Hephaestosian Legal

Privacy Policy for BodySignal

Effective Date: February 13, 2026 (Updated for App Store Compliance)

BodySignal ("the App"), provided by Hephaestosian, is a personal health tracking application. This policy explains how we collect, use, and protect your information, ensuring compliance with Apple's privacy guidelines, including Support for Sign in with Apple and HealthKit transparency.

1. Information We Collect and Process

BodySignal processes the following categories of data to provide and improve our services:

Category	Data Description	Purpose & Legal Basis
Authentication (Apple/Social)	Email address, Name, Apple ID (Sign in with Apple), Google UID	To create and manage your account securely. Sign in with Apple is supported for enhanced privacy.
Authentication (Anonymous)	Firebase Anonymous UID	To provide service functionality without requiring personal identification.
User Profile	Birth year, gender	To provide personalized health insights.
Pain & Health Records	Pain location, severity, quality, timing, notes, and timestamps	Core service functionality; stored securely in Firebase.
Apple HealthKit Data	Steps, sleep, heart rate, body measurements, etc.	Read-only access to provide integrated health metrics within the App UI. We do not sell this data.
Device & Usage Data	Advertising ID (IDFA), IP address, crash logs	Provided via Google AdMob and Firebase Analytics. IDFA is only collected with user consent (ATT).

2. Third-Party Services & User Choice

We use trusted third-party SDKs to enhance your experience. These providers collect information as governed by their own policies:

    Sign in with Apple: A privacy-focused login option that limits data collection and allows users to hide their email addresses.
Google Firebase: Used for secure data storage (Firestore), user authentication, and crash reporting (Crashlytics).
Google AdMob: Used to display advertisements. AdMob uses the device's advertising ID only if permitted by the user via the ATT prompt.
Apple HealthKit: Used to display health-related trends alongside pain records.

3. Apple HealthKit Data Privacy (Guideline 2.5.1)

Our integration with Apple HealthKit is designed with your privacy as a priority:

No Marketing: Your HealthKit data will never be used for marketing, advertising, or similar use-based data mining.
Transparency: Any feature using HealthKit data is clearly identified within the App's user interface.
Data Minimization: We only request access to health categories essential for correlating your physical activity with pain patterns.
User Control: You can revoke HealthKit access at any time through iOS Settings > Privacy > Health.

4. Data Storage, Security & Retention

Your data is encrypted during transmission and while at rest using Google Firebase infrastructure. We retain your data as long as your account is active to provide historical tracking.

5. User Rights & Data Deletion

You have full control over your personal information:

Access & Export: You can view your history within the App.
Deletion: You may delete specific records in the History tab.
Account Termination: All users can permanently delete their account and all associated data via Settings → My Information → Delete Account.

Note: Upon account deletion, all data (including records tied to anonymous IDs and Apple/Google IDs) is immediately and irreversibly destroyed from our Firebase database.

6. Medical Disclaimer

BodySignal is a tracking tool and not a medical device. It does not provide medical diagnoses or professional advice. Always seek the advice of a physician for any medical concerns.

7. Contact Us

If you have any questions regarding this Privacy Policy or your data, please contact:
retyper@naver.com