Privacy Policy

Last updated: March 2026 — HealthSync AI, Hamilton, Ontario, Canada

1. Introduction

HealthSync AI ("we," "us," or "our") is committed to protecting your privacy and personal health information. This Privacy Policy explains how we collect, use, store, and share your data when you use the HealthSync AI mobile application and related services (the "Service").

We are headquartered in Hamilton, Ontario, Canada, and we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and all applicable Canadian privacy legislation.

2. What Data We Collect

Health Data

  • Blood glucose readings (manual entries and continuous glucose monitor imports)
  • Vital signs (heart rate, blood oxygen, blood pressure)
  • Activity data (steps, workouts, active calories)
  • Sleep data (duration, quality, stages)

Medical Records

  • Lab results (blood work, HbA1c, metabolic panels)
  • Prescriptions and medication logs
  • Uploaded medical documents (PDFs, images)

Account Information

  • Full name
  • Email address
  • Date of birth
  • Timezone and language preferences
  • Profile photo (optional)

Device Data

  • Wearable sync data (Apple Watch, Samsung Galaxy Watch)
  • Device model and operating system version
  • Push notification tokens

Usage Analytics

  • Feature usage patterns (anonymized)
  • App performance metrics
  • Crash reports

3. How We Use Your Data

  • Personalized Health Insights: We analyze your health data using AI to generate personalized wellness insights, trends, and daily summaries.
  • AI Nudge Generation: Your habits and health patterns are used to deliver timely, contextual wellness nudges and reminders.
  • Care Circle Sharing: With your explicit consent, selected health data is shared with members of your Care Circle (family, caregivers, healthcare practitioners). You control exactly what each member can see.
  • Anonymized Analytics: Aggregated, de-identified data may be used to improve our AI models and service quality. Individual users cannot be identified from this data.

4. Data Storage & Security

Your data is stored using Supabase (PostgreSQL) infrastructure. All data is:

  • Encrypted at rest using AES-256 encryption
  • Encrypted in transit using TLS 1.3
  • Hosted in Canada and the United States in SOC 2 compliant data centers

We implement industry-standard security measures including role-based access controls, audit logging, and regular security assessments to protect your personal health information.

5. Data Sharing

We share your personal data only with your explicit consent. Specifically:

  • Care Circle Members see only the data categories you have explicitly permitted for their role.
  • Healthcare Practitioners see only the data categories you have chosen to share, such as glucose trends, lab results, or daily summaries.
  • We do NOT sell your data to any third parties, ever.
  • We do NOT use your data for advertising purposes.
  • We do NOT share identifiable data with advertisers, data brokers, or marketing companies.

6. PIPEDA Compliance & Your Rights

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the following rights:

  • Explicit Consent: We collect and use your personal information only with your informed, explicit consent.
  • Right to Access: You may request a copy of all personal data we hold about you at any time.
  • Right to Correction: You may request correction of any inaccurate or incomplete personal information.
  • Right to Withdraw Consent: You may withdraw your consent for data collection and use at any time by contacting us or adjusting your settings in the app.
  • Data Portability: You may export all your health data in a portable, machine-readable format from the app settings.
  • Deletion on Request: You may request deletion of your account and all associated data. We will process deletion requests within 30 days.

7. Health Data Disclaimer

HealthSync AI is a wellness tool, NOT a medical device. All insights, nudges, and AI-generated content are advisory in nature and are not prescriptive. HealthSync AI is not a substitute for professional medical advice, diagnosis, or treatment. Always consult a qualified healthcare provider regarding any medical conditions or health concerns.

8. Cookies & Tracking

HealthSync AI uses minimal cookies and local storage:

  • Authentication tokens: Required to keep you securely logged in.
  • No tracking cookies: We do not use third-party tracking cookies, advertising pixels, or cross-site trackers.

9. Children's Privacy

HealthSync AI is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected data from a child under 13, we will promptly delete that information.

10. Data Retention

  • Active accounts: Your data is retained for as long as your account remains active.
  • Account deletion: When you delete your account, all associated personal data and health records are permanently deleted within 30 days.
  • Anonymized data: Aggregated, de-identified analytics data may be retained indefinitely as it cannot be linked back to any individual.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through in-app notifications. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related inquiries, data access requests, or concerns about your personal information, contact our Privacy Officer:

Email: privacy@healthsyncai.ca

Company: HealthSync AI

Location: Hamilton, Ontario, Canada