← Back

Privacy Policy

Last updated: May 12, 2026

In short

Heartrate is a small app for sharing your live heart rate with a friend you have explicitly added. We store the minimum data needed to make that work, we do not sell or advertise on it, and you can delete your account and all associated data at any time by emailing samson@ss-z.com.

What we collect

  • Account identifier. An email address (via Sign in with Apple or email/password) and the user ID assigned by our authentication provider.
  • Profile. An optional display name you choose, plus an automatically generated 8-character friend code.
  • Heart rate readings. Beats-per-minute values your Apple Watch records, along with the time of measurement.
  • Friend relationships. The list of users you have added as friends and any pending friend requests between you and other users.
We do not collect location, contacts, photos, microphone, or any other HealthKit data beyond heart rate.

How we use it

  • To show your current and recent heart rate to friends you have explicitly accepted.
  • To let you find and add friends by their friend code.
  • To keep you signed in across sessions.
We do not use your data for advertising, profiling, or training machine learning models.

Who can see your data

  • You. Always.
  • Friends you have accepted. They can see your current heart rate and the last 24 hours of history while the friendship exists. Remove a friend and that access ends immediately.
  • Service providers we rely on to run the app:
    • Supabase — database, authentication, realtime delivery.
    • Vercel — API hosting.
We do not sell, rent, or share your data with anyone else.

How long we keep it

  • Heart rate history: 24 hours, then automatically deleted.
  • Your most recent heart rate: kept until you delete your account or push a new value.
  • Account, profile, and friendships: kept until you delete your account.

Your rights

  • View or correct your profile from within the app.
  • Remove a friend at any time to revoke their access.
  • Delete your account and all associated data by emailing samson@ss-z.com. We will process the request within 14 days.
  • Request a copy of the data we hold about you by emailing the same address.

Security

All traffic to our servers is encrypted in transit (HTTPS / WSS). Database access is restricted with Postgres Row Level Security, so a user can only read another user's heart rate when they have an accepted mutual friendship recorded in our database.

Children

Heartrate is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has created an account, email us and we will remove it.

Changes to this policy

If we change this policy materially, we will update the "Last updated" date at the top and, where appropriate, notify you in the app.

Contact

Questions, data requests, or anything else: samson@ss-z.com.