Privacy Policy

Account Information

• Email address (for authentication via Firebase Auth)
• Authentication tokens (managed by Firebase)
• Account creation date
• OAuth provider information (Google or Microsoft, if used for sign-in)

Calendar Data (Optional)

If you choose to connect your Google or Microsoft/Outlook calendar:

• Calendar event names, times, and details/descriptions (read-only access)
• This data is processed locally on your device and is never stored on our servers
• We only access calendar events to personalize audiovisual stimulation for your meetings and tasks
• Event details help us understand the context (e.g., "client meeting" vs "deep work") to optimize your cognitive support
• You can disconnect calendar access at any time from your account settings

Biometric Data — Adaptive Mode (Optional)

If you choose to enable Adaptive Mode, Vayl uses your device's camera to track eye movements and facial landmarks in order to detect your attention state (e.g., focused, drifting, fatigued) and automatically adjust stimulation in real time. This feature requires your explicit consent before activation.

What is collected:

• Derived attention metrics — engagement, overload, and fatigue scores (numerical values between 0 and 1), classified attention state, detection confidence, and raw eye metrics (blink rate, fixation stability, pupil diameter)
• Stimulus-response logs — which setting adjustments were made in response to each attention state, along with before/after settings snapshots, so the system can learn which adjustments work best for you
• Outcome measurements — your attention state 30, 60, and 90 seconds after each adjustment, used to evaluate whether the adjustment was effective

What is NOT collected:

• Raw camera images or video frames are never stored or transmitted — they are processed in real time by an on-device model (MediaPipe) and immediately discarded
• No photographs, facial images, or facial geometry are retained
• No biometric templates or identifiers that could be used to identify you are created or stored

How it is stored and what may transmit:

• All biometric event logs are encrypted at rest using AES encryption with a key derived from your specific machine, meaning the data can only be read on the device that created it
• Logs are stored locally in monthly files and automatically deleted after 6 months
• A local analytics summary stores only semantic labels (e.g., "deep focus" or "drifting") — not raw eye metrics — for your personal session dashboard. This summary contains no raw biometric values and is automatically deleted after 90 days
• A separate "learned profile" (containing only tuning numbers — not biometric data) is stored unencrypted locally for personalization
• You can delete all biometric data at any time from the Adaptive Mode settings in the app
• No biometric or attention data ever leaves your device. Raw eye metrics (blink rate, fixation stability, pupil diameter, gaze coordinates) and derived attention abstractions (classified attention state, engagement, overload, fatigue, confidence) are kept on your computer. They are never transmitted to our servers, to OpenAI, or to any other third party.
• If you choose to enable the local Context API (described below), tools running on your own computer can read derived attention abstractions through a localhost-only HTTP server using a key you generate. Even in this case, no data is transmitted off your device.

OS Activity Data — Context Sensing (Optional)

If you choose to enable OS Context Sensing, Vayl monitors certain system-level behavioral patterns to infer your cognitive state (e.g., deep focus vs. task-switching) and tailor stimulation accordingly. This feature requires your explicit consent before activation.

What is collected on your device:

• Keyboard timing metadata — typing velocity, inter-key intervals, pause frequency, dwell time, and error rate (computed from backspace usage). We capture only timing patterns, never the content of your keystrokes
• Mouse dynamics — cursor velocity, movement efficiency, click rate, scroll rate, and idle time
• Active application name and window title — the name of the foreground application (e.g., "Visual Studio Code") and its window title (e.g., "report.docx — Word") are read by Vayl for local task-type classification (deep work vs. communication vs. browsing). Window titles are used only on your device to label the local task context — see "How it is stored and what may transmit" below for what does and does not leave your computer
• System context — time of day, session duration, and idle/lock events

What is NOT collected, ever:

• Keystroke content — we never record what you type
• Screen content, screenshots, or pixel data
• Clipboard content
• Network traffic or browsing history
• Files, file contents, or directory listings

How it is stored and what may transmit:

• OS activity data is processed locally in real time and used to compute a cognitive state score (focus, fatigue, stress, engagement, wandering, confidence — each a number between 0 and 1 — plus a task-type label such as "analytical" or "creative")
• Raw activity data (keyboard timing values, cursor positions, window titles) is retained only in short rolling windows (approximately 15 seconds) and then discarded
• A local analytics summary stores categorical labels derived from your activity (e.g., app category, stress level, context-switching frequency) for your personal session dashboard. This summary contains no raw behavioral data, no typing patterns, no cursor positions, no specific app names, and no window titles. It is automatically deleted after 90 days
• You can delete all OS activity data at any time and disable the feature independently of other settings
• No OS activity data ever leaves your device. Raw keyboard timing values, raw mouse dynamics, the active application name, window titles, and the derived cognitive state scores are all kept on your computer. They are never transmitted to our servers, to OpenAI, or to any other third party.
• If you choose to enable the local Context API (described below), tools running on your own computer can read derived cognitive state scores and a task-type label through a localhost-only HTTP server using a key you generate. Raw keyboard timing, raw mouse dynamics, window titles, and specific application names are not exposed through that interface. Even in this case, no data is transmitted off your device.

Microphone — Music Coherence (Optional)

If you choose to enable the Music Coherence feature, Vayl listens to ambient sound from your device's microphone (or, on macOS, optionally from system audio) in order to detect the musical key and tempo of music playing in your environment, and to gently align Vayl's stimulation parameters to that music. This feature requires your explicit consent and the operating system's microphone permission before it can be activated.

What is collected:

• Derived musical features — a chroma vector representing pitch energy across the twelve musical notes, an estimated tempo in beats per minute, and a confidence value indicating how locked-on the detection is

What is NOT collected, stored, or transmitted:

• Audio recordings, audio waveforms, or audio samples — the microphone input is processed in real time by an on-device signal-processing pipeline and immediately discarded
• Voice content, speech, conversations, or any sound other than what is needed to estimate key and tempo
• Identifying information about which song is playing — Music Coherence does not perform song recognition and does not contact any external music database

How it is processed:

• All processing happens on your device. No microphone data, derived musical features, or audio of any kind is ever transmitted to our servers, OpenAI, or any other third party
• Music Coherence can be turned on or off at any time from the Music Coherence card in the app. Turning it off immediately stops microphone access and discards all in-memory features
• If you revoke microphone permission at the operating system level, Music Coherence stops automatically

Hesper — In-App Companion (Optional)

Hesper is Vayl's optional in-app conversational companion, presented as a small chat panel on the home view. When you send Hesper a message, the message — together with a snapshot of your current cognitive state — is transmitted to OpenAI for processing, and OpenAI's response is shown to you. Hesper is powered by OpenAI's GPT family of models (currently gpt-5.4-mini).

What is sent to OpenAI on each message:

• The most recent portion of your conversation with Hesper — up to the last 50 messages, comprising only the role (you or Hesper) and the message text
• A system prompt describing Hesper's role and tone
• A "runtime context" block appended to your most recent message, containing: a snapshot of your current cognitive state (focus, fatigue, stress, engagement, attention state, energy, interruptibility), a categorical work-context label (e.g., "development", "communication"), the AVS state in use, and — only if you have enabled Context API and Context History — a summary of the past 60 minutes of cognitive state distribution and transitions

What is NOT sent to OpenAI:

• Raw eye-tracking metrics (blink rate, fixation stability, pupil diameter, gaze coordinates)
• Raw keyboard or mouse timing values
• Window titles, URLs, file names, or specific application names
• Microphone audio or derived musical features
• Your email address, account credentials, or payment information

Settings changes proposed by Hesper:

Hesper can suggest specific Vayl settings adjustments — such as carrier frequency, envelope frequency, intensity, or audio volume — and present them to you as a "proposal card" inside the chat. You apply or undo each proposal with a single click. Hesper is restricted to a fixed allowlist of settings keys and cannot read or write any other part of your account, your data, or your computer. Proposed changes are not applied silently or automatically.

How Hesper conversations are stored:

• Your chat history with Hesper is stored locally in your browser (the app's renderer process), not on our servers
• You can clear your chat history at any time from inside the Hesper panel
• Per OpenAI's API terms, requests sent through OpenAI's API are not used to train OpenAI's models
• OpenAI may retain API request data for a limited period for abuse monitoring; their data handling is governed by OpenAI's own privacy policy
• If you do not wish to send any data to OpenAI through Hesper, simply do not use the Hesper panel

Local Context API (Optional)

The Context API is an optional, fully local feature that lets tools running on your own computer — for example, a desktop AI assistant, a personal automation, or a script you've written — read your current Vayl state. It runs as a small HTTP server on 127.0.0.1 (localhost) inside the Vayl app and is not reachable from the network. It is off by default and is enabled from Settings → Context API → Enable Context API.

How authorization works:

• You generate one or more API keys from inside the Vayl app. Keys are stored encrypted on your device using your operating system's secure-storage facility
• You hand a key to the local tool that needs access. Without a valid key, requests to the local Context API are rejected with a 401 response
• You can revoke any key at any time from Context API settings, which immediately prevents the corresponding tool from reading further state

What an authorized local tool can read:

• A semantic snapshot of your current state — categorical labels such as "deep_focus", "high stress", "low interruptibility", and an app-category label like "development" — together with the AVS configuration in use
• Optionally, if you also enable Context History, a recent rolling window of the same kind of semantic snapshots

What no tool can read, even with a key:

• Camera frames, microphone audio, or any image / audio data
• Raw eye-tracking metrics, raw keyboard timing values, or raw mouse dynamics
• Window titles, URLs, file names, document content, or specific application names
• Your account email, credentials, or payment information
• Your chat history with Hesper

No off-device transmission:

• The Context API does not transmit anything off your device. The local server only responds to requests from programs running on the same computer; it does not call out to our servers, to OpenAI, or to any other third party
• What an authorized local tool then does with the data it reads is up to that tool. If you authorize a tool that sends data to a third-party service, that transmission is governed by that tool's own privacy policy, not Vayl's
• Turning the Enable Context API toggle off immediately stops the local server. Disabling Context History additionally purges the local history store

Usage Data

• App preferences and settings
• Session information (when you use the app)
• Feature usage analytics (which effects you use)

Payment Information

Payment processing is handled entirely by Stripe. We don't store credit card numbers or payment details on our servers. We only receive:

• Subscription status
• Customer ID from Stripe
• Transaction confirmations

• Authentication: To sign you in and maintain your session
• Service Delivery: To provide and improve Vayl's audiovisual entrainment features
• Personalization: To learn which stimulation adjustments work best for your individual cognitive patterns, using locally stored biometric and behavioral data
• Personal Analytics: To provide you with a local session dashboard showing aggregate trends in your attention, energy, and stress patterns over time — using only semantic summaries (e.g., "deep focus", "high energy"), not raw biometric or behavioral data
• AI-Assisted Configuration: To generate optimized stimulation parameters based on your selected goals, using third-party AI services (see below)
• Hesper (Companion): To respond to your messages to Hesper using the data described in the "Hesper" section above, and to render Hesper's settings proposals as one-click apply/undo cards in the chat
• Local Context API (if you enable it): To expose an abstracted, semantic view of your current state to tools running on your own computer that you have authorized with a key you generate. The Context API does not transmit data off your device
• Customer Support: To respond to your inquiries and requests
• Analytics: To understand how users interact with our app and improve it
• Legal Compliance: To comply with applicable laws and regulations

Your data is stored securely using industry-standard practices:

• Local Encryption: Biometric event logs and OS activity adaptation logs are encrypted at rest on your device using AES encryption with a machine-derived key. This data cannot be read on any other device
• Firebase Security: Account and cloud-synced data uses Firebase authentication and security rules
• Encryption in Transit: All network communication uses HTTPS/TLS encryption
• Local Retention: Biometric and OS activity adaptation logs on your device are automatically deleted after 6 months. Local analytics dashboard summaries (containing only semantic labels, not raw data) are automatically deleted after 90 days
• Local API Key Storage: Context API keys you generate are stored encrypted on your device using your operating system's secure-storage facility. Keys can be rotated or revoked at any time from inside the app
• Access Control: Strict access controls and authentication requirements for all cloud services Vayl uses (e.g., Firebase, Stripe). Vayl does not operate a server that receives or stores your sensing data
• Regular Updates: We keep our security measures up to date

We use the following third-party services in connection with Vayl:

• Firebase (Google): Authentication, database, and analytics
• Stripe: Payment processing (PCI-compliant)
• OpenAI: Used for two distinct purposes, each governed by OpenAI's own privacy policy and API terms. Per OpenAI's API terms, requests sent through OpenAI's API are not used to train OpenAI's models.
  • AI-assisted stimulation parameter generation: when you ask Vayl to generate a session configuration from a goal, your selected session goals and preferences are sent to OpenAI. No biometric data, OS activity data, microphone data, or personal account information is sent for this purpose
  • Hesper (in-app companion): when you send Hesper a message, your recent chat history with Hesper and a runtime context block (cognitive state snapshot and, if Context History is enabled, a 60-minute summary) are sent to OpenAI. The exact contents are described in the "Hesper" section above. Raw biometric metrics, raw keyboard/mouse timing, window titles, app names, microphone data, and camera data are not sent
• Vercel: Website hosting and performance analytics
• Google OAuth: Optional sign-in and calendar access (if you choose to connect)
• Microsoft OAuth: Optional sign-in and Outlook calendar access (if you choose to connect)
• MediaPipe (Google): On-device face landmark detection for Adaptive Mode. This library runs entirely on your device — no data is sent to Google

Each service has its own privacy policy and security standards. We only share the minimum necessary data with these services to provide Vayl's functionality. Camera frames, microphone audio, raw and derived biometric metrics, raw and derived OS activity data, window titles, and active application names are never shared with any third party — including Halotropic, Inc.

Vayl does not operate a server that receives, stores, or processes your sensing data. Halotropic, Inc. does not have access to your biometric or behavioral data.

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct your information
• Deletion: Request deletion of your account and data, including all locally stored biometric and OS activity data
• Portability: Receive your data in a machine-readable format
• Per-feature opt-out: Each optional sensing feature can be turned off independently from the app's settings, and each is off by default. The relevant toggles are:
  • Adaptive Mode (camera / eye tracking) — stops camera access and eye-state collection
  • OS Context Sensing — stops keyboard, mouse, and active-app monitoring
  • Music Coherence — stops microphone access
  • Context API (Settings → Context API → Enable Context API) — stops the local HTTP server. When off, no local tool can read your state through the Context API. Context History is a separate toggle that, when off, prevents the local Context API from exposing recent history
  • Hesper — Hesper sends data to OpenAI only when you actively send it a message; not using the Hesper panel means no Hesper data is transmitted
• Consent Withdrawal: Withdraw your consent for biometric data collection, OS activity sensing, microphone access, Hesper, or Context API at any time, without affecting the core functionality of Vayl. Disabling a feature immediately stops the corresponding data collection, and you will be offered the option to delete all previously collected data
• Local API Key Revocation: Revoke any Context API key you have generated at any time from Context API settings, immediately preventing the corresponding local tool from reading further state

Geographic Availability of Sensing Features

Jurisdiction-Specific Rights

Depending on where you are located, you may have additional rights:

• Illinois (BIPA): Sensing features are not offered to users located in Illinois. Vayl will prevent you from enabling Adaptive Mode, Activity Sensing, and Smart Sensing if your detected location is Illinois
• Washington (MHMDA): Sensing features are not offered to users located in Washington because cognitive-state inferences derived by Vayl fall within Washington's definition of "consumer health data"
• California (CCPA/CPRA): You have the right to know what personal information is collected, to request its deletion, and to opt out of its sale. Vayl does not sell personal information to third parties. Sensing features are available to California users subject to the consent flows described above
• Other U.S. states with comprehensive privacy laws (including Colorado, Connecticut, Virginia, Oregon, Texas, Utah): You have rights to access, correct, delete, and obtain a portable copy of your personal information, and to opt out of targeted advertising and certain profiling. Vayl does not engage in targeted advertising and does not transmit sensing data off your device
• Users located outside the United States (including but not limited to the European Union, European Economic Area, United Kingdom, Switzerland, China, Brazil, India, South Korea, Japan, Canada, and Australia): Sensing features are not currently offered. We will expand availability to additional jurisdictions only after we operate the controller-side machinery each regime requires. Non-sensing features of Vayl remain available; account-related rights under your local data-protection law (access, correction, deletion, portability, withdrawal of consent) are honored for account data we hold regardless of where you are located

We use essential cookies for authentication and analytics cookies to improve our service. For detailed information, please see our Cookie Policy.

Children's Privacy

Vayl is not intended for use by children under the age of 16. We do not knowingly collect personal information, biometric data, or behavioral data from children under 16. If you believe a child under 16 has provided us with personal information, please contact us and we will delete the data promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. If we make material changes to how we handle biometric or behavioral data, we will request your consent again before continuing to collect such data under the new terms.

Contact Us

If you have questions about this Privacy Policy, how we handle your data, or wish to exercise any of your rights described above, please contact us at:

Email: privacy@getvayl.com
Address: 8 The Green, Suite D, Dover, Delaware 19901, USA