SnapMyGym Back to app →

Consumer Health Data Privacy Policy

Last updated: June 17, 2026

This Consumer Health Data Privacy Policy supplements our general Privacy Policy and applies specifically to "consumer health data" as defined by Washington's My Health My Data Act (MHMDA), Nevada SB 370, the Connecticut Data Privacy Act, and similar U.S. state laws. We publish it as a separate, distinct policy because MHMDA requires one. Snap My Gym is a direct-to-consumer fitness app; we are not a HIPAA covered entity or business associate, and the data covered here is data you choose to give us — not data we receive from a healthcare provider on your behalf.

1. What consumer health data we collect

  • Health documents you upload — medical records, lab / blood-work results, and visit notes, which can contain diagnoses, medications, vitals, and biomarker values.
  • Health summaries we derive — the structured summary and trend metrics extracted from those documents.
  • Biometric & wearable data — sleep, HRV, resting heart rate, recovery / readiness, strain, steps, active calories, and workout summaries from Apple Health or a wearable you connect.
  • Body-composition data — measurements you enter or upload.

2. How and why we collect it

We collect consumer health data only when you actively provide it (upload a document, connect a wearable, or enter a measurement), and only to deliver the feature you asked for — turning a document into a structured summary, plotting trends, or generating a fitness insight. We do not collect it passively or from third-party data brokers.

3. How we use it

To extract structured summaries from documents you upload, compute health trends, and generate the fitness/educational insights you request. We do not use consumer health data for advertising, and we do not use it to train any AI model.

4. Who we share it with

We share consumer health data only with processors that help us deliver these features, each bound by a Data Processing Agreement:

  • Anthropic — one-time AI text extraction from your uploaded health documents, on a no-training / zero-retention posture, and only after you give separate, explicit consent. Uploaded health documents are sent to Anthropic only, never to OpenAI. (OpenAI is used only for non-health AI features elsewhere in the app.)
  • Google Cloud Storage and our hosting / database provider — encrypted storage of uploaded files and derived summaries.

We do not sell consumer health data, and we do not share it for cross-context behavioral advertising. We will not share it with any new category of third party without first obtaining your consent.

5. Consent

Before any health document is sent to an AI subprocessor, we display a dedicated warning and record your versioned, timestamped consent. This consent is separate from your general acceptance of our Privacy Policy and Terms. You may withdraw consent at any time by emailing us; withdrawal stops future processing (it does not affect processing already completed).

6. Your rights

  • Right to access the consumer health data we hold about you.
  • Right to delete it. We honor deletion requests and instruct our processors to delete it as well.
  • Right to withdraw consent to collection and sharing at any time.
  • Right to a list of the third parties and affiliates with whom we have shared your consumer health data.
  • Right to non-discrimination for exercising any of these rights.

To exercise any right, email privacy@snapmygym.com. We respond within the timeframe the applicable law requires (generally 45 days, extendable once where permitted). You may appeal a denied request by replying to our decision; if we deny the appeal you may contact your state Attorney General.

7. How we protect it

Uploaded health summaries and the AI memory derived from them are envelope-encrypted at rest with AES-256-GCM; all traffic is served over TLS 1.2+. Access is limited to the operators and processors who need it. See the Privacy Policy for our breach-notification commitments (FTC Health Breach Notification Rule, state breach laws, and GDPR where applicable).

8. Retention

We retain consumer health data until you delete the relevant item or your account, after which it is purged within 30 days (backups age out within 90 days). AI audit logs are retained up to 12 months. The original uploaded file is not retained by our AI providers beyond the extraction request.

9. Children

We do not knowingly collect consumer health data from anyone under 16 (under 13 under COPPA). Processing the consumer health data of a known minor requires verifiable parental/guardian consent, which our consumer features do not currently support; do not upload a minor's health data.

10. Contact

Questions or requests regarding consumer health data: privacy@snapmygym.com.

Snap My Gym Privacy Consumer Health Data Terms © 2026 Snap My Gym