Welcome to HealthDecoder. Your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").
1. Information We Collect
1.1 Information You Provide
When you use HealthDecoder, we may collect the following types of information:
- Account Information: Email address and authentication credentials when you create an account
- Health Data: Information you voluntarily log, including food intake, glucose readings, insulin dosages, activities, supplements, medications, and symptoms
- Voice Recordings: Audio recordings when you use voice input to log health events (processed and immediately deleted after transcription)
- Photos: Images you capture of food, nutrition labels, or barcodes for logging purposes
- Fitness Tracker Data: If you connect third-party fitness trackers (Fitbit, WHOOP, Oura), we receive data such as steps, heart rate, sleep patterns, and activity metrics
- Menstrual Cycle Data: If you opt in to cycle-aware health ranges, we collect your cycle status (regular, irregular, or no cycle), last period start date, and estimated cycle length. This data is provided voluntarily and can be deleted at any time.
- Biological Sex and Date of Birth: Used to personalize your health metric reference ranges
1.2 Automatically Collected Information
- Device Information: Device type, operating system, and app version
- Usage Data: How you interact with the app, features used, and session duration
- Log Data: Error logs and diagnostic information to improve app performance
2. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service
- Process and parse your health event entries using AI technology
- Sync data from connected fitness trackers
- Display your health history and insights
- Send important updates about the Service
- Respond to your inquiries and support requests
- Detect and prevent fraud or technical issues
3. Menstrual Cycle Data
Health Decoder offers an optional feature that adjusts your personal health metric ranges based on where you are in your menstrual cycle. If you choose to use this feature, the following commitments apply:
- Purpose limitation: Your cycle data is collected solely to personalize your health metric ranges. It is not used for any other purpose — not for advertising, analytics, profiling, or any use beyond your own health snapshot.
- Never sold or shared: Your cycle data is never sold, shared with third parties, or used for advertising. Period.
- Stays on our infrastructure: Your cycle data is never sent to external APIs. Phase estimation and baseline computation happen entirely on Health Decoder's own infrastructure (Supabase Edge Functions and PostgreSQL). No cycle data leaves our systems.
- Fully deletable: You can turn off cycle tracking at any time in your Profile settings. When you do, all cycle data is deleted — your cycle status, last period date, cycle length, and all period confirmation records are permanently removed. Your health metric baselines are automatically recomputed without cycle phase information.
- Opt-in only: Cycle tracking is never enabled automatically. You must explicitly choose to share your cycle data after seeing your personal health ranges for at least 30 days.
4. Third-Party Services
3.1 AI Processing
We use OpenAI to process voice transcriptions and text inputs to extract structured health data. Your inputs are sent to OpenAI's servers for processing. Please review OpenAI's Privacy Policy for more information.
3.2 Fitness Tracker Integrations
If you connect fitness trackers, we access data through their official APIs:
3.3 Infrastructure
We use Supabase for authentication and data storage. Your data is stored securely on their servers. Please review Supabase's Privacy Policy.
5. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption of data in transit using TLS/SSL
- Secure authentication using industry-standard OAuth 2.0
- Secure storage of authentication tokens
- Row-level security policies for database access
Important: While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Service. You may request deletion of your account and associated data at any time.
When you disconnect a fitness tracker, your synced data is preserved unless you explicitly request its deletion.
7. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your personal data
- Portability: Request your data in a portable format
- Opt-out: Disconnect fitness trackers or delete your account at any time
To exercise these rights, please contact us at the email address below.
8. Children's Privacy
HealthDecoder is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Service, you consent to such transfers.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Service after such modifications constitutes your acceptance of the updated Privacy Policy.
11. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us at:
HealthDecoder
Email: privacy@healthdecoder.app