HeatAdapt iOS App — Privacy Policy

Effective date: 10 June 2026

This privacy policy describes how the HeatAdapt iOS application handles your personal data. It applies to the iOS app distributed via Apple's App Store under the bundle identifier ai.eleflex.heatadapt.

1. Who we are

The HeatAdapt iOS app is provided by SoftProject OÜ (operating as HeatAdapt under the Eleflex.AI brand), registered in Tallinn, Estonia.

For privacy-related questions or to exercise your GDPR rights, contact info@eleflex.ai.

2. What the app does

The HeatAdapt iOS app is a thin wrapper around our web application at app.eleflex.ai. It exists so that iPhone owners can set up and control their HeatAdapt heat-pump controller, including the initial Bluetooth-based Wi-Fi provisioning step that the iPhone web browser does not support.

When you use the app you are interacting with the same web application a desktop or mobile browser would load, plus a small piece of native iOS code that handles Bluetooth communication with your physical controller during setup.

3. What data we collect through the iOS app

The iOS app collects only what is strictly required to sign you in and let you communicate with your HeatAdapt controller.

3.1 Account information (when you sign in)

When you sign in using Google or Apple, we receive:

  • A unique user identifier (provided by Google or Apple)
  • Your email address
  • Your name (only if you choose to share it via Sign in with Apple — optional)
  • The installation address where your HeatAdapt controller is located. We use it to fetch local weather forecasts and enable other heat-pump control features.

We use this information only to create or restore your HeatAdapt account so you can access your heat-pump dashboard. It is not used for advertising and is not shared with third parties for marketing.

You may sign in with Sign in with Apple's email-relay feature, in which case we receive a per-app proxy address rather than your actual email.

3.2 Wi-Fi credentials during controller setup

When you add a HeatAdapt controller for the first time, the app sends your Wi-Fi network name (SSID) and password from your iPhone to your physical controller over Bluetooth. The credentials travel only between your phone and the controller in your immediate physical vicinity; they are not transmitted to our servers, and the iOS app does not log them or persist them after the setup step completes.

3.3 Bluetooth device information

During Wi-Fi setup, the iOS app scans for nearby Bluetooth Low Energy devices and shows them in a chooser so you can pick your controller. We see the advertised name and signal strength of devices in range only for as long as the chooser is open. Apple's iOS does not expose actual Bluetooth MAC addresses to apps — devices are identified by a per-app random identifier that means nothing outside your phone.

3.4 Data the web application collects

Any data the HeatAdapt web application itself collects when you use it inside the app (for example, heat-pump telemetry, schedules, or settings that you configure) is governed by the existing HeatAdapt privacy policy at https://www.heatadapt.eu/privacy and is the same as if you used the web application from a regular browser.

4. What we do NOT collect or do

  • We do not track you across other apps or websites.
  • We do not use third-party advertising or analytics SDKs in the iOS app.
  • We do not access your location, contacts, photos, microphone, camera, or any other on-device data except Bluetooth (described above).
  • We do not collect device identifiers such as IDFA / advertising ID.

5. Third parties

The iOS app integrates with the following third parties as part of its core function:

  • Google Sign-In (Google LLC) — used when you choose "Sign in with Google". Google provides us only with the user identifier, email address, and (if you have set it) your name. Google's own privacy policy applies to their handling of the sign-in flow: https://policies.google.com/privacy.
  • Apple Sign in with Apple (Apple Inc.) — used when you choose "Sign in with Apple". Apple provides us only with the user identifier, an email address (real or relay), and optionally your name. Apple's privacy policy applies: https://www.apple.com/legal/privacy/.
  • Firebase Authentication (Google LLC) — manages your authenticated session in the web application. Subject to Google's privacy policy.

We do not use any other third-party SDKs in the iOS app.

6. Permissions the app requests

  • Bluetooth — required to set up your HeatAdapt controller's Wi-Fi connection during initial provisioning. Used only when you initiate Wi-Fi setup; the app does not use Bluetooth in the background.

7. Where data is stored

  • Account information is stored by Firebase Authentication (Google LLC), in datacenters operated by Google. Your account record contains the identifiers described in section 3.1.
  • Heat-pump configuration and usage data entered or generated through the web application is stored on our servers in the EU. The HeatAdapt web app privacy policy at https://www.heatadapt.eu/privacy describes retention and data handling for that information.
  • Wi-Fi credentials entered during controller setup are transmitted to the physical controller only; they are not retained by the iOS app or uploaded to any server.

8. How long we keep data

Account information is retained for as long as your HeatAdapt account is active. If you delete your account (see section 9), we delete the associated account record.

Heat-pump telemetry and configuration retention follows the same rules as the web application — see https://www.heatadapt.eu/privacy.

9. Your rights (GDPR)

Because we operate from Estonia (EU), you have the following rights under the GDPR regardless of where you live:

  • Access — request a copy of the data we hold about you
  • Correction — request that we correct inaccurate or incomplete data
  • Deletion — request that we delete your account and associated data
  • Portability — request your data in a machine-readable format
  • Restriction — request that we restrict processing of your data
  • Objection — object to specific processing
  • Withdrawal of consent — where processing is based on your consent

To exercise any of these rights, email info@eleflex.ai. We will respond within 30 days.

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, https://www.aki.ee) or with the supervisory authority in your EU country of residence.

10. Children

The HeatAdapt app is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact info@eleflex.ai and we will delete it.

11. Security

Personal data is transmitted exclusively over HTTPS / TLS. Account credentials are managed by Firebase Authentication, which uses industry-standard practices including hashed password storage and OAuth-based federated sign-in.

We do not store Bluetooth-transmitted Wi-Fi credentials at any point — they travel directly from your iPhone to your physical controller over a Bluetooth Low Energy connection that is established only during the moments you are actively setting up the device.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated in a future iOS app update or via email if you have an active account. The "Effective date" at the top of this document reflects the most recent revision.

13. Contact

Questions, complaints, or rights requests:

  • Email: info@eleflex.ai
  • Postal: SoftProject OÜ, Tulika 19, 10613 Tallinn, Estonia