Consumer Health Data Policy
Last Updated: April 2026 — Document pending final legal review
This document is being finalized.
Our Consumer Health Data Policy is under legal review and will be published here before the Kreev app launches in May 2026. This policy is required for Apple App Store submission and compliance with MHMDA, CCPA/CPRA, and PIPEDA.
For health data questions, contact us at privacy@kreev.app
1. Overview
This Consumer Health Data Policy describes how Kreev Informatics Inc. ("Kreev") collects, processes, shares, and protects consumer health data as defined under applicable privacy laws, including the Washington My Health MY Data Act (MHMDA), the California Consumer Privacy Act (CCPA/CPRA), and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
This policy supplements our Privacy Policy with specific information about health data rights and protections.
2. What Is Consumer Health Data
For the purposes of this policy, "consumer health data" means personal information that identifies or is reasonably linkable to a consumer and is associated with the consumer's physical or mental health, including:
- Heart rate and heart rate variability (HRV)
- Sleep patterns and duration
- Physical activity (steps, exercise)
- Respiratory rate
- VO2 Max and related fitness metrics
- Recovery and stress scores derived from the above
3. Health Data We Collect
Kreev collects the following health data from Apple HealthKit, with your explicit consent, on your device:
| Data Type | Source | Purpose |
|---|---|---|
| Resting Heart Rate | Apple Watch via HealthKit | Recovery Score computation |
| Heart Rate Variability (HRV) | Apple Watch via HealthKit | Recovery Score computation |
| Sleep Duration & Stages | Apple Watch via HealthKit | Recovery Score computation |
| Step Count | Apple Watch via HealthKit | Activity load assessment |
| Respiratory Rate | Apple Watch via HealthKit | Recovery Score computation |
| VO2 Max | Apple Watch via HealthKit | Fitness Age and aerobic tracking |
We do not collect genetic data, precise geolocation data, or any health data not listed above.
4. How We Use Health Data
We use your health data exclusively to provide the Kreev Service:
- Computing your daily Recovery Score using personal Z-score analysis
- Generating your Stress Index
- Producing AI-powered wellness narratives (anonymized metric values sent to Google Gemini — no identifiers)
- Providing trend analysis, history, and metric drill-downs
- Sending Guardian Alerts when recovery falls below your threshold
We do not use your health data for advertising, profiling, or any purpose other than providing the Service as described.
5. We Do Not Sell Health Data
Kreev does not sell, rent, lease, or otherwise transfer your consumer health data to any third party for monetary or other valuable consideration. We do not share your health data with data brokers, advertisers, or analytics companies.
6. Your Rights Regarding Health Data
You have the following rights with respect to your health data:
- Right to Access: Request a copy of the health data we hold about you
- Right to Deletion: Request permanent deletion of all your health data and account (Purge Vault)
- Right to Withdraw Consent: Withdraw consent to health data collection at any time by revoking HealthKit access in iOS Settings
- Right to Opt-Out of Automated Processing: Request that we not use automated scoring on your health data
- Right to Algorithm Explanation: Request an explanation of how your Recovery Score was computed on any given day
- Right to Non-Discrimination: We will not discriminate against you for exercising any of the rights described in this policy
7. Washington My Health MY Data Act (MHMDA)
For consumers located in Washington State, the MHMDA provides additional protections for consumer health data. In compliance with MHMDA:
- We obtain your affirmative consent before collecting consumer health data
- We do not sell consumer health data
- We do not use geofencing around healthcare facilities in connection with health data collection
- You may submit rights requests as described in Section 6 at any time
- We will respond to valid rights requests within 45 days
8. CCPA / CPRA (California)
For California residents, the CCPA and CPRA provide additional rights:
- Right to Know: You have the right to know what personal information we collect, use, disclose, and sell
- Right to Delete: You have the right to request deletion of personal information we hold about you
- Right to Opt-Out of Sale: We do not sell personal information. No opt-out is required, but you may confirm this at any time
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
- Right to Correct: You have the right to request correction of inaccurate personal information
9. PIPEDA (Canada)
For Canadian residents, Kreev complies with the Personal Information Protection and Electronic Documents Act (PIPEDA):
- We collect health data only with your knowledge and consent
- We use and disclose health data only for the purposes for which it was collected
- We retain health data only as long as necessary to provide the Service
- You have the right to access and correct your personal information
- We protect personal information using appropriate security safeguards
10. Contact & Requests
To exercise any of the rights described in this policy, or for questions about how we handle your health data:
- Email: privacy@kreev.app
- Subject line: "Health Data Rights Request"
- We will respond to all valid requests within 30–45 days
For the fastest resolution, you can also use the Purge Vault feature directly in the app (Settings → Delete Account → Purge Vault) to immediately initiate deletion of all your health data.