Privacy Policy

Effective Date: 06/01/2026

Your privacy is important to us. This Privacy Policy outlines how MyHealthSentry.com collects, uses, and protects the personal health data you provide while using our platform.

1. Information We Collect

We may collect the following categories of information when you interact with our Services:

  • Personal Identifiers: Name, email address, contact details, account login information.
  • Health and Wellness Data: Data you input directly (e.g., symptoms, lifestyle habits, medical history, fitness metrics). Data collected from integrated third-party wearables and health devices (e.g., sleep, glucose, activity).
  • Internet/Device Data: IP address, browser, device type, session duration, usage patterns, and diagnostic data.
  • Geolocation Data: With your consent, we may collect location data to personalize your experience.
  • Inferences: Risk scores, wellness trends, and predictive insights based on your data.

2. Lawful Basis for Processing (GDPR)

For users in the EU/EEA, we process personal data only when we have a lawful basis under Article 6 of the GDPR, including:

  • Consent (e.g., for optional health tracking or wearable integrations).
  • Contractual necessity (e.g., to provide core platform features).
  • Legitimate interests (e.g., platform improvement, research, analytics).
  • Legal obligations (e.g., in response to lawful government requests).

You may withdraw consent at any time by contacting us (see Section 12).

3. How We Use Your Information

We use your data to:

  • Deliver and maintain the Services.
  • Generate personalized health insights, risk models, and recommendations.
  • Enable integration with wearables and third-party health data providers.
  • Analyze aggregated and anonymized data for research and product development.
  • Improve user experience and security.
  • Comply with legal and regulatory requirements.

4. Mobile App Health Data Integrations

Our mobile apps integrate with platform health services to read health data with your explicit permission. We only read data from these services — we never write to them.

Health Connect (Android)

Our Android app may request read access to the following Health Connect data types:

  • Weight — Used to display body composition trends on the Health view and to calculate personalized strength training goals based on your body weight (e.g., a target of 0.5x your body weight for a given exercise).
  • Heart Rate — Used to classify exercise intensity zones for fitness competitions, so you can see whether activity counts as moderate or vigorous effort.
  • Steps & Exercise Sessions — Used to track daily activity and participation in fitness competitions with friends.
  • VO2 Max — Used to assess your cardiovascular fitness level.
  • Height, Body Fat Percentage, Lean Body Mass — Used for body composition analysis on the Health view.

You can revoke Health Connect permissions at any time through your device's Health Connect settings. Revoking permissions will stop future data syncing but will not delete previously synced data. You can request deletion of all synced health data from your account settings or by contacting us at [email protected].

Apple HealthKit (iOS)

Our iOS app may request read access to similar health data types through Apple HealthKit, including weight, height, body fat percentage, lean body mass, and VO2 Max. This data is used for the same purposes described above. You can manage HealthKit permissions at any time through the Health app on your iOS device.

5. Sharing and Disclosure of Information

We do not sell your personal information. However, we may share data under the following conditions:

  • Service Providers: Trusted vendors (e.g., hosting, analytics, infrastructure) under confidentiality agreements.
  • With Your Consent: For features requiring authorization (e.g., third-party device integrations).
  • Legal Compliance: If required by law, regulation, subpoena, or government request.
  • Security and Enforcement: To protect our rights, property, or safety and prevent misuse or fraud.
  • Corporate Transactions: In the event of a merger, acquisition, or asset transfer, with appropriate safeguards.

6. Your Rights

For EU/EEA Users (GDPR)

You have the following rights:

  • Access: Obtain a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure ("Right to be Forgotten"): Request deletion of your data.
  • Restriction: Ask us to stop certain data processing activities.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: At any time, without affecting past lawful processing.

For California Residents (CCPA/CPRA)

You have the right to:

  • Know: What personal information we collect and how we use it.
  • Access: Specific pieces of personal information we have collected about you.
  • Delete: Request deletion of your personal information.
  • Correct: Inaccurate personal information.
  • Opt-Out: You may opt out of "sharing" or "selling" of personal information (we do not engage in either).
  • Non-Discrimination: We will not treat you differently for exercising your privacy rights.

To exercise your rights, contact: [email protected]. You may also designate an authorized agent to make a request on your behalf.

7. Data Retention

We retain personal information as long as reasonably necessary to:

  • Provide the Services and maintain user accounts.
  • Fulfill legal, contractual, or regulatory obligations.
  • Support anonymized research and platform development.

When no longer needed, we will securely delete or de-identify your data.

8. Cross-Border Transfers

If you are outside the United States, your data may be transferred to and processed in the U.S., where data protection laws may differ. For EU/EEA users, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) to legitimize these transfers.

9. Data Security

We implement technical and organizational security measures, including:

  • Encryption of sensitive health data in transit and at rest.
  • Secure authentication and access controls.
  • Regular security reviews and monitoring.

Despite these efforts, no method of transmission or storage is 100% secure. You use the Services at your own risk.

10. Children's Privacy

Our Services are not directed to children under 18. We do not knowingly collect personal data from minors. If you believe a child has submitted data to us, please contact us so we can delete it.

11. Charity Competition Features

Some competitions on MyHealthSentry may be associated with a charitable organization and may present a suggested donation amount after the competition ends. When you participate in or create a charity-linked competition, the following data practices apply.

What we collect and use for this feature. In connection with charity-linked competitions, MyHealthSentry may collect and use:

  • competition participation data (joins, completions, results, leaderboard position);
  • challenge settings (competition type, suggested amount configuration, schedule);
  • the selected charity and campaign identifier;
  • the suggested donation amount displayed to you;
  • click-through and engagement data related to donation links (whether you opened the donation page, when, and from which screen);
  • communications preferences and delivery records for reminders and notifications tied to this feature.

How we use this information. We use this information to set up and administer competitions, to calculate and display suggested donation amounts, to send reminders and notifications you've opted into, to measure feature performance and engagement, to prevent fraud, abuse, and policy violations, and to comply with legal obligations relating to charitable promotions.

What is and is not shared externally. When you click through to complete a donation, MyHealthSentry may share a limited set of routing/attribution data with the donation processor (currently Pledge.to) and, where relevant, the selected charity, including:

  • your display name or first and last name as entered on your MyHealthSentry profile;
  • your email address;
  • the donation amount and recipient charity identifier you (or the creator) selected;
  • a MyHealthSentry-internal reference identifier so the processor's webhook can route the confirmation back to the right competition.

MyHealthSentry does not share with the processor or charity, in connection with this feature: your underlying health metrics, sensitive wellness data, medical history, device-integrated health data, biomarker data, body composition data, or risk-score inferences. If a future version of the feature would share any such data, this Policy will be updated and, where required, your separate consent will be obtained.

Payment information. Payment card and billing information for donations are collected on the donation processor's hosted page by the processor (or its payment processor, currently Stripe), not by MyHealthSentry. Those third parties' privacy practices govern that information. MyHealthSentry does not receive, hold, or transmit donated funds.

Communications and reminders. If MyHealthSentry sends push notifications, emails, or in-app reminders relating to a charity-linked competition or a post-competition donation prompt, those communications are governed by your notification settings. You can manage them in your account settings.

Public and social visibility. Some information in a charity-linked competition — including who joined the competition, results and standings, and the suggested amount associated with a position — may be visible to other participants in the same competition. MyHealthSentry does not display whether or not you actually completed a donation to other users by default. If a future version of the feature would make donation completion visible to others, that visibility will be opt-in.

Tax receipt and donor identity expectations. Tax receipts, donor identification, and donation acknowledgements, if any, are handled by the processor and/or recipient charity, not by MyHealthSentry.

Third-party privacy practices. When you leave MyHealthSentry to complete a donation on the processor's site, the processor's and charity's own terms and privacy practices apply. We are not responsible for those parties' data practices.

Retention. We retain charity-competition participation data, donation-link routing data, and related communications records for as long as reasonably necessary to operate the feature, comply with applicable law, resolve disputes, and produce aggregate analytics. When that purpose is fulfilled, we delete or de-identify the data per our standard retention practices in Section 7.

Analytics, "sale," "sharing," and targeted advertising. MyHealthSentry does not sell your personal information. We use limited service-provider analytics to measure feature performance (for example, to count how many users opened a donation page from the Service). To the extent any such analytics, conversion tracking, SDKs, or cross-context advertising tools constitute a "sale" or "sharing" of personal information under California's CPRA or similar state laws, you may exercise your right to opt out as described in Section 6.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email, in-app notice, or on our website. Continued use of the Services after updates constitutes acceptance.

13. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: [email protected]