Consumer Health Data Policy
This Consumer Health Data Policy is provided pursuant to the Washington My Health My Data Act (MHMDA) and applicable state health data privacy laws. David Wills ("Beat Journal", "we", "us", or "our") is committed to transparency about how we handle your health data.
1. Categories of Consumer Health Data Collected
Beat Journal collects the following categories of consumer health data, all initiated by you through the App:
| Category | Examples | Source |
|---|---|---|
| Sleep Data | Sleep duration, sleep stages, efficiency, latency, timing | Apple HealthKit, Oura Ring |
| Activity Data | Steps, distance, calories, exercise minutes, stand hours | Apple HealthKit, Oura Ring |
| Body Measurements | Weight, BMI, body temperature deviation | Apple HealthKit, Oura Ring |
| Vital Signs | Resting heart rate, HRV, respiratory rate, SpO2 | Apple HealthKit, Oura Ring |
| Mental Wellness | Mindful minutes, readiness scores, state-of-mind data where available | Apple HealthKit, Oura Ring |
| Exercise & Training | Workout records, training load (volume) | Hevy |
| Self-Reported Health | Journal entries describing physical or mental state | User-created in App |
2. Purposes for Collection
We collect consumer health data for the following purposes:
- Personal Wellness Tracking: Displaying your health metrics on your dashboard and in your journal so you can understand your wellness trends
- AI-Powered Insights (optional, requires separate consent): Generating personalized insights and grounded chat responses from selected evidence packs
- Data Aggregation: Combining data from multiple sources to provide a unified daily health snapshot
We do not collect health data for advertising, marketing, discriminatory purposes, or sale to third parties.
3. Categories of Third Parties with Whom Health Data Is Shared
| Third Party Category | Data Shared | Purpose | Your Control |
|---|---|---|---|
| Contracted AI model providers used by Beat Journal | Selected health metrics, calendar summaries, relevant journal excerpts, and supporting AI analysis artifacts needed for the current request | AI insight generation and grounded chat | Requires separate consent; revocable at any time |
| Apple (iCloud/CloudKit) | Journal entries only | Cross-device sync | Controlled by your iCloud settings |
When AI features are enabled, selected evidence is routed through Beat Journal servers before being sent to the active model provider. Beat Journal keeps retrieval, search, and scope selection on-device.
No other third parties receive your health data. We do not sell consumer health data.
4. How to Exercise Your Rights
Right to Access
All your health data is accessible within the Beat Journal App at any time through the Dashboard, Journal, and Insights tabs.
Right to Delete
You may delete all your health data through the App: Settings › Privacy & Legal › Delete All My Data.
This permanently removes health data stored by the App from your device. Journal entries synced via iCloud will be deleted from your connected Apple devices. Data already processed by third-party AI providers may remain subject to those providers' applicable retention terms.
Right to Withdraw Consent
You may withdraw consent for:
- AI data sharing: Settings › Privacy & Legal › disable AI Data Sharing
- Individual data sources: Settings › Data Sources › disconnect any source
Withdrawal of consent does not affect the lawfulness of processing performed before withdrawal.
Right to Non-Discrimination
We will not discriminate against you for exercising any of these rights.
5. Consent
Beat Journal obtains your consent in two stages:
- Data Collection Consent (during onboarding): You consent to the collection and on-device storage of health data from your connected sources
- AI Sharing Consent (separate, when enabling AI features): You consent to selected health and journal context being routed through Beat Journal servers and, as needed, to contracted AI model providers for processing
Both consents are freely given, specific, informed, and revocable at any time.
6. Data Security
- Health data is stored locally on your device using Apple's encrypted storage
- Retrieval, search, and context assembly for AI features are designed to stay on-device before a selected evidence pack is sent for processing
- API credentials for supported third-party sources are stored in the iOS Keychain
- All data transmission uses HTTPS/TLS encryption
- In normal operations, Beat Journal does not store raw prompt or response bodies in server logs
7. Contact Us
For questions about this policy or to exercise your rights, contact us at:
Email: support@beatjournal.app