Privacy Policy

Last updated: April 10, 2026

Overview

HealthSync ("we," "our," or "the app") is committed to protecting your privacy. This Privacy Policy explains how we handle information when you use the HealthSync mobile application.

The short version: Your health data is processed entirely on your device. We do not collect, store, or transmit your personal health information to any server.

1. Information We Do Not Collect

HealthSync does not collect, store, or have access to:

  • Your Fitbit health data (steps, heart rate, sleep, workouts, etc.)
  • Your Apple Health data
  • Your Fitbit account credentials (authentication is handled by Fitbit's official OAuth flow)
  • Your name, email address, or other personally identifiable information
  • Your location data

2. How the App Works

HealthSync connects to the Fitbit API using Fitbit's official OAuth 2.0 authentication. When you authorize the app:

  • An authentication token is stored securely on your device using the iOS Keychain
  • The app fetches your health data directly from Fitbit's servers to your device
  • The app writes that data to Apple Health using Apple's HealthKit framework
  • All data processing occurs locally on your iPhone

At no point does your health data pass through our servers.

3. Information We May Collect

We may collect limited, non-personal technical information to improve the app:

  • Crash reports: Anonymous crash logs to help us fix bugs (via Apple's built-in crash reporting)
  • App analytics: Aggregate, anonymous usage statistics such as which features are used most often (e.g., number of syncs performed). These contain no personal or health data.
  • Purchase information: Subscription status is managed entirely by Apple through the App Store. We receive only the information necessary to verify your subscription status.

4. Third-Party Services

HealthSync interacts with the following third-party services:

  • Fitbit (Google): We use the Fitbit Web API to read your health data. Your use of Fitbit is governed by Fitbit's Privacy Policy.
  • Apple HealthKit: We use HealthKit to write synced data to Apple Health. Your use of HealthKit is governed by Apple's Privacy Policy.
  • Apple App Store: Subscription purchases and management are handled by Apple.

5. Data Storage and Security

  • Authentication tokens are stored in the iOS Keychain, Apple's encrypted credential storage
  • Health data is only held temporarily in device memory during the sync process
  • We do not operate any servers that store your data
  • All network communication uses HTTPS encryption

6. Children's Privacy

HealthSync is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.

7. Your Rights

Since we do not collect or store your personal data on our servers, there is no personal data for us to provide, modify, or delete. You can:

  • Revoke Fitbit access at any time through your Fitbit account settings
  • Revoke HealthKit permissions through the Apple Health app
  • Delete the app to remove all locally stored data including authentication tokens

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

healthsync@deucks.com