Privacy Policy — Tolerated

Introduction

Tolerated ("we", "us", "our") is developed by Cocoacorn. This privacy policy explains how the Tolerated app handles your data.

Data We Collect

We do not collect any data. Tolerated has no user accounts, no analytics services, and no third-party SDKs that collect data. Cocoacorn operates no servers.

Data Stored on Your Device

Tolerated stores the following data locally on your device using Apple's SwiftData framework:

• Active protocols and phases (elimination, reintroduction, maintenance)
• Foods you have personally rated as tolerated, partially tolerated, or not tolerated
• Reintroduction challenges with per-day schedules, symptom logs, and verdicts
• Personal thresholds (safe and trigger amounts, confidence levels)
• Symptom logs with timing, severity, and optional Apple Health context
• Saved ingredient scans with names, notes, captured ingredient text, and tolerance markers
• Hidden meals from the Meal Ideas list
• Carer label and Quick Need preset list (when Carer Sharing is configured)
• Preferences (Gentle Mode, App Lock, AI Enhancements opt-in, retest reminder cadence, and similar)

This data never leaves your device unless you choose to enable iCloud sync, in which case it syncs to your personal iCloud account only.

Apple Health

If you enable Health integration in Settings → Health Context, Tolerated reads health data (sleep, HRV, HRV baseline, resting heart rate, cycle phase) from Apple Health. The data is captured into a HealthSnapshot embedded in symptom logs you create around the same time, so you can see non-food confounders alongside reactions during a challenge.

Health data is not stored beyond the snapshot embedded in a log, is never sent to Cocoacorn, and is never transmitted to any server. You can decline Health permission and the rest of the app works exactly the same.

Camera

If you use the ingredient scanner, Tolerated requests camera access to read text from physical ingredient labels via Apple's DataScannerViewController. No images are stored or transmitted — only the recognised text is processed. The OCR runs on device.

iCloud Sync

If you enable iCloud sync in Settings, your data is stored in your personal iCloud account using Apple's CloudKit service. This data is:

• Stored in your private iCloud database, accessible only to you
• Encrypted in transit and at rest by Apple
• Not accessible to Cocoacorn or any third party

We do not operate any servers. We cannot read, access, or process your iCloud data.

You can disable iCloud sync at any time in Settings → More → iCloud Sync. Disabling does not affect data already on your device.

Carer Sharing

If you enable Carer Sharing (Settings → Sharing / Self-care → Share with a carer), Tolerated creates a private CloudKit share zone in your own iCloud account and generates an invite link. The recipient — typically a partner, parent, or friend — installs the free Supported app and accepts the share via the link.

• The carer can see which protocols you are running and the current phase
• Your active reintroduction challenges
• "Quick Needs" you broadcast (for example "Bathroom near", "Need to lie down")

The carer cannot see your symptom logs, scan history, or any data you have not explicitly chosen to share. The share is end-to-end encrypted by Apple's CloudKit. You can revoke the share at any time from the same screen — the carer's view goes blank on their next sync.

Apple Watch

If you use the Tolerated Apple Watch app, logs created on your Watch are transferred to your paired iPhone using Apple's WatchConnectivity framework, then sync via iCloud if enabled. Transfers happen directly between your devices and do not pass through any external server.

On-Device AI (AI Enhancements)

If you opt in to AI Enhancements (Settings → More → Preferences → AI Enhancements — off by default), the ingredient scanner uses Apple's Foundation Models framework to help interpret vague ingredient terms ("natural flavourings", industrial codes) when the deterministic dictionary path can't classify them.

This processing happens entirely on device. No prompts, ingredients, or results are sent to any server — not to Apple, not to Anthropic, not to OpenAI, not to Google, not to Cocoacorn.

AI Enhancements only run when the dictionary path is uncertain. The dictionary path always runs first; AI is supplementary.

Photos

If you attach photos to scans, they are stored locally on your device. Photos are included in iCloud sync only if you enable it. Photos are never sent to Cocoacorn or any third party.

In-App Purchases

Tolerated offers optional Tolerated+ features via in-app purchase, processed entirely by Apple through the App Store. We do not receive or store any payment information. Purchase records are managed by Apple in your Apple ID account. Restore Purchases is available in Settings → More → Tolerated+ → Restore.

Backup and Restore

Tolerated allows you to create full backups of your data as a .toleratedbackup file (zip archive containing JSON exports and any photos), stored locally or in iCloud Drive. Backup files are not encrypted by Tolerated — they contain your raw protocol data. You are responsible for the security of backup files you export or share. Automatic backups to iCloud Drive can be enabled in Settings (Tolerated+).

Data Deletion

You can delete all your data at any time via Settings → More → Data → Delete All Data. This permanently removes all protocols, food statuses, challenges, thresholds, symptom logs, scans, and preferences from your device. If iCloud sync is enabled, data is also removed from your iCloud account. Carer Sharing is revoked.

Children's Privacy

Tolerated does not knowingly collect data from children under 13. The app does not collect any data from any user.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted at the URL shown in the App Store listing and reflected in the app.

Contact

If you have questions about this privacy policy, contact us at support@cocoacorn.com or visit https://www.cocoacorn.com/tolerated/support.