Privacy Policy
Our Privacy Commitment: HeartOxy is designed with privacy as a core principle. Your health data is stored locally on your devices and in your personal Apple HealthKit and iCloud accounts. We do NOT operate external servers that collect, store, or process your personal health information. We do NOT sell your personal information to third parties.
- Overview
- Information We Collect
- How We Use Your Information
- Data Storage and Security
- Data Sharing and Disclosure
- Data Retention
- Your Privacy Rights
- California Privacy Rights (CCPA/CPRA)
- European Privacy Rights (GDPR)
- CalOPPA Compliance
- Children's Privacy
- International Data Transfers
- Changes to This Policy
- Contact Us
1. Overview
HeartOxy ("we," "us," "our," or "the App") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our heart rate zone training application for Apple Watch and iPhone.
By using HeartOxy, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our App.
2. Information We Collect
2.1 Health Data (Collected Automatically)
When you use HeartOxy, the App collects the following health data from your Apple Watch via Apple HealthKit:
- Heart Rate Data: Real-time and historical heart rate measurements (in beats per minute)
- Blood Oxygen (SpO₂) Data: Oxygen saturation readings (percentage)
- Workout Session Data: Active workout start/stop times, duration, and session type
- Heart Rate Zone Data: Current and historical heart rate zone classifications during workouts
- Sleep Stage Data: Sleep stage readings when background monitoring is active
2.2 User-Provided Information
- Workout Settings: Target heart rate zone selection, custom intensity thresholds, and age for zone calculation
- Notification Preferences: Which intensity levels trigger feedback alerts and repeat alert settings
- Emergency Contact Information: Name and phone number of emergency contacts you choose to add (optional)
2.3 Information We Do NOT Collect
- Names, email addresses, or account information
- Location or GPS data
- Device identifiers for tracking purposes
- Usage analytics or behavioral data
- Advertising identifiers
- Any information from third-party sources
3. How We Use Your Information
We use the collected information exclusively to provide the app's core functionality: real-time health monitoring, zone training feedback, post-workout summaries, data export, and emergency alerts. We do not use your data for advertising, analytics, or any commercial purpose beyond delivering the service you requested.
4. Data Storage and Security
4.1 Where Your Data Is Stored
- Apple HealthKit: Health readings stored securely in Apple's HealthKit database on your personal devices
- Core Data (Local Database): A local database on your iPhone for fast access and offline availability
- iCloud/CloudKit (Optional): If iCloud is enabled, data may sync via Apple's CloudKit service (encrypted in transit and at rest)
- Device Storage: Threshold settings and emergency contacts stored locally using iOS secure storage
Important: We do NOT operate any external servers. All your health data remains within Apple's secure ecosystem (your devices and your iCloud account). We cannot access your personal health information.
4.2 Security Measures
- All data stored using Apple's secure frameworks with hardware-level encryption
- No transmission of data to external third-party servers
- Data encrypted in transit when syncing via iCloud
- Access to health data requires device authentication (Face ID, Touch ID, or passcode)
5. Data Sharing and Disclosure
HeartOxy does NOT sell, rent, trade, or otherwise transfer your personal information to third parties. We do not use third-party analytics services, advertising networks, or behavioral tracking of any kind.
You may choose to share your data through the in-app CSV export feature or iOS Share Sheet — this is entirely at your discretion. We may disclose information if required by law.
6. Data Retention
Your health data is stored on your personal devices and iCloud account for as long as you keep the App installed or choose to retain data in Apple HealthKit. You can delete your data at any time by deleting the HeartOxy app, removing health data from the Apple Health app, or clearing app data in iOS Settings.
7. Your Privacy Rights
| Right | How to Exercise |
|---|---|
| Access — View all collected data | View within the App or export CSV |
| Portability — Receive data in portable format | Use CSV export feature |
| Deletion — Request deletion | Delete app or clear data in Settings |
| Correction — Correct inaccurate data | Modify settings within the App |
| Restriction — Limit processing | Revoke HealthKit permissions in iOS Settings |
| Withdraw Consent | Revoke permissions in iOS Settings |
8. California Privacy Rights (CCPA/CPRA)
CCPACPRAIf you are a California resident, you have rights under the CCPA/CPRA including the right to know, delete, correct, opt-out of sale/sharing, and non-discrimination. We do NOT sell your personal information and have not done so in the preceding 12 months. The only sensitive personal information we collect is health data (heart rate, SpO₂), which is stored locally only and used solely to provide the app's core functionality.
To exercise your California privacy rights, email us at heartoxy2026@gmail.com with "California Privacy Request" in the subject line. We will respond within 45 days.
9. European Privacy Rights (GDPR)
GDPRIf you are located in the EEA, UK, or Switzerland, you have rights under the GDPR including access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent. We process health data based on your explicit consent (HealthKit permissions) and contract performance.
To exercise your GDPR rights, email heartoxy2026@gmail.com with "GDPR Request" in the subject line. We will respond within one month.
10. CalOPPA Compliance
CalOPPAHeartOxy does NOT track users across third-party websites or online services, does not collect browsing behavior, and does not serve behavioral advertising. We do not respond to Do Not Track (DNT) signals because we do not engage in any tracking activity. No third-party advertising networks, analytics services, or social media plugins are integrated into HeartOxy.
11. Children's Privacy
HeartOxy is not intended for use by children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe your child has provided information to the App, please contact us at heartoxy2026@gmail.com.
12. International Data Transfers
HeartOxy stores data locally on your devices and in your personal iCloud account. We do not operate external servers or transfer your data internationally. If you use iCloud, Apple may process data internationally in accordance with their privacy policy and applicable legal mechanisms.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this policy and may notify you through the App. Your continued use of the App after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:
Email: heartoxy2026@gmail.com
© 2026 HeartOxy. All rights reserved. Not a medical device. For fitness use only.