Privacy Policy for Dynaflow

1. Introduction

Welcome to Dynaflow ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

By using Dynaflow, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Email address and password (stored securely using encryption)
• Profile Information: Onboarding preferences and settings
• User-Generated Content: Workout notes, sleep notes

2.2 Health and Fitness Data

With your explicit permission, we collect:

Biometric Data:

• Heart rate and heart rate variability (HRV)
• Resting heart rate
• Active and total calories burned

Activity Data:

• Workout sessions (type, duration, exercises performed)
• Exercise details (sets, reps, weight, equipment used)
• Steps and distance traveled
• Cardiovascular and muscle strain metrics

Sleep Data:

• Sleep duration and efficiency
• Sleep stages (when available)
• Bedtime and wake time patterns
• Sleep quality scores

2.3 Calendar Data

With your permission, we access and sync:

• Google Calendar events (title, description, time, location)
• Event metadata for workout and activity tracking

2.4 Automatically Collected Data

• Usage Analytics: App performance metrics, feature usage patterns
• Device Information: Operating system version, app version
• Timestamps: Data synchronization times, calculation timestamps

3. How We Use Your Information

3.1 Provide Core Services

• Calculate personalized recovery scores based on your biometric data
• Generate cardiovascular and muscle strain analytics
• Track and analyze your sleep patterns
• Monitor workout intensity and muscle group targeting
• Provide real-time heart rate monitoring and zone tracking

3.2 Improve Your Experience

• Personalize recommendations based on your fitness patterns
• Optimize recovery suggestions based on your strain levels
• Identify gaps in health data and prompt for synchronization
• Maintain consistency in your fitness tracking

3.3 Maintain and Improve Our Services

• Ensure app functionality and fix bugs
• Develop new features based on usage patterns
• Improve algorithm accuracy for strain and recovery calculations

4. Data Storage and Security

4.1 Where We Store Data

• Your data is stored on secure servers with encryption
• Data is encrypted in transit from your device to our servers
• Health data synced from Apple Health or Google Health Connect remains on your device until explicitly synced to our servers
• Raw heart rate data is NOT stored: We only store aggregated metrics (hourly averages, min/max values, zone minutes) for trend analysis and recovery calculations. This means we don't keep second-by-second heart rate measurements, only summarized statistics per hour
• Passwords are hashed using industry-standard bcrypt encryption

4.2 Data Retention

• Active account data is retained as long as your account is active
• You may request deletion of your account and all associated data at any time
• Deleted data is permanently removed from our servers within 30 days

4.3 Security Measures

• All data transmissions use SSL/TLS encryption
• Access to user data is restricted to authorized personnel only
• Regular security audits and updates are performed
• OAuth 2.0 is used for third-party integrations (Google Calendar)

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

We never sell, rent, or trade your personal information to third parties.

5.2 Limited Sharing Scenarios

We may share your information only in these circumstances:

• With Your Consent: When you explicitly authorize sharing
• Legal Requirements: To comply with legal obligations, court orders, or government requests
• Vital Interests: To protect someone's life or prevent serious harm
• Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)

5.3 Third-Party Services

We integrate with:

• Apple Health (iOS): Read-only access to health metrics
• Google Health Connect (Android): Read-only access to health metrics
• Google Calendar: Read and write access to calendar events

These services have their own privacy policies governing their use of your data.

6. Your Rights and Controls

6.1 Access and Portability

You can:

• Access all your personal data through the app
• Export your fitness data in standard formats
• Request a copy of all data we have about you

6.2 Correction and Deletion

You can:

• Update your account information at any time
• Delete individual workouts, events, or health records
• Request complete account deletion
• Delete your account through the app. When you do, all your data will be permanently deleted.

6.3 Data Permissions

You can:

• Revoke health data access at any time through your device settings
• Disconnect Google Calendar integration
• Modify app permissions for specific data types

6.4 Communication Preferences

You can opt out of:

• Push notifications (through device settings)
• Feature update announcements
• Analytics data collection

7. Children's Privacy

Dynaflow is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete that information immediately.

8. International Data Transfers

If you access Dynaflow from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. By using our services, you consent to this transfer.

9. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information
• Right to equal service and price

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Last Updated" date
• Requiring your consent for significant changes affecting data use

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: privacy@dynaflow.io