PRIVACY POLICY

Last Updated: February 16, 2025

Beta Notice

This Privacy Policy applies to a beta version of the Splyts service. Our data practices may evolve as we improve the service. By using the beta, you acknowledge that this policy may be updated.

1. INTRODUCTION

Splyts ("we", "us", "our", or "Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fitness and health tracking application.

By using Splyts, you agree to the collection and use of information in accordance with this Privacy Policy.

2. INFORMATION WE COLLECT

2.1 Account Information

  • Email address

  • Username

  • Display name

  • Password (securely hashed)

  • Account creation date and status

2.1.1 Local Credential Storage (Web Application)

For user convenience, the web application may store the following information locally on your device:

  • Last Used Email Address: Your most recently used email address is stored locally in your browser's local storage to pre-fill the login form. This information is stored in plain text and never transmitted to our servers.

  • Remembered Password (Optional): If you choose to enable the "Remember Password" feature, your password is encrypted using AES-256-GCM encryption before being stored locally on your device. The encryption key is device-specific and stored separately. This encrypted password data never leaves your device and is not transmitted to our servers. You can disable this feature at any time through the login interface, and all stored credentials will be cleared immediately.

  • Important: Local credential storage is entirely optional and requires your explicit consent (via the "Remember Password" checkbox). You can clear all stored credentials at any time by clearing your browser's local storage or disabling the feature.

2.2 Health and Fitness Data

We collect the following health and fitness information, primarily from Apple HealthKit and connected devices:

Sleep Data:

  • Bedtime and wake time

  • Time in bed and total sleep duration

  • Sleep stages (awake, REM, core, deep sleep)

  • Heart Rate Data:

    • Resting heart rate

    • Heart rate variability (HRV) measurements

    • Walking heart rate average

    • Heart rate during workouts

  • Respiratory and Vital Signs:

    • Respiratory rate

    • Blood oxygen saturation (SpO2)

    • Body temperature and wrist temperature

  • Fitness Metrics:

    • VO2 max estimates

    • Active energy (calories burned)

    • Basal energy (resting calories)

  • Workout Data:

    • GPS location and route data

    • Workout duration and timestamps

    • Activity types and changes

    • Speed, pace, and cadence

    • Sensor data from connected devices (Polar, Stryd, etc.)

2.3 Device and Technical Information

  • Device type and model

  • Operating system version

  • App version

  • IP address

  • Browser type and version (for web app)

  • Unique device identifiers

2.4 Usage Information

  • Features used and frequency of use

  • Session data and timestamps

  • Error logs and crash reports

  • Performance metrics

2.5 Social Data

  • Friend connections

  • Shared workout data (if you choose to share)

2.6 AI Chat Data

  • Chat messages and interactions with our AI fitness coach

  • Queries and responses for service improvement

2.7 Payment Information

  • Payment method details (processed by third-party payment processors)

  • Transaction history

  • Billing address (if applicable)

Note: We do not store full payment card numbers. Payment processing is handled by secure third-party processors (Stripe, Apple, Google).

3. HOW WE COLLECT INFORMATION

3.1 Information You Provide

  • Account registration

  • Profile information

  • Manual data entry

  • Communications with us

3.2 Information from Connected Devices

  • Apple HealthKit (with your explicit permission)

  • Fitness sensors and wearables (Polar, Stryd, etc.)

  • Apple Watch and iOS devices

3.3 Information Collected Automatically

  • Usage analytics

  • Error logs

  • Device information

  • Cookies and similar technologies (web app)

3.4 Information from Third Parties

  • Strava (if you connect your account)

  • Other integrated fitness services (with your permission)

4. HOW WE USE YOUR INFORMATION

We use the information we collect to:

4.1 Provide and Improve the Service

  • Process and display your health and fitness data

  • Generate insights and analytics

  • Provide AI-powered coaching and recommendations

  • Enable social features (friends, sharing)

  • Develop and improve features

4.2 Account Management

  • Create and manage your account

  • Authenticate your identity

  • Process payments and subscriptions

  • Send account-related communications

4.3 Personalization

  • Customize your experience

  • Provide personalized fitness recommendations

  • Tailor AI coaching responses

4.4 Communication

  • Send service updates and notifications

  • Respond to your inquiries

  • Send marketing communications (with your consent)

  • Notify you of account approval or status changes

4.5 Legal and Safety

  • Comply with legal obligations

  • Enforce our Terms of Service

  • Protect our rights and prevent fraud

  • Ensure service security

4.6 Analytics and Research

  • Analyze usage patterns (aggregated and anonymized)

  • Improve service performance

  • Conduct research (with anonymized data only)

5. HEALTHKIT DATA SPECIFICALLY

5.1 HealthKit Permissions

We request access to specific HealthKit data types with your explicit permission. You can revoke these permissions at any time through your device settings.

5.2 HealthKit Data Usage

  • We READ daily health data from HealthKit (sleep, HRV, resting heart rate, etc.)

  • We WRITE workout data to HealthKit (completed workouts, heart rate, distance, routes, and active energy) so you can view your progress in the Health app

  • HealthKit data is used solely to provide the Service

  • We do not sell HealthKit data to third parties

  • HealthKit data stored in our servers is encrypted at rest

5.3 HealthKit Data Sharing

HealthKit data is not shared with third parties except:

  • As required by law

  • With your explicit consent

  • As necessary to provide the Service (e.g., cloud storage)

6. DATA SHARING AND DISCLOSURE

We do not sell your personal information. We may share your information in the following circumstances:

6.1 Service Providers

We share information with trusted third-party service providers who assist us in:

  • Cloud storage and hosting (Supabase)

  • Payment processing (Stripe, Apple, Google)

  • Analytics and monitoring

  • Customer support

These service providers are contractually obligated to protect your information and use it only for specified purposes.

6.2 Third-Party Integrations

If you choose to connect third-party services (e.g., Strava), we may share relevant data as necessary to provide the integration. Your use of third-party services is subject to their privacy policies.

6.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

  • Comply with legal obligations

  • Protect our rights or property

  • Prevent fraud or security threats

  • Protect the safety of users or others

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6.5 With Your Consent

We may share your information with your explicit consent or at your direction.

7. DATA SECURITY

7.1 Security Measures

We implement industry-standard security measures to protect your information:

  • Encryption in transit (HTTPS/TLS)

  • Encryption at rest for sensitive data

  • Secure authentication and access controls

  • Regular security audits and updates

  • Limited access to personal data (only authorized personnel)

  • Local credential encryption: Passwords stored locally on your device (if you choose to enable "Remember Password") are encrypted using AES-256-GCM encryption with device-specific keys

7.2 Data Storage

Your data is stored on secure servers located in the United States:

  • Primary Database & Storage: East Coast (Virginia)

  • Web Application & Cache: East Coast (Washington, D.C.)

  • Data Processing: Central (Iowa)

7.3 No Guarantee

While we implement security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

8. DATA RETENTION

8.1 Retention Period

We retain your information for as long as:

  • Your account is active

  • Necessary to provide the Service

  • Required by law or legal obligations

  • Necessary for legitimate business purposes

8.2 Deletion

You may delete your account and request deletion of your data at any time through account settings. Deletion may take up to 30 days to complete. Some information may be retained as required by law or for legitimate business purposes (e.g., transaction records).

9. YOUR RIGHTS AND CHOICES

9.1 Access and Correction

You can access and update your account information through account settings. You can also request a copy of your data.

9.2 Deletion

You can delete your account and associated data at any time through account settings.

9.3 HealthKit Permissions

You can revoke HealthKit permissions at any time through your device settings. Revoking permissions may limit Service functionality.

9.4 Marketing Communications

You can opt out of marketing emails by:

  • -Clicking "unsubscribe" in marketing emails

  • Updating your preferences in account settings

9.5 Cookies and Local Storage

You can control cookies through your browser settings. The web application also uses browser local storage to remember your last-used email address and, if you choose, your encrypted password for convenience. You can clear this data at any time by:

  • Disabling the "Remember Password" feature in the login interface

  • Clearing your browser's local storage through your browser settings

Note that disabling cookies or clearing local storage may affect Service functionality, including the convenience features mentioned above.

9.6 California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information is collected

  • Know if your information is sold or disclosed

  • Opt out of the sale of personal information (we do not sell your information)

  • Access and delete your personal information

  • Non-discrimination for exercising your rights

9.7 European Privacy Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Erase your data ("right to be forgotten")

  • Restrict processing

  • Data portability

  • Object to processing

  • Withdraw consent

9.8 Canadian Privacy Rights (PIPEDA)

If you are a Canadian resident, you have the right to:

  • Access your personal information

  • Request correction of inaccurate information

  • File a complaint with the Privacy Commissioner of Canada

  • Withdraw consent (subject to legal and contractual restrictions)

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

To exercise these rights, contact us at info@splyts.com

10. CHILDREN'S PRIVACY

Splyts is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately.

11. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to these countries.

We ensure appropriate safeguards are in place for international data transfers, including:

  • Standard contractual clauses

  • Adequacy decisions

  • Other legal mechanisms as required

12. THIRD-PARTY SERVICES

12.1 Links to Other Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

12.2 Integrated Services

When you connect third-party services (e.g., Strava), your use of those services is subject to their privacy policies and terms of service.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. Material changes will be notified to you via:

  • Email notification

  • In-app notification

  • Prominent notice on our website

The "Last Updated" date at the top indicates when changes were made. Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

  • Email: info@splyts.com

  • Website: www.splyts.com

  • Address:
    Splyts Inc. 
    1800 Argyle Street, Unit 801
    Halifax, NS
    Canada B3J 3N8

For privacy-related requests, please include "Privacy Request" in the subject line.

By using Splyts, you acknowledge that you have read and understood this Privacy Policy.