Privacy Policy

1. Information We Collect

Personal Information

• Email address for authentication

• Name (optional)

• Profile information (height, weight, date of birth - optional)

Health Data

• Activities and workouts from connected services

• Heart rate, steps, calories, distance metrics

• Sleep patterns and duration

• GPS data for activity routes

2. How We Use Your Information

We use your information exclusively to:

• Provide health data aggregation services

• Display your fitness metrics and progress

• Calculate statistics and insights

• Enable data export functionality

• Sync data from connected services

3. Data Storage and Security

We implement industry-standard security measures:

• Encryption at rest and in transit (TLS/HTTPS)

• Row-level security in Supabase

• Secure OAuth token storage

• Regular security updates

• Access controls and authentication

4. Third-Party Services

We integrate with fitness platforms through official APIs:

• Strava: Activities and performance metrics

• Fitbit: Health metrics and sleep data

• Google Fit: Fitness and wellness data

• Supabase: Secure database infrastructure

Each service has its own privacy policy. We only access data you explicitly authorize.

5. Data Sharing

We do not sell, trade, or rent your personal health information.

We only share data:

• With your explicit consent

• To comply with legal obligations

• With service providers under strict confidentiality (Supabase, Cloudflare)

6. Your Rights

You have complete control over your data:

• Access all your stored data

• Export data in JSON/CSV formats

• Delete specific data or entire account

• Disconnect services at any time

• Correct or update information

• Opt-out of features

7. Data Retention

Data retention policies:

• Active account data retained indefinitely

• Deleted data removed within 30 days

• Backups purged within 90 days

• You can request immediate deletion

8. GDPR & CCPA Compliance

For EU and California residents:

• Right to data portability

• Right to be forgotten

• Right to restrict processing

• Right to object

• No sale of personal data

9. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect data from children.

10. API Rate Limiting

We implement responsible API usage:

• Respect third-party rate limits

• Implement caching to minimize requests

• Use incremental sync where possible

• Fair usage across all users

11. Changes to This Policy

We may update this policy periodically. Significant changes will be notified via email.

12. Contact Us

For privacy concerns or data requests:

• Email: privacy@joinhumos.com

• Website: https://www.joinhumos.com

• Data Protection: dpo@joinhumos.com