Back to Home

Consumer Health Data Privacy Policy

HiPat Health & Fitness Application

Effective Date: January 15, 2025 Last Updated: January 15, 2025

1. Introduction and Scope

This Consumer Health Data Privacy Policy ("Health Data Policy") describes how 1000944461 Ontario Ltd., operating as HiPat ("HiPat," "Company," "we," "us," or "our"), collects, uses, and shares Consumer Health Data as defined under the Washington My Health My Data Act (RCW 19.373), Nevada Senate Bill 370, and similar state consumer health privacy laws.

This Health Data Policy supplements, and should be read together with, our general Privacy Policy. In the event of any conflict between this Health Data Policy and our general Privacy Policy regarding Consumer Health Data, this Health Data Policy shall govern.

This Health Data Policy applies to consumers who are residents of Washington State, Nevada, and other jurisdictions with consumer health data privacy laws. However, we extend the rights and protections described herein to all users of the Services.

2. Definitions

2.1 Consumer Health Data. "Consumer Health Data" means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status. This includes, but is not limited to:

  • Individual health conditions, treatment, diseases, or diagnosis
  • Social, psychological, behavioral, or medical interventions
  • Health-related surgeries or procedures
  • Use or purchase of prescribed medication
  • Bodily functions, vital signs, or measurements of bodily functions
  • Diagnoses or diagnostic testing, treatment, or medication
  • Gender-affirming care information
  • Reproductive or sexual health information
  • Biometric data
  • Genetic data
  • Precise location information that could reasonably indicate a consumer's attempt to acquire or receive health services or supplies
  • Data that identifies a consumer seeking healthcare services
  • Any information derived or inferred from the above categories

2.2 For purposes of HiPat specifically, Consumer Health Data includes:

  • Weight and body measurements
  • Exercise and physical activity data
  • Nutrition and dietary information
  • Sleep patterns and quality data
  • Wellness goals and progress
  • AI-generated health recommendations
  • Integration data from health and fitness platforms

2.3 Biometric Data. "Biometric Data" means data generated from the measurement or processing of biological characteristics that can be used to identify a unique individual, including fingerprints, voiceprints, iris or retina scans, or facial geometry.

2.4 Sell. "Sell" means the exchange of Consumer Health Data for monetary or other valuable consideration.

2.5 Share. "Share" means the disclosure, release, transfer, or provision of Consumer Health Data to a third party.

3. Consumer Health Data We Collect

3.1 Categories of Consumer Health Data. We collect the following categories of Consumer Health Data:

  • Physical measurements including height, weight, body measurements, and body composition data
  • Fitness and activity data including exercise logs, workout history, steps, distance, calories burned, and physical activity patterns
  • Nutrition data including food logs, meal photos, caloric intake, macronutrient data, and dietary preferences
  • Sleep data including sleep duration, quality metrics, and sleep patterns
  • Wellness information including health goals, progress tracking, and wellness notes you provide
  • Biometric data if you choose to integrate with devices that collect such data
  • Reproductive health data if you choose to use cycle tracking features
  • Inferred health data including AI-generated insights, recommendations, and health-related predictions based on data you provide

3.2 Sources of Consumer Health Data. We collect Consumer Health Data from:

  • Information you provide directly through the Services
  • Third-party health and fitness platforms you authorize (Apple Health, Google Fit, Fitbit, etc.)
  • Automated collection through the Services
  • Inferences we make based on information you provide

4. Purpose and Use of Consumer Health Data

4.1 Purposes for Collection. We collect and use Consumer Health Data for the following specific purposes:

  • Service Delivery: To provide personalized fitness recommendations, nutrition guidance, and wellness tracking
  • AI Personalization: To power our AI coach with information necessary to provide relevant recommendations
  • Progress Tracking: To track your fitness, nutrition, and wellness progress over time
  • Third-Party Sync: To synchronize data with authorized health and fitness platforms
  • Service Improvement: To improve and develop the Services (using anonymized and aggregated data)
  • Legal Compliance: To comply with applicable laws and regulations

4.2 Limitation on Use. We will not collect, use, or share Consumer Health Data for purposes other than those disclosed in this Health Data Policy without obtaining your prior consent.

5. Sharing of Consumer Health Data

5.1 Categories of Third Parties. We may share Consumer Health Data with the following specific categories of third parties:

  • Cloud Infrastructure Providers: Amazon Web Services (AWS), Google Cloud Platform - for secure data storage and processing
  • AI/ML Service Providers: For AI model training and inference (with anonymized data)
  • Analytics Providers: For service analytics and improvement
  • Third-Party Health Platforms: Apple Health, Google Fit, Fitbit, and other platforms you authorize - for data synchronization
  • Payment Processors: Limited to transaction processing, not health data

5.2 Affiliates. We do not currently have affiliated entities with whom we share Consumer Health Data.

5.3 Consent for Sharing. We will not share your Consumer Health Data with third parties (except as required by law or as necessary for service providers performing services on our behalf) without obtaining your separate consent. Consent for the collection of Consumer Health Data does not constitute consent for sharing.

5.4 Sale of Consumer Health Data. WE DO NOT SELL CONSUMER HEALTH DATA. We have not sold Consumer Health Data in the preceding twelve (12) months and will not sell Consumer Health Data without your valid authorization as required by applicable law.

5.5 Authorization for Sale. Should we ever seek to sell Consumer Health Data, we will obtain a valid written authorization that includes:

  • The specific Consumer Health Data to be sold
  • The name and contact information of the purchaser
  • A description of the purpose for the sale
  • The date or event upon which the authorization expires
  • Your signature and date

6. Your Rights Regarding Consumer Health Data

6.1 Right to Confirm Collection. You have the right to confirm whether we are collecting or processing your Consumer Health Data.

6.2 Right to Access. You have the right to access the Consumer Health Data we have collected about you, including:

  • The categories of Consumer Health Data collected
  • The specific pieces of Consumer Health Data collected
  • The purposes for which Consumer Health Data is collected
  • The categories of third parties with whom we share Consumer Health Data
  • The specific third parties with whom we share Consumer Health Data

6.3 Right to Withdraw Consent. You have the right to withdraw your consent for the collection or sharing of Consumer Health Data at any time. You may exercise this right through the Settings > Privacy menu in the app or by contacting us at privacy@hipat.com. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

6.4 Right to Delete. You have the right to request deletion of Consumer Health Data we have collected. Upon receiving a verified deletion request, we will delete your Consumer Health Data within thirty (30) days, except where retention is permitted or required by law.

6.5 Right to Appeal. If we deny your request to exercise any of the rights described in this Section, you have the right to appeal our decision by contacting us at privacy@hipat.com within thirty (30) days. We will respond to appeals within forty-five (45) days.

6.6 How to Exercise Your Rights. To exercise any of the rights described in this Health Data Policy, please contact us at:

Email: privacy@hipat.com

Mail: Privacy Officer 1000944461 Ontario Ltd. (HiPat) 7398 Yonge Street, Suite 2073 Thornhill, Ontario, L4J8J2 Canada

We will verify your identity before processing your request. You will not be required to create an account to exercise your rights.

7. Data Security

7.1 Security Measures. We implement reasonable administrative, technical, and physical security measures to protect Consumer Health Data, including:

  • Encryption of Consumer Health Data in transit (TLS 1.2 or higher) and at rest (AES-256)
  • Access controls limiting access to Consumer Health Data to authorized personnel
  • Regular security assessments and penetration testing
  • Employee training on health data protection
  • Incident response procedures for potential data breaches

7.2 Data Minimization. We collect only the Consumer Health Data necessary for the purposes disclosed in this Health Data Policy and retain such data only as long as necessary for those purposes.

8. Geofencing Prohibition

We do not establish a geofence around any entity that provides in-person healthcare services for the purpose of:

  • Identifying or tracking consumers seeking healthcare services
  • Collecting Consumer Health Data from consumers
  • Sending notifications, messages, or advertisements to consumers related to their Consumer Health Data

9. Changes to This Health Data Policy

We may update this Health Data Policy from time to time. If we make material changes, we will provide notice through the Services or by other means at least thirty (30) days before the changes take effect. Your continued use of the Services after the effective date of changes constitutes acceptance of the updated Health Data Policy.

10. Contact Information

For questions about this Consumer Health Data Privacy Policy or to exercise your rights, please contact us at:

Email: privacy@hipat.com

Mail: Privacy Officer 1000944461 Ontario Ltd. (HiPat) 7398 Yonge Street, Suite 2073 Thornhill, Ontario, L4J8J2 Canada