Privacy Policy

Our designated privacy officer responsible for our compliance with this policy is:

Hector Ramirez
Email: hector@heytrackr.com

You may contact the privacy officer with any questions, concerns, access requests, or complaints regarding your personal information.

We collect the following categories of personal information, each for the purposes described in Section 3:

Account information

• Name, email address, and password (stored as an irreversible bcrypt hash — we cannot read your password)
• Profile fields you optionally provide: gender, date of birth, height, location, athlete type, primary race distances, target weight, and timezone

Health and fitness data

When you connect a data source, we sync the following categories. We only access what you explicitly authorize:

• Workouts: activity type, duration, distance, pace/speed, cadence, stride length, ground contact time, vertical oscillation, power, training effect
• Heart rate: average, max, min, resting heart rate, heart rate zones per activity
• Heart rate variability (HRV): nightly average, 5-minute high, weekly average, baseline bands, HRV status
• Sleep: total duration, deep/light/REM/awake stages, bedtime and wake time
• Body composition: weight, body fat percentage, lean body mass, BMI, muscle mass, bone mass, body water, visceral fat
• Nutrition: daily calories, protein, carbohydrates, fat, fiber, calorie targets, TDEE
• Daily health: steps, active/basal calories, respiratory rate, SpO2, stress levels, body battery
• Training metrics: VO2max, lactate threshold, training status, race predictions
• Location data: GPS tracks from workouts may be collected in a future update. We will request separate permission before accessing location data.

Questionnaire answers

• Your responses to training background, coaching preferences, injury history, and goal questions. These are used to personalize AI-generated reports.

Device and usage information

• Device type, operating system version, app version
• Crash reports and error logs (collected via Sentry — see Section 4)
• Anonymous product usage events (collected via Amplitude — see Section 4)

Under PIPEDA, we must identify the purpose of each collection before or at the time we collect it. Your information is used for:

• Training analysis: Computing daily readiness scores, injury risk assessments, fitness state (CTL/ATL/TSB), running economy, and periodization detection using statistical models that run on your data.
• AI-generated coaching reports: Generating personalized narrative reports by sending your activity summaries, health metrics, and questionnaire context to OpenAI (see Section 4 for details). Your name, email, and account credentials are never sent to OpenAI.
• Swim session analysis: Parsing swim workout structure by sending swim telemetry data (stroke counts, SWOLF, lap times) to OpenAI for structured analysis.
• Progress tracking: Displaying trends, charts, and projections based on your historical data.
• Service operation: Authenticating your account, syncing data from connected services, sending transactional emails (verification, password reset).
• Service improvement: Diagnosing errors, monitoring performance, and improving algorithms using aggregated, anonymized data.

We do not use your data for advertising, marketing to third parties, or data mining unrelated to the purposes above. We will not collect data for undeclared purposes or repurpose data without obtaining your consent.

We share your information with the following third parties, each for a specific purpose. We do not sell your personal data.

OpenAI (AI report generation)

• What is sent: Activity summaries (type, duration, distance, pace, heart rate), health metric summaries (sleep, HRV, body composition numbers), and your questionnaire answers for coaching context.
• What is NOT sent: Your name, email address, password, account credentials, or raw GPS data.
• How OpenAI handles it: Data sent via the OpenAI API is not used to train or improve OpenAI's models. OpenAI retains API inputs for up to 30 days solely for abuse and misuse monitoring, after which it is deleted.
• Purpose: Generating coaching report narratives and swim session analysis. This processing directly benefits you by providing personalized training insights.

Sentry (error monitoring)

• What is sent: Crash reports, error stack traces, your user ID, device type, OS version, and app version.
• What is NOT sent: Health data, fitness metrics, or questionnaire answers.
• Purpose: Identifying and fixing bugs in the application.

Amplitude (product analytics)

• What is sent: Anonymous usage events (e.g., "viewed dashboard", "generated report"), feature flag evaluations, device type.
• What is NOT sent: Health data, fitness metrics, or personal profile details.
• Purpose: Understanding how features are used so we can improve the product.

Resend (transactional email)

• What is sent: Your email address and the content of transactional emails (verification codes, password reset links).
• Purpose: Delivering account-related emails.

Railway (infrastructure hosting)

• What is stored: All application data including your account, health data, and reports.
• Location: Railway's US East region. Your data is stored and processed on servers located in the United States.

Each third-party processor is contractually or by their published terms obligated to protect your data and not use it for purposes beyond what we have authorized.

HeyTrackr is operated from Saskatchewan, Canada. However, your personal information is stored and processed on servers located in the United States (Railway US East). Additionally, data sent to OpenAI, Sentry, and Amplitude is processed in the United States.

By using the Service, you acknowledge that your personal information will be transferred to, stored in, and processed in the United States, where it is subject to U.S. laws including the USA PATRIOT Act and the CLOUD Act. These laws may permit U.S. government agencies to access data in certain circumstances. We use contractual safeguards and select processors with strong security practices to provide comparable protection to PIPEDA requirements.

When you connect a third-party fitness service, we access your data through their API according to the permissions you grant. Each service has its own terms:

• Apple HealthKit: We read health data types you explicitly authorize through iOS permission prompts. Each data type (heart rate, sleep, workouts, etc.) requires a separate permission. We do not write data to HealthKit.
• Health Connect (Android): Same principle — each data type requires individual permission. We only read; we do not write.
• Strava: We access your activity data through the Strava API under Strava's API Agreement. We do not use Strava data to train machine learning models. When you disconnect Strava, we stop syncing and delete all Strava-sourced data from your account.

You can disconnect any service at any time in Settings. Disconnecting stops future syncing but does not retroactively delete previously synced data unless you delete your account.

This section applies specifically to data obtained from Apple HealthKit and Google Health Connect:

• This data is used exclusively to provide health and fitness analysis features directly to you within the app (readiness scoring, injury risk, reports, trend charts).
• We do not use HealthKit or Health Connect data for advertising, marketing, or use-based data mining.
• We do not sell, license, or disclose HealthKit or Health Connect data to data brokers, information resellers, or advertising networks.
• We do not store HealthKit data in iCloud.
• We do not write false or inaccurate data into HealthKit or Health Connect.
• HealthKit and Health Connect data that is sent to OpenAI for report generation is limited to aggregated numerical summaries (e.g., "average HRV: 45ms", "sleep: 7.2 hours") and is used solely to generate coaching insights for you.

Under PIPEDA, health and fitness data is considered sensitive personal information requiring express consent. By creating an account and accepting these terms, you provide express consent to:

• The collection and processing of your health and fitness data as described in this policy
• The transmission of your fitness data summaries and questionnaire context to OpenAI for AI-generated coaching reports
• The storage of your data on servers in the United States

For HealthKit and Health Connect data, additional per-type consent is obtained through the operating system's native permission prompts, which you can revoke at any time in your device settings.

You may withdraw consent at any time by deleting your account (Section 10) or by contacting the privacy officer. Withdrawing consent may affect our ability to provide the Service.

We retain your personal information for as long as your account is active and as needed to provide the Service. Specifically:

• Account and health data: Retained until you delete your account.
• Strava-sourced data: Retained while your Strava connection is active. Deleted when you disconnect Strava or delete your account.
• Transactional emails: Email delivery logs are retained by Resend per their retention policy.
• Error logs: Crash reports in Sentry are retained per Sentry's default retention (90 days).
• Analytics: Usage events in Amplitude are retained per Amplitude's retention policy.
• OpenAI: API inputs retained by OpenAI for up to 30 days for abuse monitoring, then deleted.

When you delete your account, all data in our primary database is deleted immediately and permanently. Data may persist in encrypted database backups for up to 30 days, after which backups are rotated and overwritten. We do not use backups for any purpose other than disaster recovery.

You have the following rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you. We will respond within 30 days.
• Correction: You may update your profile information at any time through the app. For corrections to other data, contact the privacy officer.
• Deletion: You may delete your account and all associated data at any time through Settings > Account > Delete Account. Deletion is immediate and irreversible.
• Withdraw consent: You may withdraw consent for data processing by deleting your account or contacting the privacy officer. Note that withdrawing consent means we can no longer provide the Service.
• Disconnect services: You may disconnect Strava or HealthKit/Health Connect at any time to stop future data syncing.
• Complain: If you are unsatisfied with our response to a privacy concern, you may file a complaint with the Office of the Privacy Commissioner of Canada.

We implement the following measures to protect your personal information:

• Encryption in transit via TLS for all data transfers
• Passwords stored as irreversible bcrypt hashes
• JWT-based authentication with short-lived access tokens (1 hour) and rotating refresh tokens (30 days)
• OAuth tokens for connected services stored server-side, never exposed to the client
• Database access restricted to application services via private networking

No method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

In the event of a data breach that creates a real risk of significant harm, we will:

• Report the breach to the Office of the Privacy Commissioner of Canada as soon as feasible
• Notify affected individuals directly, describing the breach, the data involved, and steps we are taking
• Maintain records of all breaches for a minimum of 24 months, as required by PIPEDA

HeyTrackr is intended for users aged 16 and older. We do not knowingly collect personal information from anyone under 16. If we learn that we have collected data from a user under 16, we will delete their account and data promptly. If you believe a minor under 16 has provided us with personal information, please contact the privacy officer.

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or Service features. When we make material changes, you will be prompted within the app to review and accept the updated policy before continuing to use the Service. The "effective date" at the top of this page indicates when the policy was last revised.

For any privacy-related questions, access requests, or complaints:

Hector Ramirez, Privacy Officer
Email: hector@heytrackr.com
HeyTrackr
Saskatchewan, Canada