Skip to content
Your Privacy Matters

Privacy Policy

Last updated: January 15, 2025

Our Commitment

Your health data is sensitive and personal. HealthKit is committed to protecting your privacy with industry-leading security measures, transparent data practices, and giving you full control over your information.

1. Information We Collect

We collect information you provide directly and data from your connected devices:

Account Information

  • Name, email address, and profile information
  • Date of birth, gender, height, and weight (for accurate calculations)
  • Payment information (processed securely by Stripe)

Health & Fitness Data

  • Workout history, activity levels, and exercise metrics
  • Heart rate, sleep patterns, and vital signs from wearables
  • Nutrition logs, calorie intake, and dietary preferences
  • Mindfulness sessions and stress levels

Device Information

  • Device type, operating system, and app version
  • Connected wearable devices and sync timestamps
  • Location data (only during workouts, if enabled)

2. How We Use Your Information

Your data is used exclusively to provide and improve our services:

Core Services

  • • Track your health metrics
  • • Generate personalized insights
  • • Sync data across devices
  • • Provide coaching recommendations

Improvements

  • • Enhance AI algorithms
  • • Fix bugs and issues
  • • Develop new features
  • • Conduct anonymized research

3. Data Security

We implement industry-leading security measures:

End-to-End Encryption

All health data is encrypted in transit (TLS 1.3) and at rest (AES-256).

SOC 2 Type II Certified

Independently audited security controls and processes.

HIPAA Compliant

Meeting healthcare industry privacy and security standards.

4. Data Sharing

We never sell your health data. We only share data in these limited circumstances:

  • With your consent: When you choose to share with coaches, healthcare providers, or friends
  • Service providers: Trusted partners who help us operate (hosting, analytics) under strict agreements
  • Legal requirements: When required by law or to protect safety
  • Anonymized research: Aggregated, de-identified data to improve health outcomes (opt-out available)

5. Your Rights & Controls

You have full control over your health data:

Download Data

Export all your health data in standard formats (JSON, CSV).

Delete Data

Permanently delete your account and all associated data.

Correct Data

Update or correct any inaccurate personal information.

Opt Out

Control marketing communications and data research participation.

6. Data Retention

We retain your data only as long as necessary:

  • Active accounts: Data retained while your account is active
  • Deleted accounts: Data permanently deleted within 30 days
  • Backup systems: Removed from backups within 90 days
  • Legal holds: May be retained longer if required by law

7. Children's Privacy

HealthKit is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately.

8. International Users

HealthKit operates globally. Your data may be processed in:

  • United States (primary data centers)
  • European Union (for EU users, GDPR compliant)
  • Standard contractual clauses for international transfers

9. Changes to This Policy

We may update this policy periodically. We'll notify you of significant changes via email or in-app notification. Continued use after changes constitutes acceptance.

10. Contact Us

Questions about your privacy? Reach out:

Email: privacy@healthkit.com

Data Protection Officer: dpo@healthkit.com

Mail: HealthKit Privacy Team, 100 Health Street, San Francisco, CA 94102