based on legitimate interests
- Withdraw Consent — Withdraw consent at any time
For California Residents (CCPA)
- Know what personal information is collected
- Request deletion of personal information
- Opt-out of sale of personal information (we do not sell data)
- Non-discrimination for exercising privacy rights
Exercising Your Rights
Ephra: Use in-app settings or contact privacy@ephyrtech.com
FlickerSense:
- Delete all data using “Delete all data” in Settings
- Disable research sharing in Settings
- Uninstall the app to remove all local data
- Contact privacy@ephyrtech.com for other requests
Children’s Privacy
Ephra is intended for users 18 years and older, or minors with parental/guardian consent and supervision.
FlickerSense is not intended for children under 13 years of age.
We do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us immediately at privacy@ephyrtech.com.
International Data Transfers
Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreements with all service providers
- Encryption in transit and at rest
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting the new policy in the App
- Updating the “Last Updated” date
- Sending a notification for material changes
Your continued use of Ephra or FlickerSense after changes constitutes acceptance of the updated policy.
Contact Us
For privacy questions or to exercise your rights:
Email: privacy@ephyrtech.com
Website: https://landing.ephyrtech.com
Summary
Ephra Data Practices
| Data Type | Collected | Stored | Shared |
|---|---|---|---|
| Account info | Yes | Cloud (encrypted) | Auth provider |
| Health metrics | Yes | Cloud (encrypted) | Care providers |
| Journals/Mood | Yes | Cloud (encrypted) | Care providers |
| Appointments | Yes | Cloud (encrypted) | Care providers |
| Apple Health | Optional | Cloud (encrypted) | Never externally |
| Usage analytics | Yes | PostHog | PostHog |
FlickerSense Data Practices
| Data Type | Collected | Stored | Shared |
|---|---|---|---|
| Camera footage | Processed only | Never | Never |
| Scan results | Yes | Device only | Never* |
| Location | Optional | Device only | Never |
| Health data | Optional | Device only | Never |
| Usage analytics | Yes | Firebase | |
| Purchases | Yes | Apple | Apple |
*Unless you opt in to research sharing (anonymized only)
This Privacy Policy is effective as of January 24, 2026.
EphyrTech OÜ — Building technology for better health.