Privacy Policy

Introduction

Welcome to Healfie ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App").

This Privacy Policy complies with the General Data Protection Regulation (GDPR) and other applicable EU data protection laws.

Data Controller

Healfie is the data controller responsible for your personal data. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us using the details set out at the end of this document.

Information We Collect

Health and Fitness Data

With your explicit consent, we collect health and fitness data from Apple HealthKit, including:

• Heart rate and heart rate variability (HRV)
• Sleep metrics
• Respiratory rate
• Activity and workout data
• VO2 max measurements

User-Provided Information

• Account information (if you create an account)
• Feedback and correspondence
• App preferences and settings

Automatically Collected Information

• Device information (model, operating system)
• App usage statistics
• Crash reports and performance data
• Error tracking and performance monitoring data via Sentry
• Analytics data via PostHog (EU Cloud)

Legal Basis for Processing

We process your personal data on the following legal bases:

• Consent: For health data and optional features
• Legitimate Interest: For app functionality, security, and improvement, including the use of Sentry for error tracking and PostHog (EU Cloud) for analytics
• Contract: To provide you with our services as requested
• Legal Obligation: To comply with applicable laws

How We Use Your Information

We use your information to:

• Provide and improve our health monitoring services
• Generate personalized insights and recommendations
• Analyze trends and patterns in your health data
• Enhance app functionality and user experience
• Troubleshoot technical issues

Analytics and Error Tracking

We use the following third-party services to help us improve our App:

• Sentry: We use Sentry for error tracking and performance monitoring. This helps us identify and fix technical issues quickly. Sentry collects information about errors that occur in our App, including device information and actions that led to the error.
• PostHog (EU Cloud): We use PostHog for analytics to understand how users interact with our App. PostHog is hosted in the European Union, ensuring compliance with GDPR. The analytics data helps us improve user experience and App functionality.

Both services process data in accordance with GDPR requirements, and we have data processing agreements in place. No personally identifiable information is shared with these services unless necessary for error resolution.

HealthKit Data Usage

In accordance with Apple's requirements:

• We access HealthKit data solely to provide health and fitness services within our App
• We NEVER sell your HealthKit data to advertising platforms, data brokers, or information resellers
• We NEVER use HealthKit data for advertising, marketing, or other data-mining purposes unrelated to improving health, fitness, or medical research

Data Storage and Security

• Your health data is stored locally on your device and, if you enable it, in encrypted form in our secure database
• We implement appropriate technical and organizational measures to protect your personal information
• All data transmissions between your device and our servers use industry-standard encryption
• Our servers are located within the European Union

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. You can request deletion of your data at any time.

Data Sharing

We do not share your personal information with third parties except:

• With your explicit consent
• To comply with legal obligations
• To protect our rights or the safety of users
• With service providers who assist us in operating our App (under strict data processing agreements)
• With Sentry for error tracking and PostHog (EU Cloud) for analytics, as described in the Analytics and Error Tracking section

All third-party service providers are required to take appropriate security measures to protect your personal information and are only permitted to process your data for specific purposes in accordance with our instructions.

AI Health Coach and Data Processing

Our App includes a 24/7 AI Health Coach powered by artificial intelligence technology from Anthropic (Claude). When you use this feature:

• Data Shared with AI: We share your health data and conversation context with Anthropic to generate personalized health insights and recommendations. This includes health metrics (heart rate, HRV, sleep data), biomarkers, activity logs, and other health-related information you provide or that is collected through the App.
• Purpose of Processing: This data sharing is necessary to provide you with personalized AI-powered health coaching through natural language interactions.
• Technical Implementation: Your health data is transmitted to Anthropic's AI systems using secure, encrypted connections.
• Data Retention: Anthropic may retain conversation logs and health data for a limited period to improve their AI model's accuracy and effectiveness. This retention is governed by our data processing agreement with Anthropic.
• Legal Basis: The legal basis for this processing is your consent, as well as the necessity to perform our contract with you in providing the AI health coaching service.

When you interact with the AI Health Coach, you are instructing us to share relevant health information with Anthropic's AI system to generate appropriate responses and health insights. While we have strong data processing agreements in place with Anthropic, please be aware that using the AI Health Coach feature involves transferring your health data to a third-party AI service.

By using the AI Health Coach feature, you explicitly consent to the sharing of your health data with Anthropic's AI systems. If you do not wish to share your health data with our AI service provider, you should not use the AI Health Coach feature.

Your GDPR Rights

Under the GDPR, you have the following rights:

• Right to access: You can request copies of your personal data
• Right to rectification: You can request correction of inaccurate data
• Right to erasure: You can request deletion of your data
• Right to restrict processing: You can request we limit the processing of your data
• Right to data portability: You can request transfer of your data
• Right to object: You can object to our processing of your data
• Rights related to automated decision-making: You can request human intervention for decisions based solely on automated processing

To exercise any of these rights, please contact us using the details below.

Age Restriction

Our App is intended for users 18 years and older. We do not knowingly collect personal information from anyone under 18 years of age. If we become aware that a person under 18 has provided us with personal data, we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, and, where appropriate, notifying you via email or within the App.

Data Protection Officer

Our Data Protection Officer can be contacted at:
Email: info@healfie.xyz

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:
Email: info@healfie.xyz

Complaints

You have the right to make a complaint at any time to your local data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.