1. Introduction
WeightSync ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.
2. Information We Collect
2.1 Health Data
Weight Information: We access your weight data from Apple Health solely for the purpose of synchronizing it with Strava. This includes:
- Body weight measurements
- Date and time of weight entries
- Optional extra weight values you manually add
2.2 Account Information
Strava Authentication: When you connect your Strava account, we receive:
- OAuth access and refresh tokens
- Token expiration timestamps
These tokens are stored securely on your device and are used to authenticate API requests to Strava.
2.3 App Usage Data
We collect minimal usage information stored locally on your device:
- Sync history (dates and weights synchronized)
- App preferences (unit of measurement, reminder settings)
- Pending sync queue (for retry mechanism)
- Premium subscription status
2.4 Information We Do NOT Collect
We do not collect:
- Your name, email address, or phone number (unless you contact support)
- Location data
- Contacts or photos
- Other health data beyond weight
- Device identifiers for tracking or advertising
- Analytics or usage tracking data
3. How We Use Your Information
| Data Type | Purpose | Storage Location |
|---|---|---|
| Weight Data | Synchronization with Strava | Your device only |
| Strava Tokens | Authentication for API requests | Your device (encrypted) |
| Sync History | Display past synchronizations | Your device only |
| App Preferences | Customize app behavior | Your device only |
| Subscription Status | Enable premium features | Apple's servers |
4. Data Storage and Security
4.1 Local Storage
All personal data is stored locally on your device using iOS secure storage mechanisms:
- UserDefaults: For app preferences and settings
- Keychain (if applicable): For sensitive authentication tokens
- No cloud storage: We do not use iCloud or our own cloud storage
4.2 Data Transmission
When data is transmitted to Strava:
- All communications use HTTPS encryption
- Data is sent directly from your device to Strava's servers
- We do not intercept or store data in transit
4.3 Security Measures
- OAuth 2.0 for secure Strava authentication
- Automatic token refresh to minimize exposure
- No third-party analytics or tracking SDKs
- Regular security updates
5. Data Sharing and Disclosure
5.1 Third-Party Services
Strava: We share your weight data with Strava solely to update your athlete profile. This is the core functionality of our app and requires your explicit authorization.
Apple: Subscription information is managed by Apple through the App Store. We do not receive your payment information.
5.2 We Do NOT Share Data With
- Advertisers or marketing companies
- Data brokers
- Analytics platforms
- Social media networks (except Strava as described)
- Any other third parties for commercial purposes
5.3 Legal Requirements
We may disclose your information if required by law, such as:
- To comply with a court order or subpoena
- To protect our rights or property
- To investigate fraud or security issues
- To protect the safety of users or the public
6. Your Rights and Choices
6.1 Access and Control
You have the following rights:
- Access: View all data stored by the app in the History section
- Modification: Change your preferences and settings at any time
- Deletion: Clear sync history within the app
- Revoke Access: Disconnect Strava or revoke Apple Health permissions
6.2 Apple Health Permissions
You can manage Apple Health permissions at any time:
- Go to iPhone Settings > Health > Data Access & Devices
- Select WeightSync
- Toggle permissions on or off
6.3 Strava Connection
To disconnect Strava:
- Visit your Strava account settings
- Navigate to "My Apps"
- Revoke WeightSync's access
6.4 Data Deletion
To completely remove your data:
- Revoke Apple Health and Strava permissions
- Clear sync history in the app
- Uninstall the app from your device
Since all data is stored locally, uninstalling the app will permanently delete all associated data.
7. Children's Privacy
WeightSync is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will promptly delete it.
8. International Data Transfers
WeightSync operates globally. When you use Strava synchronization, your data may be transmitted to Strava's servers, which may be located in different countries. By using the app, you consent to such transfers.
9. Data Retention
We retain your data only as long as necessary:
- Weight Data: Not retained; transmitted directly to Strava
- Sync History: Stored locally until you clear it or uninstall the app
- Authentication Tokens: Stored until you disconnect Strava
- App Preferences: Stored until you uninstall the app
10. Cookies and Tracking
WeightSync does not use cookies, web beacons, or similar tracking technologies. We do not track your behavior across websites or apps.
11. Push Notifications
If you enable notifications, you may receive:
- Weight detection alerts
- Sync success/failure notifications
- Daily reminder notifications (if enabled)
You can disable notifications at any time in your device settings.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new policy in the app
- Updating the "Last Updated" date
- Sending an in-app notification (for significant changes)
Your continued use of the app after changes constitutes acceptance of the updated policy.
13. California Privacy Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to say no to the sale of personal information (Note: We do not sell personal information)
- Right to access your personal information
- Right to deletion of personal information
14. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing of your data
15. Legal Basis for Processing (GDPR)
We process your data based on:
- Consent: You explicitly authorize access to Apple Health and Strava
- Contract: Processing is necessary to provide the service you requested
- Legitimate Interests: To improve and secure our service
16. Contact Us
If you have questions or concerns about this Privacy Policy or our practices, please contact us:
Email: support@weightsync.app
Subject Line: Privacy Policy Inquiry
We will respond to your inquiry within 30 days.
17. Compliance and Certifications
WeightSync is designed to comply with:
- Apple's App Store Review Guidelines
- Apple's HealthKit Framework Requirements
- Strava API Terms of Use
- GDPR (for EU users)
- CCPA (for California users)