Platform Privacy Policy

This Platform Privacy Policy describes how the Heal Strong App platform ("we," "us," "our," or the "Platform") collects, uses, and protects your personal information when you use our software application, website, and technology services. This policy applies to the technology platform itself and is separate from any privacy policies of individual coaches or service providers who use our platform.

1. Scope of This Policy

This Platform Privacy Policy governs:

• The Heal Strong App software platform and website
• User accounts and authentication systems
• Third-party integrations (wearable devices, APIs)
• Data storage and processing by the platform
• Technical and operational data collection

Individual coaches or service providers using this platform may have their own privacy policies governing their specific services. Please review those policies separately.

2. Information We Collect

2.1 Account Information

• Name and email address
• Account credentials (securely hashed passwords)
• Profile information you provide
• Account preferences and settings

2.2 Wearable Device Data

When you connect third-party wearable devices to our platform, we collect data from those devices as authorized by you, including but not limited to:

• WHOOP: Recovery scores, strain data, sleep metrics, heart rate, HRV, workouts
• Oura Ring: Readiness scores, sleep data, activity metrics, temperature data
• Other Devices: Similar health and fitness metrics as supported integrations are added

Important: Wearable data is collected only with your explicit authorization through OAuth authentication with the device provider. You may disconnect devices and revoke access at any time.

2.3 Technical Data

• IP address and approximate location
• Browser type and device information
• Operating system and version
• Pages visited and features used
• Error logs and performance data
• Cookies and local storage data

2.4 Integration Authentication Data

• OAuth tokens for connected services (encrypted)
• API credentials for third-party integrations
• Connection status and sync timestamps

3. How We Use Your Information

• Platform Operation: To provide, maintain, and improve our software platform
• Data Synchronization: To sync and display data from connected wearable devices
• Account Management: To manage your account and authenticate your identity
• Analytics: To analyze platform usage and improve features
• Security: To detect, prevent, and respond to security incidents
• Legal Compliance: To comply with applicable laws and regulations
• Communication: To send essential platform notifications and updates

4. Third-Party Integrations

4.1 Wearable Device Providers

When you connect wearable devices, you authorize data sharing between our platform and:

• WHOOP Inc. - whoop.com
• Oura Health Oy - ouraring.com
• Additional providers as integrations are added

Each provider has their own privacy policy governing how they collect and use your data. We encourage you to review their policies.

4.2 Service Providers

• Supabase: Database hosting and authentication
• Vercel: Website hosting and deployment
• Stripe: Payment processing
• SendGrid: Email delivery services

5. Data Storage and Security

• All data is encrypted in transit (TLS/SSL) and at rest
• OAuth tokens are stored encrypted using industry-standard encryption
• Database access is restricted and logged
• Regular security audits and updates are performed
• Data is stored on secure cloud infrastructure in the United States

6. Your Rights and Controls

6.1 Device Connections

You may at any time:

• Connect or disconnect wearable devices from your account
• Revoke OAuth authorization for any connected service
• Request deletion of synced wearable data

6.2 Account Data

You have the right to:

• Access your personal data stored on the platform
• Correct inaccurate information
• Request deletion of your account and associated data
• Export your data in a portable format

6.3 California Residents (CCPA)

California residents have additional rights under the CCPA, including:

• Right to know what personal information is collected
• Right to request deletion
• Right to opt-out of sale (we do not sell personal information)
• Right to non-discrimination

7. Data Retention

• Account Data: Retained while your account is active
• Wearable Data: Retained for historical analysis and trends, deleted upon request
• OAuth Tokens: Retained while connection is active, deleted on disconnect
• Technical Logs: Retained for 90 days for security and debugging

8. Children's Privacy

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy with a new effective date
• Sending an email notification for significant changes
• Displaying a notice within the platform

10. Contact Us