Health Data Privacy Notice
Effective Date: December 18, 2025 | Version: 1.0
About This Notice
This Health Data Privacy Notice explains how Selfbit collects, uses, and protects your health information through Apple HealthKit integration. This notice is separate from our general Privacy Policy and specifically addresses health data handling as required by Apple App Store guidelines and healthcare privacy regulations.
Important
By granting health data permissions, you acknowledge that you have read and understood this notice. You can revoke these permissions at any time through your device settings.
Health Data We Collect
When you grant permission, we may collect the following health data types from Apple HealthKit:
Fitness & Activity Data
- Step Count: Daily steps taken for activity correlation analysis
- Distance Walked/Run: Movement patterns for habit timing optimization
- Calories Burned: Energy expenditure for habit intensity recommendations
- Active Energy: Exercise energy for workout habit correlation
- Flights Climbed: Daily elevation gain for activity level assessment
- Exercise Minutes: Workout duration for habit scheduling analysis
- Stand Hours: Standing activity for movement habit tracking
Vital Signs & Health Metrics
- Heart Rate: Resting and active heart rate for stress level assessment
- Heart Rate Variability (HRV): Recovery state for habit intensity guidance
- Blood Pressure: Cardiovascular health for exercise habit safety
- Respiratory Rate: Breathing patterns for meditation habit correlation
- Body Temperature: Health status for habit difficulty adjustment
Sleep & Recovery Data
- Sleep Duration: Total sleep time for habit energy prediction
- Sleep Quality: Sleep efficiency for morning habit recommendations
- Time in Bed: Sleep behavior patterns for schedule optimization
- Sleep Stages: Deep/REM sleep for recovery-based habit suggestions
Body Measurements
- Weight: Body composition trends for fitness habit tracking
- Height: BMI calculation for health goal alignment
- Body Mass Index (BMI): Health status for habit personalization
- Body Fat Percentage: Fitness progress for workout habit optimization
- Lean Body Mass: Muscle development for strength habit tracking
Advanced Health Metrics
- VO2 Max: Cardiovascular fitness for workout intensity guidance
- Blood Glucose: Blood sugar levels for energy management habits
- Blood Oxygen: Oxygen saturation for respiratory health monitoring
Google Fit Data (Android)
- Activity Recognition: Automatic detection of activities for habit tracking
- Speed/Power Metrics: Athletic performance data for workout optimization
- Workout Routes: Location samples during workouts for route-based habits
Mental Health & Mindfulness
- Mindfulness Minutes: Meditation practice for stress management habits
- Mood Tracking: Emotional state for habit motivation optimization
How We Use Your Health Data
We use your health information exclusively for the following purposes:
1. Habit-Health Correlation Analysis
Purpose: Analyze relationships between your health metrics and habit success rates
"Your workout completion is 65% higher with 7+ hours of sleep"
2. Personalized Habit Recommendations
Purpose: Generate custom habit suggestions based on your current health status
"Consider a lighter workout today - your HRV indicates lower recovery"
3. Optimal Timing Predictions
Purpose: Identify the best times for different habits based on your health patterns
"Your meditation habit succeeds 80% more when scheduled after 6 PM"
4. Energy Level Assessment
Purpose: Predict your daily energy availability for habit planning
"High energy day predicted - perfect for challenging workouts"
5. Recovery State Monitoring
Purpose: Determine when you need rest versus active habit engagement
"Consider a rest day - your sleep quality was below 6/10"
6. Health Goal Integration
Purpose: Align your habits with your overall health and fitness goals
"Your strength habits are contributing to a 5% increase in lean body mass"
How We Protect Your Health Data
Your health information receives the highest level of protection:
Military-Grade Encryption
- At Rest: All health data is encrypted using AES-256-GCM encryption
- In Transit: TLS 1.2+ encryption for all data transmission
- Key Management: Rotating encryption keys with hardware security modules
HIPAA Compliance Standards
- Access Controls: Only authorized personnel can access health data systems
- Audit Logging: Complete access trail maintained for 7 years
- Data Minimization: We only collect health data necessary for habit correlation
- Breach Protection: Immediate notification and remediation procedures
Database Security
- Row Level Security (RLS): Your health data is isolated at the database level
- Multi-Factor Authentication: All system access requires multiple authentication factors
- Regular Security Audits: Security code reviews and vulnerability assessments; penetration testing scheduled prior to major releases
- Backup Encryption: All data backups are encrypted with separate keys
Privacy by Design
- Data Isolation: Your health data cannot be accessed by other users
- Anonymization: Data used for analytics is anonymized and aggregated
- Minimal Collection: We only request health data types essential for our features
- Purpose Limitation: Health data is used only for the purposes stated in this notice
Data Sharing and Third Parties
We NEVER Share Your Health Data With:
- Advertising companies or marketers
- Insurance companies or employers
- Social media platforms or data brokers
- Government agencies (except as required by law)
- Third-party analytics companies
- Any company for commercial purposes
Limited Sharing Only For:
- Technical Service Providers: Only encrypted data for infrastructure support (AWS, Supabase)
- Legal Requirements: Only if compelled by valid legal process
- Emergency Situations: Only to prevent imminent harm with your explicit consent
- Your Explicit Consent: Only when you specifically authorize sharing
Data Retention and Storage
Retention Period
- Active Account: Health data retained while your account is active
- Account Deletion: Health data permanently deleted within 30 days
- HIPAA Compliance: Audit logs retained for 7 years as required by law
- Legal Requirements: Some data may be retained longer if required by legal obligations
Storage Location
- Primary Storage: Encrypted databases in secure data centers (US/EU)
- Backup Storage: Encrypted backups in geographically distributed locations
- No International Transfers: Health data remains in your region when possible
Secure Deletion
- Secure Deletion: Platform-native security controls with encryption key destruction
- Physical Destruction: Storage media physically destroyed at end of life
- Verification: Deletion verified through security audits
Your Rights and Control
Permission Control
- Granular Permissions: Choose exactly which health data types to share
- Easy Revocation: Revoke permissions anytime in iOS Settings > Privacy & Security > Health
- Immediate Effect: Permission changes take effect immediately
- No Penalties: No loss of app functionality for limiting health data access
Data Access Rights
- View Your Data: Access all health data we've collected about you
- Data Export: Download your health data in portable formats (JSON, CSV)
- Correction Rights: Request correction of inaccurate health data
- Usage Reports: See how your health data has been used
GDPR Rights (EU Users)
- Right to Access: Request a copy of all your health data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your health data
- Right to Data Portability: Export your data in machine-readable format
- Right to Object: Object to specific uses of your health data
How to Exercise Your Rights
- In-App: Use Privacy Settings > Health Data Management
- Email: Contact privacy@mitikasha.com with your request
- Response Time: We respond within 30 days (7 days for urgent requests)
- Identity Verification: We may verify your identity for security purposes
When We DON'T Collect Health Data
We do not collect health data when:
- You haven't granted HealthKit permissions
- You've revoked HealthKit permissions
- The app is running in background without explicit consent
- You're using app features that don't require health data
- Your device doesn't support HealthKit
You can use most app features without granting health data permissions. Health data integration is entirely optional and designed to enhance your experience.
Health Data Categories and Purposes
| Health Data Type | Primary Purpose | Secondary Purpose |
|---|---|---|
| Sleep Duration | Habit energy prediction | Sleep habit optimization |
| Heart Rate | Stress level assessment | Exercise intensity guidance |
| Step Count | Activity correlation | Movement habit tracking |
| HRV | Recovery state monitoring | Stress management habits |
| Weight | Fitness goal alignment | Health trend tracking |
| Blood Pressure | Exercise safety checks | Health risk awareness |
| VO2 Max | Cardiovascular fitness tracking | Workout intensity guidance |
| Blood Glucose/Oxygen | Health status monitoring | Energy management habits |
| Activity Recognition | Automatic habit detection | Activity tracking (Google Fit) |
| Mindfulness Minutes | Meditation habit tracking | Stress correlation analysis |
Contact Information
Acknowledgment and Consent
By selecting "I Agree" when prompted for HealthKit permissions:
- I acknowledge that I have read and understood this Health Data Privacy Notice
- I understand what health data will be collected and how it will be used
- I understand that I can revoke permissions at any time
- I understand my rights regarding my health data
- I consent to the collection and use of my health data as described
Remember: Your health data is sensitive and valuable. We are committed to protecting it with the highest security standards and using it only to improve your habit formation experience.
Version: 1.0 | Effective Date: December 18, 2025 | Last Updated: December 18, 2025