Android Privacy Policy

The data controller within the meaning of Article 4(7) GDPR responsible for the processing of your personal data is:

Given the nature and scale of our data processing, the appointment of a Data Protection Officer is not required under Article 37 GDPR. For all data protection inquiries, please contact us at the address above.

Vitalstat for Android is designed with a privacy-first approach. The majority of your health, fitness, and recovery data is processed and stored locally on your device. We do not sell, rent, or share your personal data with advertisers, data brokers, or any third parties for marketing purposes.

The app integrates with several health-data sources (Polar, Garmin, Suunto, and Android Health Connect) to retrieve your data and caches the results locally on your device. A limited amount of data is processed and stored on our backend infrastructure (Google Firebase) to deliver core functionality such as Garmin webhook ingestion, subscription management, crash reporting, and product analytics. This is described in detail in the sections below.

Vitalstat for Android does not require you to create a Vitalstat account. Authentication is handled through a combination of an anonymous device identifier, optional Google Sign-In, and per-source OAuth flows for the health providers you choose to connect.

Anonymous Firebase Authentication

On first launch, the app creates an anonymous Firebase Authentication user on your device. This generates a random, opaque user identifier (UID) that is used as the key for any backend records associated with your installation, such as Garmin data and subscription entitlements. No personal information (name, email, phone number) is collected for this anonymous account.

Optional Google Sign-In

If you choose to sign in with Google (for example, to link your subscription to your Google account), Vitalstat uses Android's Credential Manager to retrieve your display name, given name, family name, and email address from your Google account. These values are stored locally on your device in DataStore and used to display your account in the app and to bind your subscription entitlement to your Google account. Google Sign-In is optional and only required for features that require an identified account.

Health-Source OAuth

Connecting a wearable or health platform uses a per-provider OAuth flow:

• Polar — OAuth 2.0 to the Polar AccessLink API. Access tokens are stored locally in encrypted DataStore.
• Garmin — OAuth 1.0a is initiated through a companion web page on vital-stat.com; Garmin then pushes your data to our backend via webhook. Vitalstat does not store your Garmin credentials on your device.
• Suunto — OAuth 2.0 to the Suunto API. Access and refresh tokens are stored locally in encrypted DataStore and refreshed automatically.
• Health Connect — system-level permission prompts; no tokens are involved.

Under the GDPR, we process your personal data only when we have a valid legal basis. The following table outlines the legal basis for each category of processing:

Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal. See "Your Rights" below for details.

Vitalstat for Android retrieves health and fitness data from the sources you choose to connect. Data is used solely to display insights, trends, and metrics within the app. You control which sources are connected and can disconnect any of them at any time.

Polar

Connects via OAuth 2.0 to the official Polar AccessLink API. After you authorize access through Polar, the app retrieves the following data:

• Sleep data — sleep start/end times, sleep phases (light, deep, REM), sleep score, sleep quality, sleep continuity, and interruption durations
• Exercise data — exercise type, duration, calories burned, distance, heart rate (average and max), heart rate zones, training load, and steps
• Daily activity — total and active calories, steps, active time by intensity, resting heart rate, and distance
• Recovery & nightly recharge — ANS charge status and recovery metrics
• Cardio load (strain) — cardio load metrics, strain levels, cardio load ratio, and status
• Continuous heart rate — per-minute heart rate samples and average calculations
• User profile — Polar user ID, name, birthdate, gender, weight, height, and registration date
• Physical information — body measurements, max heart rate, resting heart rate, aerobic/anaerobic thresholds, and VO2 max

Polar OAuth tokens are stored locally on your device using Android's encrypted DataStore. Polar data is cached locally in an on-device Room database (SQLite).

Garmin

Connects via OAuth 1.0a through a companion web page on vital-stat.com to the Garmin Health API. Because the Garmin API delivers data via push webhooks, Garmin sends your data to our backend (Google Cloud Functions hosted in the EU) which writes the records to Firestore under your anonymous Firebase UID. The Android app reads those records from Firestore. The following data is processed:

• Sleep — sleep start/end times, sleep phases, sleep score, and HRV summaries
• Activity & exercise — daily summaries, activity sessions, intensity minutes, calories, and steps
• Heart rate & pulse-ox — epoch heart rate samples, resting heart rate, and SpO₂ readings
• Body composition — weight, body fat %, bone mass %, and water % from compatible Garmin scales
• HRV & recovery — heart-rate variability summaries and Garmin's Body Battery / recovery indicators where available

Suunto

Connects via OAuth 2.0 to the Suunto API. Access and refresh tokens are stored locally in encrypted DataStore and automatically refreshed. The app polls the Suunto API on demand and caches the results in the on-device Room database. Retrieved data includes workouts, daily activity, sleep, and heart rate metrics.

Android Health Connect

Vitalstat integrates with Android Health Connect using read-only permissions for a wide range of record types and write permissions for selected body-composition fields. Health Connect data is read on your device and never transmitted to our backend. Permissions you may grant include:

• Read — steps, distance, total calories, active calories, exercise sessions, heart rate, resting heart rate, heart rate variability, VO₂ max, sleep sessions, blood oxygen, respiratory rate, body temperature, weight, body fat percentage, lean body mass, height, basal metabolic rate, hydration, and nutrition records
• Write — weight, body fat percentage, and lean body mass (so other apps can read measurements logged in Vitalstat)
• Background & history access — required so the app can keep your dashboard up to date and read historical records when you first connect

All Health Connect data is processed exclusively on your device. You can review and revoke individual permissions at any time via Android Settings > Apps > Health Connect.

On-Device Storage (Room Database)

The following data is stored locally on your device in a Room database (SQLite) and is removed when you uninstall the app or clear app data:

• Sleep sessions, sleep metrics, and user sleep-time overrides
• Recovery, nightly recharge, and HRV-based recovery metrics
• Daily activity summaries
• Cardio load and strain history
• Exercise and training sessions, including imported workouts
• Heart rate summaries by date
• Strength-training data — gym sessions, sets, exercises, workout plans, and a local exercise database
• Nutrition data — food log entries, liquid log entries, supplements, recently-used food products, and downloaded regional food databases
• Daily habit logs and custom factors

DataStore (Local Preferences)

The following preferences are stored locally using Android DataStore. Access tokens are stored using Android's encrypted DataStore:

• OAuth access and refresh tokens for Polar and Suunto, plus Polar user ID
• Anonymous Firebase user ID and (if you signed in) Google account display name, given name, family name, and email
• Health profile values you entered or imported (date of birth, sex, weight, height, BMI, body fat percentage)
• Connection flags for Health Connect, Garmin, and Suunto
• UI and feature preferences (dark mode, daily goals, metric display order, sleep-card visibility, etc.)

Cloud Storage (Google Firebase)

A limited amount of data is stored on our backend, hosted on Google Firebase (project region: EU; Cloud Functions region: europe-west1). All access is keyed to your anonymous Firebase UID.

• Cloud Firestore — Garmin data: when you connect a Garmin account, Garmin pushes your data to our backend via webhook. Our Cloud Functions write the records to garminUserData/{firebaseUID}/ so the app can read them on any device tied to the same Firebase UID. This includes the Garmin data listed in Section 4 (sleep, activity, heart rate, HRV, pulse-ox, body composition).
• Cloud Firestore — subscription entitlements: your subscription status is stored at /users/{uid}/androidSubscription/current, written by our verifyPurchase Cloud Function after Google Play confirms a purchase. The app subscribes to this document in real time.
• Firebase Authentication: holds the anonymous user record (random UID, creation timestamp). No personal data is attached unless you sign in with Google, in which case your Google profile (name + email) is linked to the anonymous account.
• Firebase Remote Config: delivers configuration values to the app such as third-party API keys, feature flags, and the minimum supported app version. No personal or health data is sent to Remote Config.
• Firebase Cloud Storage: hosts the regional food databases that the app downloads on demand. The app downloads files; no personal data is uploaded.
• Firebase Crashlytics: see Section 6a.
• Firebase Analytics: see Section 6a.

Health data collected from Polar, Suunto, and Android Health Connect is not uploaded to our backend; it remains on your device. Garmin data is processed and stored on the backend because the Garmin Health API only delivers data via server-side webhooks.

The app interacts with the following external services. We do not use advertising SDKs, attribution SDKs, social-media SDKs, or data brokers.

• Google Firebase (Google Ireland Limited / Google LLC) — provides backend infrastructure used by the app: Authentication (anonymous + optional Google sign-in), Cloud Firestore (Garmin data, subscription entitlements), Cloud Functions (purchase verification, Garmin webhook ingestion, RTDN handling), Cloud Storage (food-database downloads), Remote Config (configuration values), Analytics and Crashlytics (see 6a).
• Polar AccessLink API (Polar Electro Oy) — retrieves your authorized fitness and health data via OAuth 2.0.
• Garmin Health API (Garmin International, Inc.) — pushes your authorized fitness and health data via webhook to our Cloud Functions after OAuth 1.0a authorization.
• Suunto API (Suunto Oy) — retrieves your authorized fitness and health data via OAuth 2.0.
• Android Health Connect (Google LLC) — on-device aggregation of health and fitness records from other apps; data does not leave your device through this integration.
• Google Play Billing & Google Play Developer API (Google LLC) — processes in-app purchases and subscriptions, and is queried server-side by our Cloud Function to verify your purchase.
• Google Sign-In via Android Credential Manager (Google LLC) — used only when you choose to sign in with your Google account.
• Food and recipe APIs — when you search for foods, your search query is sent to one or more of the following providers depending on availability and region: Edamam (Edamam LLC), USDA FoodData Central (U.S. Department of Agriculture), and Spoonacular (Spoonacular LLC). No health profile data is sent to these APIs; only the search query.

6a. Analytics & Crash Reporting

Vitalstat uses two diagnostic services from Google Firebase in release builds of the app. Both are disabled in debug builds used during development.

Firebase Analytics — used to measure a narrow set of subscription-funnel events so we can understand how the paywall and purchase flow are performing. We do not log health data, food entries, workouts, or other personal content. The following events are logged:

• paywall_viewed
• purchase_started
• purchase_completed
• purchase_failed
• purchase_cancelled
• restore_started
• restore_completed
• subscription_error

Two user properties are recorded alongside these events: health_source (which provider you use, e.g. Polar / Garmin / Suunto / Health Connect) and subscription_status (e.g. free, trial, premium). Events are keyed to a Firebase-generated app instance ID and are not joined with any advertising identifier.

Firebase Crashlytics — collects crash reports and selected non-fatal exceptions so we can fix bugs. Reports include the stack trace, device model, OS version, app version, and a small number of diagnostic keys (current app version, subscription status). No health data, food entries, workouts, or message content is included in crash reports.

We rely on these services on the basis of our legitimate interest in maintaining a stable product (Art. 6(1)(f) GDPR). You have the right to object to this processing — see your rights in Section 14.

Some of the third-party services we use are operated by companies based outside the European Economic Area (EEA), primarily in the United States. When your data is transferred outside the EEA, we ensure appropriate safeguards are in place as required by Chapter V of the GDPR:

• Firebase / Google — Cloud Firestore, Cloud Functions, and Cloud Storage are hosted in the European Union region (project region: EU; Functions region: europe-west1). Google LLC (USA) processes backend operations and is certified under the EU-US Data Privacy Framework and additionally employs Standard Contractual Clauses (SCCs) for international data transfers. Firebase Analytics and Crashlytics may process data on Google infrastructure outside the EEA under the same safeguards.
• Polar (Finland) — Polar Electro Oy is based in the EEA. Data flows to and from Polar's servers according to their own privacy policy, which you accept when authorizing the connection via OAuth.
• Garmin (USA) — Garmin International, Inc. relies on Standard Contractual Clauses (SCCs) for transfers outside the EEA. Data flows according to Garmin's own privacy policy, which you accept when authorizing the connection via OAuth.
• Suunto (Finland) — Suunto Oy is based in the EEA. Data flows according to Suunto's own privacy policy, which you accept when authorizing the connection via OAuth.
• Edamam (USA) and Spoonacular (USA) — used for optional food search; rely on Standard Contractual Clauses (SCCs). Only your search query is transmitted.
• USDA FoodData Central (USA) — a public U.S. government API used for optional food search. Only your search query is transmitted.

Vitalstat for Android requests the following Android permissions:

• Internet & Network State (INTERNET, ACCESS_NETWORK_STATE) — required to communicate with the Polar, Garmin, Suunto, and food-search APIs, and with Google Firebase services.
• Billing (com.android.vending.BILLING) — required to process subscriptions and the lifetime purchase through Google Play Billing.
• Notifications (POST_NOTIFICATIONS, Android 13+) — optional; used only if you enable in-app notifications.
• Camera (CAMERA) — optional; used only when you choose to scan a barcode while logging food. Images are processed on-device and not uploaded.
• Health Connect permissions — optional; granted individually through Health Connect's system prompts. See Section 4 for the complete list of read and write record types and background/history access.

The app does not request access to your microphone, location (GPS), contacts, SMS, or call logs.

We take reasonable measures to protect your data:

• OAuth tokens are stored locally using Android's encrypted DataStore, accessible only to the Vitalstat app.
• Health data is stored in an on-device Room database, sandboxed by Android's application security model.
• API configuration is delivered via Firebase Remote Config and is never hardcoded in publicly accessible locations.
• All network communication uses HTTPS/TLS encryption.

We recommend enabling a screen lock (PIN, pattern, fingerprint, or face unlock) on your device and keeping your Polar account credentials private.

We retain your data only for as long as necessary for the purposes described in this policy. The following table summarizes our retention periods:

You can delete all on-device data at any time by uninstalling the app or clearing app data through Android Settings > Apps > Vitalstat > Storage > Clear Data. To delete data we hold on our backend (Garmin records, subscription entitlement, anonymous authentication record), please contact support@vital-stat.com. Because backend records are keyed to your anonymous Firebase UID, please send the request from within the app (Settings > Help) so we can identify your data.

Vitalstat offers paid plans that unlock premium features and insights. Plans are sold through Google Play.

Payment is charged to your Google Play account upon purchase. Subscriptions renew automatically unless canceled at least twenty-four hours before the renewal date. You can manage or cancel your subscription at any time through Google Play Store > Subscriptions.

Vitalstat does not make automated decisions that produce legal effects or similarly significantly affect you within the meaning of Article 22 GDPR. All health metrics, scores, and trends displayed in the app are informational only and do not constitute medical advice, diagnoses, or legally binding decisions. You are always free to disregard any information presented.

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15) — request a copy of any personal data we store about you and information about how it is processed.
• Right to rectification (Art. 16) — request correction of inaccurate personal data we hold about you.
• Right to erasure ("right to be forgotten") (Art. 17) — request deletion of your personal data. You can delete on-device data by uninstalling the app or clearing app data. To delete data we hold on our backend (Garmin records in Firestore, subscription entitlement record, anonymous Firebase Authentication user), contact support@vital-stat.com.
• Right to restriction of processing (Art. 18) — request that we limit the processing of your personal data under certain circumstances.
• Right to data portability (Art. 20) — receive your personal data in a structured, commonly used, and machine-readable format, and transmit that data to another controller.
• Right to object (Art. 21) — object to processing based on our legitimate interest, including Firebase Analytics and Firebase Crashlytics. You can opt out of these services at any time by emailing us at the address above; we will record your preference and disable collection for your installation.
• Right to withdraw consent (Art. 7(3)) — withdraw any consent you have given at any time. You can revoke access for each connected source independently by disconnecting it in the app, in the provider's account settings (Polar Flow, Garmin Connect, Suunto), or — for Health Connect — in Android Settings > Apps > Health Connect.
• Revoke health source access — disconnect Polar, Garmin, Suunto, or Health Connect at any time as described above.

To exercise any of these rights, contact us at support@vital-stat.com. We will respond to your request within 30 days. There is no fee for exercising your rights.

Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement (Art. 77 GDPR). The supervisory authority responsible for our operations is:

We may update this Privacy Policy as needed. The most recent version will always be available on our website. Each update will include a clear "Last Updated" date.

For material changes that affect your rights or the scope of data processing, we will notify you via the app at least 30 days before the changes take effect.