Last updated: June 17, 2026
This Consumer Health Data Privacy Policy supplements our general Privacy Policy and applies specifically to "consumer health data" as defined by Washington's My Health My Data Act (MHMDA), Nevada SB 370, the Connecticut Data Privacy Act, and similar U.S. state laws. We publish it as a separate, distinct policy because MHMDA requires one. Snap My Gym is a direct-to-consumer fitness app; we are not a HIPAA covered entity or business associate, and the data covered here is data you choose to give us — not data we receive from a healthcare provider on your behalf.
We collect consumer health data only when you actively provide it (upload a document, connect a wearable, or enter a measurement), and only to deliver the feature you asked for — turning a document into a structured summary, plotting trends, or generating a fitness insight. We do not collect it passively or from third-party data brokers.
To extract structured summaries from documents you upload, compute health trends, and generate the fitness/educational insights you request. We do not use consumer health data for advertising, and we do not use it to train any AI model.
We share consumer health data only with processors that help us deliver these features, each bound by a Data Processing Agreement:
We do not sell consumer health data, and we do not share it for cross-context behavioral advertising. We will not share it with any new category of third party without first obtaining your consent.
Before any health document is sent to an AI subprocessor, we display a dedicated warning and record your versioned, timestamped consent. This consent is separate from your general acceptance of our Privacy Policy and Terms. You may withdraw consent at any time by emailing us; withdrawal stops future processing (it does not affect processing already completed).
To exercise any right, email privacy@snapmygym.com. We respond within the timeframe the applicable law requires (generally 45 days, extendable once where permitted). You may appeal a denied request by replying to our decision; if we deny the appeal you may contact your state Attorney General.
Uploaded health summaries and the AI memory derived from them are envelope-encrypted at rest with AES-256-GCM; all traffic is served over TLS 1.2+. Access is limited to the operators and processors who need it. See the Privacy Policy for our breach-notification commitments (FTC Health Breach Notification Rule, state breach laws, and GDPR where applicable).
We retain consumer health data until you delete the relevant item or your account, after which it is purged within 30 days (backups age out within 90 days). AI audit logs are retained up to 12 months. The original uploaded file is not retained by our AI providers beyond the extraction request.
We do not knowingly collect consumer health data from anyone under 16 (under 13 under COPPA). Processing the consumer health data of a known minor requires verifiable parental/guardian consent, which our consumer features do not currently support; do not upload a minor's health data.
Questions or requests regarding consumer health data: privacy@snapmygym.com.