← Back to Defog

Privacy Policy

Last updated: April 14, 2026

1. Introduction

Defog is operated by MJ Collective, operated by M.J. Nauta ("Defog," "we," "us," or "our"). This Privacy Policy explains how we collect, use, store, share, and otherwise process personal data when you use the Defog mobile application, any Defog websites or landing pages that link to this Privacy Policy, and related services (collectively, the "Services").

Defog is a wellness and self-tracking service designed to help users log information, identify patterns related to brain fog and related lifestyle factors, and receive informational insights, recommendations, and experiments.

Certain data you choose to provide may be sensitive personal data under applicable law, including health-related information. We treat that data with heightened care.

If you do not agree with this Privacy Policy, please do not use the Services.

2. Who We Are

Operator: MJ Collective, operated by M.J. Nauta

Support and privacy contact: support@defogapp.com

3. Data We Collect

3.1 Data You Provide Directly

We may collect the following categories of data directly from you:

• Account data: email address, sign-in method, account identifiers, and name if you choose to provide it.
• Onboarding data: answers to onboarding questions, including symptom history, possible triggers, routines, concerns, goals, and other context you choose to provide.
• Check-in data: brain fog severity, sleep, hydration, exercise, stress, mood, screen time, symptoms, supplements, medications, conditions, food-related observations, and other fields you choose to log.
• Meal and food data: meal timing, meal names, foods, ingredients, tags, and related notes you submit.
• Notes and free text: journal-style notes, context notes, spike notes, support messages, bug reports, feedback, and other text you choose to enter.
• Preferences and settings: reminder settings, tracked categories, onboarding state, subscription-related settings, and other app preferences.

3.2 Data Collected Automatically

We may collect limited technical and usage data automatically, such as:

• device type, operating system, app version, language, and time zone;
• service logs, diagnostics, crash-related information, error logs, timestamps, session activity, and security events;
• IP address and network information needed for service delivery, security, and abuse prevention;
• authentication and entitlement-related technical data needed to determine access to premium features.

3.3 Subscription and Purchase Data

If you purchase a subscription through Apple’s App Store, Apple processes your payment. We do not receive or store your full payment card details. We may receive subscription and entitlement information necessary to verify access, such as plan tier, trial status, renewal status, product identifiers, transaction references, and related entitlement metadata.

3.4 Sensitive / Health-Related Data

Depending on what you choose to enter, the data we process may include health-related or otherwise sensitive data, including symptoms, medications, supplements, conditions, food and routine data, and other information that may reveal health patterns. If you choose to enter sex-related, reproductive, or similar sensitive information, we will process that data as part of providing the Services.

4. How We Use Your Data

We use personal data to:

• create and manage your account;
• provide, operate, and secure the Services;
• store and display your logs, notes, meals, settings, and related history;
• generate pattern summaries, insights, recommendations, experiments, and other informational outputs;
• personalize the Services based on your settings, history, and inputs;
• verify subscriptions, trials, entitlements, and premium feature access;
• troubleshoot bugs, protect against abuse, investigate incidents, and maintain service integrity;
• respond to support requests, login requests, bug reports, and feedback;
• improve the Services, including performance, safety, and feature development;
• comply with legal obligations, enforce our Terms, and protect rights, safety, and property.

5. AI and Automated Processing

Defog may use rules-based systems, statistical models, machine learning systems, and large language model providers, including OpenAI, to process relevant user inputs and generate informational outputs such as summaries, recommendations, explanations, and experiments.

This may involve transmitting relevant portions of your inputs and account context to service providers acting on our behalf. Defog’s outputs are informational only and are not medical advice, diagnosis, or treatment.

Defog is not intended to make decisions that produce legal or similarly significant effects about you.

6. Legal Bases for Processing

Where GDPR or UK GDPR applies, we may rely on the following legal bases:

• Performance of a contract — where processing is necessary to provide the Services you requested.
• Legitimate interests — where necessary for service security, fraud prevention, support, diagnostics, and product improvement, provided those interests are not overridden by your rights.
• Consent — where we rely on your consent, including where required for sensitive data processing, optional integrations, or certain communications.
• Legal obligation — where processing is necessary to comply with applicable law or legal process.

For special-category or sensitive data, where required by applicable law, we rely on an additional lawful condition, which may include your explicit consent.

7. We Do Not Sell Your Personal Data

We do not sell your personal data for money.

We do not use your health-related data for third-party advertising.

8. How We Share Personal Data

We may share personal data only as reasonably necessary to operate the Services, including with:

Service	Purpose	Data Shared
Supabase	Backend infrastructure, database, authentication, and related processing	Account data, user-submitted data, authentication and service data
RevenueCat	Subscription and entitlement handling	Subscription status, entitlement metadata, app account identifiers
Apple App Store	Billing, subscriptions, app distribution	Payment and subscription data handled through Apple
OpenAI	AI-powered processing and generated outputs	Relevant user inputs and account context needed to generate outputs
Resend	Authentication and sign-in email delivery	Email address and login-related email metadata

We may also disclose personal data to professional advisers, regulators, law enforcement, or similar recipients where required by law or reasonably necessary to protect rights, safety, or security, and to a buyer, investor, or successor in connection with a merger, acquisition, financing, restructuring, or sale of assets, subject to applicable law.

9. International Transfers

Your personal data may be processed in countries outside your country of residence. If you are in the UK or EEA and your personal data is transferred to a country that is not recognized as providing an adequate level of protection, we will use appropriate safeguards where required by law.

10. Data Retention

• Active accounts: we retain account data and user-submitted data while your account remains active.
• Delete my data: if you use the in-app delete-data flow, we delete or reset the relevant user-submitted data while your account remains active, subject to limited technical, security, or legal necessities.
• Delete my account: if you use the in-app delete-account flow, we delete your account and associated personal data from active systems without undue delay.
• De-identified and aggregated data: we may retain information that can no longer reasonably identify you for analytics, product improvement, and service integrity purposes.

11. Security

We use administrative, technical, and organizational safeguards intended to protect personal data, including encryption in transit, access controls, and other reasonable security practices appropriate to the nature of the data. However, no system is completely secure, and we cannot guarantee absolute security.

12. Your Privacy Rights

Depending on your location and applicable law, you may have rights to:

• access personal data we hold about you;
• correct inaccurate data;
• delete personal data;
• withdraw consent where processing relies on consent;
• object to or restrict certain processing;
• complain to a supervisory authority or regulator.

We may need to verify your identity before acting on a request.

13. In-App Controls

Defog may offer in-app controls such as:

• deleting logged data while keeping the account;
• deleting the account entirely;
• adjusting reminders and tracking settings.

Export-data functionality is not currently available in-app.

14. Apple Health / HealthKit

If Defog integrates with Apple Health or HealthKit in the future, we will request your permission before accessing HealthKit data. If enabled, HealthKit data will only be used to provide and improve health and wellness functionality within Defog, and it will not be used for advertising, marketing, or data broker purposes.

15. Children’s Privacy

Defog is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us in violation of this policy, contact us and we will investigate and take appropriate action.

16. Website Cookies and Tracking

At this time, we do not use website analytics or advertising tracking tools on our marketing site. If that changes, we may update this Privacy Policy and, where required, provide additional cookie disclosures or consent tools.

17. Region-Specific Disclosures

17.1 UK / EEA

If you are in the UK or EEA, you may have rights under the GDPR or UK GDPR, including rights of access, correction, erasure, restriction, objection, portability, and complaint to a supervisory authority.

17.2 California and Other Applicable U.S. State Laws

If applicable U.S. privacy laws apply, you may have rights to know, delete, and correct certain personal data, subject to applicable exceptions. We do not sell personal data, and we do not use health-related data for targeted advertising.

18. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we may notify you through the Services, by email, or by posting an updated notice. The “Last updated” date reflects the most recent revision.

19. Contact

For privacy questions, requests, or concerns, contact us at support@defogapp.com.