HealthSync iOS app privacy policy
Last updated: February 5, 2026
This privacy policy describes how the HealthSync iOS app ("the App") collects, uses, and protects your health data.
Overview
HealthSync is a personal health data synchronization tool that transfers your Apple Health data to your own self-hosted dashboard. The App developer does not collect, store, or have access to your health data. All data flows directly from your device to your personal API endpoint.
Data collection
Health data accessed
The App requests read access to the following Apple HealthKit data types:
| Data type | Purpose |
|---|---|
| Sleep analysis | Sync sleep duration, stages (REM, core, deep), and efficiency |
| Steps | Sync daily step count |
| Active energy burned | Sync daily calorie expenditure |
| Resting heart rate | Sync daily resting heart rate |
| Heart rate variability | Sync HRV measurements |
| Workouts | Sync workout type, duration, and calories |
How data is used
Your health data is used solely to:
- Display current sync status within the App
- Transmit to your configured API endpoint
- Track last successful sync date (stored locally on your device)
The App does not:
- Send data to the App developer
- Send data to any third-party services
- Use data for analytics or advertising
- Share data with anyone other than your configured endpoint
Data transmission
Your API endpoint
Health data is transmitted only to the API endpoint URL you configure in the App settings. You are responsible for:
- Providing a valid HTTPS endpoint
- Securing your API with an authentication key
- Managing data storage on your server
- Complying with applicable data protection laws
Data format
Data is transmitted as JSON over HTTPS. The App sends:
- Sleep records (date, times, duration, stages)
- Daily metrics (steps, energy, heart rate, HRV)
- Workout records (type, duration, calories)
No personally identifiable information (name, email, device ID) is included in transmissions.
Data storage
On your device
The App stores locally:
- Your API endpoint URL
- Your API authentication key
- Last sync timestamp
- Upload count statistics
This data is stored in iOS UserDefaults and is not backed up to iCloud.
On your server
Data sent to your API endpoint is stored on your own infrastructure. The App developer has no access to or control over this data. You are responsible for:
- Data backup and retention policies
- Access controls and security
- Compliance with applicable regulations
Data retention
Local data
App settings remain on your device until you:
- Delete the App
- Reset settings within the App
- Reset your iPhone
Server data
Data retention on your server is entirely under your control. The App has no ability to delete data from your server.
HealthKit integration
This App integrates with Apple HealthKit to read health and fitness data from the Health app on your iPhone. The App reads data that you have recorded via Apple Watch, iPhone, or other connected devices.
Apple App Store compliance
In accordance with Apple's App Store Review Guidelines (specifically Guidelines 2.5.1, 5.1.2, and 5.1.3):
- Health data is used only for the purposes described in this policy
- Health data is not used for advertising or marketing purposes
- Health data is not used for use-based data mining
- Health data is not disclosed to third parties without your explicit consent
- Health data is not sold to advertising platforms, data brokers, or information resellers
- The App does not share HealthKit data with third-party analytics services
Data controller
You are the data controller for all health data processed by this App. The App developer:
- Does not receive your health data
- Does not store your health data
- Does not process your health data
- Has no access to your configured API endpoint
The App functions solely as a transmission mechanism between your device and your own server infrastructure.
Security
The App implements the following security measures:
- All API communication uses HTTPS encryption
- API keys are stored securely in iOS UserDefaults
- No health data is cached or logged on device
- Background sync uses iOS-managed secure connections
GDPR and international compliance
For users in the European Union and other jurisdictions with data protection regulations:
- Legal basis: Processing is based on your explicit consent when granting HealthKit permissions
- Data minimization: The App only accesses health data types necessary for its stated purpose
- Purpose limitation: Data is used solely to sync to your configured endpoint
- No profiling: The App does not perform automated decision-making or profiling
- Right to erasure: Delete the App to remove all local data; server data is under your control
Since you control the destination server, you are responsible for ensuring your server infrastructure complies with applicable data protection regulations in your jurisdiction.
Children's privacy
The App is not directed at children under 13. We do not knowingly collect health data from children.
Changes to this policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.
Contact
For questions about this privacy policy or the App's data practices:
- Documentation: HealthSync iOS documentation
- Support: HealthSync support page
- Source code: Available on request
Your rights
You have the right to:
- Access: View all data the App can access via Apple Health settings
- Control: Revoke HealthKit permissions at any time via iPhone Settings
- Delete: Remove all local App data by deleting the App
- Portability: Your data is stored on your own server in standard JSON format