Legal

Privacy Policy

Last updated: February 24, 2026

This Privacy Policy explains how Health Sync handles personal data when syncing Apple Health information between your iOS device and your OpenClaw agent setup.

1. Scope and intended use

Health Sync is provided only for personal, non-commercial use by individuals who are legal adults and at least 18 years old. Enterprise, business, employer, insurer, provider, and other organizational use is not permitted.

2. Data categories

  • Health data: Apple Health categories you explicitly authorize.
  • Encrypted payloads: Ciphertext generated on-device before upload.
  • Operational metadata: Sync timestamps, hashed security tokens, and device identifiers only.
  • Support and security data: Contact messages and security/audit logs.

3. Why we process data

  • Deliver encrypted synchronization to your configured personal agent workflow.
  • Maintain platform reliability, integrity, security, and abuse prevention.
  • Provide user support and handle legal obligations where applicable.

4. Legal bases

Where GDPR/UK GDPR applies, processing may rely on contract performance, legitimate interests, legal obligations, and where required explicit consent for health data.

5. Encryption and visibility

Health data is encrypted before upload. Relay services are designed to process encrypted payloads only The relay service cannot gain any insights on the exact payload nor what data is processed.

Relay service processing, authentication, and data storage are provided by Supabase infrastructure in the EU.

6. Sharing and disclosures

  • We do not sell personal data.
  • We may share limited data with infrastructure providers only to operate the service, including Supabase for Relay API infrastructure.
  • We may disclose data where legally required or to protect rights, safety, and security.

7. International transfers

If personal data is transferred internationally, we apply transfer safeguards required by applicable law.

8. Retention

  • Encrypted payloads are retained only for the sync operation window.
  • Operational and security logs are retained for limited periods.
  • Longer retention may apply where required by law or security needs.

9. Your rights

Depending on your location, you may have rights such as access, correction, deletion, portability, restriction, objection, and withdrawal of consent.

10. Rights requests

Submit requests to [email protected]. We may request identity verification (by private key signature) before fulfilling a request.

11. US state privacy notice

We provide rights handling in line with applicable US state privacy laws for covered users, including request and appeal handling where required.

12. Not for regulated enterprise healthcare use

Health Sync is not offered for enterprise healthcare workflows and is not offered with Business Associate Agreements (BAAs) or enterprise data processing terms.

13. Children

Health Sync is not directed to children under 18. If you are under 18, you may not use the service.

14. Security practices

  • Encryption in transit and at rest where applicable.
  • Access controls, credential rotation, and monitoring controls.
  • Incident response procedures for security events.

15. Policy updates

We may update this policy for legal, operational, or technical reasons and will update the effective date.

16. Contact and complaints

Privacy contact: [email protected]

If applicable, you may also contact your local data protection authority.