Privacy Policy

Hummingbird · Effective date: April 24, 2026 · Last updated: April 27, 2026

Short version. Hummingbird is designed to keep your data on your phone. Audio from your microphone, detected pitch, heart-rate data from Bluetooth monitors, and your session history are all processed and stored locally on your device. We do not operate a server that collects, stores, or analyzes any of it.

1. Who this policy applies to

This Privacy Policy describes how Hummingbird (the “app”, “we”, “us”) handles information when you use the Hummingbird mobile application on iOS or Android. It applies to everyone who installs or uses the app.

Hummingbird is published by Spicy Ginger Labs LLC (“the publisher”). If you have questions, contact us at spicy.ginger.labs@gmail.com.

2. On-device by design

Hummingbird is a biofeedback app. The app listens to you hum, detects the pitch of your voice, and — if you have paired one — reads heart-rate and heart-rate-variability (HRV) data from a Bluetooth heart-rate monitor.

All of that processing happens on your phone:

Microphone audio is captured only while a session is active. It is analyzed in memory on your device to estimate pitch. Raw audio is never written to disk and never leaves your phone.
Detected pitch values are used in real time to drive the visual and haptic feedback during a session. They are not transmitted off the device.
Heart-rate and HRV data from a paired Bluetooth monitor are read directly from the device using the standard Bluetooth Heart Rate profile (0x180D). This data is shown to you during a session and summarized afterwards. It is not transmitted off your phone.
Session history, settings, calibration data, and paired-device records are stored locally on your phone using an encrypted-at-rest local database (Hive), inside your app’s private storage.

We do not operate a backend server that receives your audio, your pitch, your heart-rate data, or your session history.

3. Permissions we request

Microphone

Required. Used only while a session is running so the app can hear your hum and show you pitch feedback. When a session ends, microphone capture stops. You can revoke microphone access at any time in your operating system’s settings; if you do, sessions will prompt you to re-grant it.

Bluetooth

Optional. Used only if you choose to pair a Bluetooth heart-rate monitor (for example, a Polar H10, Garmin HRM, or a Whoop strap in broadcast mode). The app scans for, and connects to, devices that advertise the standard heart-rate profile. It does not use Bluetooth for anything else.

WHOOP is a trademark of WHOOP, Inc.; Polar, Garmin, and other vendor names are trademarks of their respective owners. Hummingbird is not affiliated with, endorsed by, or sponsored by WHOOP, Inc. or any other hardware vendor. The app reads heart-rate and R-R interval data only over the standard Bluetooth Heart Rate profile (0x180D); it does not connect to Whoop’s cloud API, your Whoop account, or any vendor server, and it does not receive any data from a vendor’s servers.

Location

On Android, scanning for Bluetooth peripherals may require the operating system to request location permission. Hummingbird does not read, use, store, or transmit your location. The permission exists solely because the Android Bluetooth scanning API is gated on it.

Notifications

Optional. Used only if you explicitly enable reminders in the app.

4. What we do not collect

We do not collect or upload your voice, humming, or any recorded audio.
We do not collect or upload your heart-rate or HRV data.
We do not collect or upload your session history.
We do not require an account, email address, phone number, or login.
We do not use third-party analytics SDKs (for example, Google Analytics, Firebase Analytics, Mixpanel, Amplitude) in the shipped app.
We do not use advertising or ad-tracking SDKs. The app shows no ads.
We do not sell, rent, or share personal information with data brokers. We have none to sell.
We do not use your data to train machine-learning models.

5. Purchases

Hummingbird offers a one-time in-app purchase (“Hummingbird Pro”) that unlocks additional features. Purchases are processed entirely by Apple’s App Store or Google Play Billing, depending on your platform. Those platforms handle the payment, collect any payment details, and return an entitlement receipt to the app.

We receive from Apple or Google only what is needed to verify that the purchase was made — essentially a non-identifying product identifier and transaction status. We do not receive your name, email, billing address, or card details. Apple and Google’s own privacy policies govern how they process your payment.

Apple: apple.com/legal/privacy
Google: policies.google.com/privacy

6. Crash reports and diagnostics

If you have enabled device-level crash reporting or analytics sharing in your iOS or Android settings, the operating system may send anonymized crash and performance information to Apple or Google on our behalf. We do not attach any personal identifiers or session content to these reports. You can turn this off in your device settings (iOS: Settings → Privacy & Security → Analytics & Improvements; Android: Settings → Google → Usage & diagnostics).

7. Backup and export

You own your data. Hummingbird supports two ways to move your data between your own devices:

Manual JSON export / import. From Settings → Backup, you can export a single versioned JSON file containing your session history, settings, and calibration. The file is shared through your operating system’s normal share sheet; where it goes from there is up to you. You can import a previously-exported file on the same or a different device.
OS-level backup. Hummingbird’s local data resides in your app’s private storage, which iOS includes in iCloud device backups and Android includes in Google Drive backups if you have those features enabled. Those backups are controlled and encrypted by Apple / Google under their own privacy policies. Hummingbird does not operate a backup service of its own.

8. Future cloud sync

The app ships with a local “sync queue” that currently performs no network uploads — it is a no-op placeholder. If we ever enable an optional cloud-sync feature in a future version, it will be opt-in, described clearly in-app before you enable it, and documented in an updated version of this policy. Until then, no session data is transmitted from your device by Hummingbird.

9. Children’s privacy

Hummingbird is not directed at children under 13 (or the minimum age defined in your jurisdiction). We do not knowingly collect personal information from children. Because the app does not collect personal information from anyone on a server, there is no children’s data for us to hold or delete.

10. Your rights

Depending on where you live, you may have rights under laws such as the EU / UK GDPR, the California Consumer Privacy Act (CCPA / CPRA), or similar state and national privacy laws. These typically include the right to access, correct, delete, or port personal data that a company holds about you.

Because Hummingbird does not collect personal data on a server, we generally hold no personal data about you to access, correct, delete, or port. The data the app stores lives on your own device and is under your direct control:

Access / portability: Settings → Backup → Export.
Deletion: Settings → Reset all data, or uninstall the app. Both remove all Hummingbird data from your device.

If you still wish to exercise a privacy right or have a question about our handling of information, email spicy.ginger.labs@gmail.com.

11. Security

We rely on the security model of your operating system to protect your data: app-sandboxed private storage, OS-level disk encryption on iOS and Android, and standard OS-mediated access to the microphone and Bluetooth radio. Because the app does not transmit your data to a server, the main risk surface is your device itself. We recommend keeping your device software up to date and using a device passcode or biometric lock.

No method of electronic storage is perfectly secure. We cannot guarantee absolute security.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will change the “Last updated” date at the top of this page. If a change materially affects how your information is handled — for example, if we introduce optional cloud sync — we will make that clear in the app before the change takes effect.

13. Not medical advice

Hummingbird is a wellness and biofeedback app. It is not a medical device and does not diagnose, treat, cure, or prevent any disease. Heart-rate and HRV readings displayed by the app are for personal information only and should not be used to make medical decisions. See the Terms of Service for more.

14. Contact

Questions or concerns about this policy? Email spicy.ginger.labs@gmail.com.