← Back

Privacy Policy

Last updated: May 21, 2026

In short

Heartrate lets you share your live heart rate, your steps and sleep, a simple daily status, and chat with people you have explicitly added as friends or invited into a shared room. We store the minimum data needed to make that work and never sell your data or use it for advertising. Your steps, sleep, and heart-rate data are only ever shared with people you have chosen, and you can delete your account and all associated data at any time by emailing samson@ss-z.com.

What we collect

  • Account identifier. An email address (via Sign in with Apple or email/password) and the user ID assigned by our authentication provider.
  • Profile. An optional display name you choose, plus an automatically generated 8-character friend code.
  • Heart rate readings. Beats-per-minute values your Apple Watch records, along with the time of measurement.
  • Steps and sleep (HealthKit). Your daily step count and time asleep. These are shown to you in the app and shared — along with a short, plain-language daily status (e.g. “Well rested”) — with the same friends and room members who can see your heart rate.
  • Friends and rooms. The users you have added as friends, any pending friend requests, and the shared rooms you create or join.
  • Messages. The content and timestamps of direct messages and in-room chat you send.
We do not collect location, contacts, photos, microphone, or any HealthKit data other than heart rate, steps, and sleep.

Health data (HealthKit)

Heart rate, steps, and sleep are health data read from Apple HealthKit with your permission. In line with Apple’s requirements: this data is never used for advertising or marketing, is never sold or shared with data brokers, and is never used for any purpose other than providing the features described here. You can revoke HealthKit access at any time in the iOS Settings app; doing so stops new data from being collected.

How we use it

  • To show your current and recent heart rate to friends and room members you have explicitly accepted or joined with.
  • To turn your steps and sleep into one friendly daily status that you and those people can see.
  • To deliver direct messages and in-room chat between you and the people you communicate with.
  • To let you find and add friends by their friend code, and create or join shared rooms.
  • To keep you signed in across sessions.
We do not use your data for advertising, profiling, or training machine learning models.

Who can see your data

  • You. Always.
  • Friends you have accepted. They can see your current heart rate, the last 24 hours of heart-rate history, your latest daily steps and sleep, your daily status, and any messages you exchange — while the friendship exists. Remove a friend and that access ends immediately.
  • Members of a room you join. While a shared room is open, everyone in it can see each other’s current heart rate, latest steps and sleep, daily status, and the room chat. Leaving or ending the room stops that access.
  • Service providers we rely on to run the app:
    • Supabase — database, authentication, realtime delivery.
    • Vercel — API hosting.
We do not sell, rent, or share your data with anyone else.

How long we keep it

  • Heart rate history: 24 hours, then automatically deleted.
  • Your most recent heart rate: kept until you delete your account or push a new value.
  • Daily steps and sleep: kept until you delete your account. Only the most recent day drives the status shown to others.
  • Messages: kept until you delete them or delete your account; a room’s chat is removed when the room is deleted.
  • Account, profile, friendships, and rooms: kept until you delete your account (or, for a room, until it is deleted).

Your rights

  • View or correct your profile from within the app.
  • Remove a friend, or leave / end a room, at any time to revoke that access.
  • Revoke HealthKit access (heart rate, steps, sleep) anytime in iOS Settings → Privacy & Security → Health.
  • Delete your account and all associated data by emailing samson@ss-z.com. We will process the request within 14 days.
  • Request a copy of the data we hold about you by emailing the same address.

Security

All traffic to our servers is encrypted in transit (HTTPS / WSS). Database access is restricted with Postgres Row Level Security: another user can only read your heart rate, steps, sleep, or daily status when you have an accepted mutual friendship with them, or you are together in an open room. Removing a friend, leaving a room, or ending a room revokes that access immediately.

Children

Heartrate is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has created an account, email us and we will remove it.

Changes to this policy

If we change this policy materially, we will update the "Last updated" date at the top and, where appropriate, notify you in the app.

Contact

Questions, data requests, or anything else: samson@ss-z.com.