Your data stays on your phone.
No accounts. No servers. No analytics. The plain-English explanation of what tmpo reads, writes, and stores.
1. What we store
Everything tmpo records about you lives inside the app's iOS sandbox — your phone's local storage. Specifically:
- UserDefaults — your workouts, lifts, meals, mood check-ins, body measurements, screener history, settings, and preferences.
- Document directory — body progress photos and generated doctor-PDF exports.
- HealthKit — your Apple Health data (read with your permission; some entries are written back so your activity rings stay accurate).
Deleting tmpo from your phone deletes everything tmpo stored. We have no copy.
2. iCloud sync (optional)
If you turn on iCloud sync in Settings, tmpo uses Apple's CloudKit to back up your stores so you can restore them on a new device or to a second device on the same Apple ID. CloudKit storage is encrypted by Apple and tied to your iCloud account — we cannot see it and never receive a copy.
iCloud sync is off by default. You can turn it off at any time from Settings → Sync, and Apple's iOS Settings → [your name] → iCloud lets you wipe the data.
3. HealthKit — what we read
With your permission, tmpo reads these metrics from Apple Health to compute the recovery ring, trend charts, and suggestions:
- Steps, active energy & stand hours
- Sleep stages, duration & efficiency
- Resting heart rate & HRV
- VO₂ max
- Body weight & body fat %
- Heart rate recovery
- Respiratory rate, SpO₂ & wrist temperature
- Time in daylight & headphone audio exposure
- Workouts from Apple Watch & Fitness
- Mindful session minutes
4. HealthKit — what we write
When you log something in tmpo, we also write it to Apple Health so your activity rings and other apps stay accurate:
- Workouts (manually logged)
- Sleep sessions (manual log)
- Walking & running distance
- Body weight
- Water intake
- Nutrition: calories, protein, carbs, fat, fiber
- Caffeine & alcohol
- Mindful sessions
You can revoke write access at any time in iOS Settings → Health → Data Access & Devices → tmpo.
5. Camera and photos
If you use the body-log feature, the photos you take are saved inside tmpo's sandbox only. They are never uploaded. They are included as base64 inside the JSON export if you choose to export a backup; that export file is yours alone — what you do with it is your call.
6. Notifications
All nudges (check-in reminders, sunlight, hydration, caffeine cutoff, wind-down, weekly digest, etc.) are scheduled on-device using Apple's local notification system. There is no push notification server. There is no remote nudge config. Turning off a nudge cancels every pending alert for it.
7. Siri and App Intents
tmpo registers App Intents (LogWater, LogMood, LogBeardTrim, LogWorkout, GetRecoveryScore, StartFastingTimer, etc.) so you can use Siri voice commands and the iOS Shortcuts app. These run on your phone — nothing is sent to Siri's servers beyond what Apple's own intent system requires.
8. Apple Watch and widgets
The tmpo widgets and Apple Watch app read a shared snapshot through an App Group (group.com.kuhlman.mensco). This is on-device shared storage. Nothing leaves your phone.
9. Children
tmpo is not directed at children under 13 and we do not knowingly collect data from them. The app's HealthKit integration and behavior tracking are intended for adult users.
10. Changes to this policy
If we change anything substantive, we'll bump the "Last updated" date at the top of this page and call it out in the next app version's release notes. We won't change the privacy promise in the colored box above without making it loud.
11. Contact
Privacy questions, concerns, or "wait, why are you reading that?" emails: ethan@kuhlman-co.com.