Effective Date: May 12, 2026 • Last Updated: May 12, 2026

1. Who We Are

Siyan Reflect ("the App," "we," "our," or "us") is published by Siyan Clinical Corporation, a California corporation. The App is a consumer wellness product offered for iOS and Apple Watch. This Privacy Policy explains what information we collect, how we use it, who processes it on our behalf, and the choices and rights you have. Please read it together with our Terms of Use.

2. Wellness Scope

Siyan Reflect is a wellness tool. It does not diagnose, treat, cure, prevent, or monitor any disease or medical condition. The Reflect Guru conversational companion is an AI-based wellness companion. It is not a therapist, not a crisis service, and not a substitute for professional care. If you are experiencing a medical or mental health emergency, call your local emergency number or a crisis line.

3. Information We Collect

We collect only what we need to provide the App's features. The categories below describe everything we receive, generate, or store on your behalf.

3.1 Health & Activity Data (via Apple HealthKit)

With your explicit permission granted in the iOS HealthKit prompt, we access the following from Apple Health:

Heart Rate (BPM) and timestamped heart-rate samples

Heart Rate Variability (HRV)

Resting Heart Rate (RHR)

Sleep analysis

Mindfulness and workout sessions (Mind & Body category)

These readings are used to generate your stress-pattern visualization, readiness signals, breathing-session feedback, and Trends. You can revoke this access at any time in iOS Settings → Health → Data Access & Devices.

3.2 Conversation Data (Reflect Guru)

When you interact with the Reflect Guru companion, we collect:

• Text you type into a session
• Voice audio you record during a voice session (transcribed to text and then discarded; transcripts are retained)
• Session summaries automatically generated at the end of each session

These are processed by our AI sub-processors (see Section 5) so the companion can respond and so you can review your past sessions in the App.

3.3 Account Data

• Email address (used to create your account and contact you about the App)
• Display name (optional)
• Authentication identifiers from Sign in with Apple if you choose that option

3.4 Subscription & Purchase Data

Purchases of Siyan Reflect Pro are processed by Apple through the App Store. We do not receive your payment-card information. We do receive from Apple a transaction identifier, the product purchased, and the subscription status so we can unlock Pro features for your account.

3.5 Device, Diagnostic & Usage Data

• Device model, iOS version, Apple Watch model and connection status
• App version, language, and time zone
• In-app event logs (e.g., session started/completed, screen views) used to operate and improve the App
• Crash reports and performance diagnostics

3.6 What We Do Not Collect

• We do not collect precise location.
• We do not access your contacts, photos, microphone (outside an active voice session you start), or camera.
• We do not use third-party advertising SDKs or identifiers for advertising.

4. How We Use Your Information

We use the information described above only to:

• Provide and personalize the App's wellness features (breathing exercises, stress-pattern visualization, readiness signals, Trends, Reflect Guru conversations, and the recommendation engine);
• Generate and display session summaries to you;
• Operate, maintain, secure, and improve the App;
• Respond to your support requests and communicate service updates;
• Detect, prevent, and address fraud, abuse, and technical issues;
• Comply with applicable laws and enforce our Terms of Use.

We do not sell your information. We do not share your information with advertisers. We do not use your information to train AI models that are made available to other companies or to the public.

5. Service Providers and Sub-Processors

We rely on the following service providers to operate the App. Each is bound by contractual obligations to use your information only to provide services to us: Provider Purpose Categories of Data Processed Apple Inc. HealthKit access, Sign in with Apple, StoreKit purchases, App Analytics (if enabled at the OS level) HealthKit data on device, account identifier, subscription status, diagnostic data Microsoft Azure (App Service, Cosmos DB, Key Vault, Entra ID B2C, Communication Services) Cloud hosting, account storage, transactional notifications Account data, conversation transcripts and summaries, biometric values used for trends and recommendations, app event logs Microsoft Azure OpenAI Service Generating Reflect Guru responses and session summaries Conversation text and contextual biometric values Microsoft Azure Speech Services Speech-to-text and text-to-speech for voice sessions Voice audio (transient) and resulting text transcripts Apple Push Notification service Delivering notifications you have permitted Device push token, notification payload We may add or change sub-processors as our service evolves. Material changes will be reflected in this Policy.

6. Where Data Is Stored and For How Long

Account data, conversation transcripts, session summaries, and biometric values used for trends are stored in Microsoft Azure data centers managed on our behalf. HealthKit data continues to be stored by Apple on your device and in iCloud (under Apple's terms); we read it with your permission and store derived values needed to power the App's features. Category Retention Account data Kept while your account is active. Deleted within 30 days of account deletion request. Conversation transcripts & session summaries Kept while your account is active so you can review past sessions. Deleted within 30 days of account deletion or per your in-app deletion request. Derived biometric values (e.g., daily stress scores) Kept while your account is active to power Trends. Deleted within 30 days of account deletion. Voice audio Transient. Used only to produce a transcript, then discarded by our speech provider. We do not store voice recordings. Diagnostic and event logs Kept up to 12 months, then deleted or aggregated into non-identifying statistics. Backups Retained for up to 90 days after the corresponding live data is deleted.

7. International Data Transfers

We are based in the United States and our primary Azure region is in the United States. If you use the App from outside the United States, you understand that your information will be processed in the United States and other countries where our service providers operate, which may have different data-protection laws than your country of residence.

8. Your Choices and Rights

8.1 In the App

• Revoke HealthKit access at any time in iOS Settings → Health → Data Access & Devices.
• Turn off notifications in iOS Settings → Notifications → Siyan Reflect.
• Delete an individual Reflect Guru session from the session list.
• Delete your account and all associated data from Settings → Account → Delete Account.

8.2 Account Deletion

You can delete your account directly in the App at Settings → Account → Delete Account, or by emailing siyanreflect@siyanclinical.com from the email address associated with your account. We will complete the deletion within 30 days. Deletion removes your account, conversation transcripts, session summaries, and derived biometric values from our active systems; backups are removed within 90 days.

8.3 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose;
• Access a copy of the personal information we hold about you;
• Request deletion of your personal information;
• Correct inaccurate personal information;
• Limit the use of sensitive personal information to what is necessary to provide the service;
• Not be discriminated against for exercising these rights.

We do not sell or share personal information for cross-context behavioral advertising. To exercise any of these rights, email siyanreflect@siyanclinical.com. We will verify your request using the email associated with your account.

8.4 Other U.S. State Privacy Laws

Residents of other U.S. states with comparable privacy laws (e.g., Colorado, Connecticut, Virginia, Utah) may exercise similar rights by contacting us at the email address above.

9. Security

We use industry-standard administrative, technical, and physical safeguards to protect your information, including encryption in transit (TLS), encryption at rest, access controls, secrets management, and routine security review of our service providers. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

10. How We Handle Distressing Content

Reflect Guru includes a content classifier intended to recognize messages that suggest you may be in distress. If the classifier flags such content, the App will display information about non-emergency support resources within the conversation. Siyan Reflect is not a crisis service. We do not contact emergency services, family members, or third parties on your behalf, and we do not monitor your conversations in real time. If you are in danger or in crisis, please call your local emergency number or a crisis line.

11. Age Requirement

Siyan Reflect is intended for users 17 years of age and older. We do not knowingly collect personal information from anyone under 17. If you believe a person under 17 has provided us with information, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page, and, for material changes, we will provide additional notice within the App. Your continued use of the App after the changes become effective constitutes acceptance of the updated Policy.

13. Contact Us

Privacy questions and requests:

• Email: siyanreflect@siyanclinical.com
• Company: Siyan Clinical Corporation
• Mailing address: 480-B Tesconi, Santa Rosa, CA 95401, USA