What we collect, why, and the controls you have over your data.
HealthAPI lets you sync your own Apple Health data and access it through a REST API. This policy explains what we collect, how we use it, and the controls you have. You stay in control of your data — you can export or delete it at any time.
Health & fitness data you choose to sync. Only the metric types you enable in the app — spanning activity & energy, cardiovascular and other vitals (including sensitive readings such as blood pressure, blood glucose, and blood oxygen, and, if you sync them, blood alcohol, insulin, and heart-rhythm data), mobility, hearing (audio exposure), nutrition, body composition, sleep, and workouts — are read from Apple Health (HealthKit) and stored on your account. For each sample we also store its value, unit, timestamps, and the source app and device it came from. We never read Apple Health data you haven't granted. (These are ordinary HealthKit metrics; we do not access Apple Health clinical records.)
Account & identity. A device identifier and your device's name (which on iOS often contains your name), the platform, and your time zone, used to create and operate your account. If you use Sign in with Apple, the identifier Apple provides, the email address Apple shares (which may be an Apple private-relay address), and your name. You may also set a display name, which is stored on our servers. Your account is secured by an API key we issue to you.
Subscriptions. If you subscribe, Apple sends us a signed App Store transaction so we can confirm your plan tier and status. Payments are handled entirely by Apple — we never receive or store your card or payment details.
Diagnostic telemetry. To help us debug sync and other issues, the app may send diagnostic events tied to your account — an event type, an optional free-text message, and a metadata object (for example, sync durations and outcomes, the number of samples or workouts uploaded, and error messages when something fails). We strip emails, tokens, and credential hashes from these events before storing them.
Operational data. Basic request metadata — method, endpoint, status, timing, and IP address — is written to our short-lived operational logs to run, secure, and debug the API, and a per-day counter is used to enforce rate limits.
We use your data only to provide and operate the service: to sync and store your health data, serve it back to you over the API, enforce plan limits, secure the service, and respond to your support requests.
We do not sell your data, show you ads, or use your health data to train machine-learning models. When you connect your key to a third-party AI tool, the requests you make send your data to that tool under its own terms — that choice is yours.
Your health data comes from Apple HealthKit on your device. It is stored on infrastructure we operate through a hosting provider acting on our behalf. We don't share your personal data with any other third party except where required by law, or to protect the rights and safety of users and the service.
All traffic to the API is encrypted in transit with TLS. Access to your data requires your secret API key, which acts as your identity — keep it private, and rotate it from the Console if it's ever exposed. Internal access is limited to what's needed to operate the service. No system is ever perfectly secure, but we take reasonable measures to protect your data and will continue to strengthen them.
Export. Download a complete copy of your account and health data at any time via GET /gdpr/export.
Delete. Deleting your account (in the app, or via DELETE /account/delete) deactivates it immediately — your API key stops working — and schedules permanent deletion after a 30-day grace period, during which you can recover it by reopening the app. After the grace period a daily job permanently and irreversibly erases your health samples, workouts, subscription records, diagnostic telemetry, and your entire user record: all identity fields (device identifier and name, Apple identifier, email, display name, and credential hashes) are deleted, not merely anonymized. For immediate, irreversible erasure, use DELETE /gdpr/account with the confirmation body. We keep a limited security audit log of sensitive actions for fraud and abuse prevention. Health data stored locally in Apple Health on your device is not affected.
Rotate. Regenerate your API key at any time to revoke prior access.
Depending on where you live, you may have additional rights to access, correct, or restrict processing of your data. Contact us and we'll help.
We keep your health data, workouts, account information, and subscription records for as long as your account is active. Diagnostic telemetry is automatically deleted after 90 days. Per-day rate-limit counters expire automatically within 24 hours, and operational request logs are short-lived and kept only for debugging and security. When you delete your account, your data is erased as described above — immediately for GDPR erasure, or after the 30-day grace window for a standard deletion.
HealthAPI isn't directed to children under 16, and we don't knowingly collect their data. If you believe a child has used the service, contact us and we'll remove the account.
HealthAPI is not a medical device and does not provide medical advice, diagnosis, or treatment. Always consult a qualified professional for health decisions.
We'll update this policy as the service changes and revise the date above. Significant changes will be communicated in the app or by email where appropriate.
Questions about your privacy or this policy? Reach us through our contact form.