Harmony

1) Scope

This policy explains how we process data through the Harmony App when it is used inside ChatGPT. Harmony provides a short guided breathing experience through a widget and an MCP tool named breathe. This policy covers our processing through the App, its MCP server, widget, and supporting hosting systems. It does not replace OpenAI's policies for ChatGPT platform processing.

2) Data categories, purposes, recipients, retention, and controls

2.1 Tool input and output data

What: Optional breathing configuration values passed to breathe: breathDuration and numberOfBreaths. The tool returns those same fields as structured output for the widget. The current tool contract does not request names, contact details, payment data, location data, audio, video, contacts, or free-form text.
Why: To configure the pace and length of the guided breathing session and render the widget with the requested settings.
Recipients: Our MCP server, OpenAI/ChatGPT as part of the tool invocation flow, and hosting/infrastructure providers acting on our behalf.
Retention by us: We do not use a separate application database to store breathing-session configurations. Tool inputs and outputs are processed to return the response and may appear in limited operational logs as described in section 2.3.
Your controls: You can use the App without providing either optional value, rely on defaults, stop using the App at any time, and avoid sharing sensitive information in the surrounding chat.

2.2 In-session widget runtime data

What: Temporary in-session widget state such as the selected breath length and count, breathing phase, progress, whether the session is running, and when a session is complete. The current widget also reads locale and theme information from the ChatGPT runtime and may read device/browser accessibility signals such as reduced motion preferences. If supported by your device, the widget may trigger local vibration cues through navigator.vibrate.
Why: To display the widget in the right language and theme, respect accessibility settings, animate the breathing exercise, and optionally provide local haptic guidance.
Recipients: Primarily the ChatGPT/widget runtime in your session. Under the current app code, this local runtime state is not intentionally sent back to our MCP server unless it later becomes part of a new tool invocation or a support request you send us.
Retention by us: We do not intentionally store this session state in a separate app database. It is intended to exist only during the active session.
Your controls: You can start or stop the session whenever you want, adjust breath settings in the widget, and use your device or browser settings to control vibration or reduced-motion behavior.

2.3 Technical delivery data and operational logs

What: Limited technical data generated when delivering the App and widget assets, such as IP address, user agent, URL path, timestamp, response status, and request duration. Our MCP server also fetches widget HTML from our hosted widget assets domain, and standard hosting/infrastructure logs may record those requests. If debugging or reliability tooling is enabled in deployment, log records can include the tool name and tool input values listed in section 2.1.
Why: Security, abuse prevention, service reliability, troubleshooting, and incident response.
Recipients: Our hosting, CDN, and infrastructure providers acting on our behalf, plus personnel who need access for operational or security purposes.
Retention: We aim to minimize these logs and retain them for no longer than 30 days unless a longer period is reasonably necessary for a security investigation, abuse review, or legal obligation.
Your controls: Network and access-log data are generally required to deliver web content, but you can choose whether to invoke the App and avoid including unnecessary information in tool-related prompts.

2.4 Contact communications

What: Information you send if you contact us, such as your email address and the contents of your message.
Why: To respond to privacy, legal, or support requests and maintain a record of the request.
Recipients: Our email and support providers acting on our behalf.
Retention: Up to 24 months after final resolution unless we need to keep it longer to comply with law or resolve disputes.
Your controls: You can choose how much information to include in your message and may ask us to delete data we still hold, subject to legal limits.

3) What we do not do

• No account creation in this App.
• No requirement to provide names, email addresses, or other direct identifiers to use the current breathe tool.
• No sale of personal information.
• No advertising SDKs, no advertising profiling, and no intentional third-party analytics trackers in the current widget.
• No microphone, camera, contacts, precise location, or payment collection through the current App.
• No third-party wellness-content API calls to generate the breathing exercise outside the ChatGPT/OpenAI runtime and our own hosting providers.

4) Cookies and similar technologies

We do not intentionally set advertising or cross-site analytics cookies through this App. ChatGPT/OpenAI, your browser, and our hosting providers may use their own operational cookies or similar technologies for platform operation and web delivery; those uses are governed by their own policies.

5) Sharing and disclosure

We do not sell personal information. We may disclose data only as necessary to:

• Operate, host, and secure the App through service providers such as hosting, CDN, infrastructure, and email providers.
• Comply with law, regulation, legal process, or enforceable government request.
• Protect the rights, safety, and security of users, us, and the service.

6) User rights and controls

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or object to processing of personal data we hold.

To exercise rights, contact privacy.widgets@olutely.com. We may need to verify your identity before fulfilling a request.

Because Harmony runs inside ChatGPT, you can also manage conversation and account data through OpenAI controls. OpenAI's privacy policy: https://openai.com/policies/privacy-policy.

7) International processing

The App may be accessed globally, and data may be processed in countries where we or our service providers operate. Where required, we use appropriate safeguards for international data transfers.

8) Security

We implement reasonable technical and organizational safeguards designed to protect data processed through the App. No system can guarantee absolute security.

9) Children's privacy

The App is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children.

10) ChatGPT / OpenAI platform notice

OpenAI independently processes chat content, account data, platform telemetry, and some widget runtime data under its own terms and privacy practices. This policy only describes Spheric Admin Ltd's processing through Harmony.

11) Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the effective date above so the policy continues to reflect the App's current tool inputs and outputs.

12) Contact

Questions about this policy or App privacy practices: privacy.widgets@olutely.com (Spheric Admin Ltd).