Health Sync Privacy Policy
How your data is used
Health Sync is a service application designed to facilitate the synchronization of your health and fitness data across various health and fitness apps and platforms. The synchronization process exclusively involves the data of apps for which you grant Health Sync access permissions (read or write). Importantly, Health Sync does not collect your data within the Health Sync application or on cloud servers. Instead, your data remains securely stored within the specific apps you’ve designated and permitted for synchronization.
Health Sync only processes your data for the health data synchronization that you configured in the Health Sync app.
Health Sync is committed to safeguarding your privacy. We want to make it clear that Health Sync does not collect your personal health data, and it does not share your health data with any third parties other than the specific health apps and platforms you have selected to synchronize your data with through Health Sync. Your data remains secure and private, only accessible within the apps you’ve chosen for synchronization.
The health and fitness data synchronized by Health Sync is intended for informational and wellness purposes only. This data does not constitute medical data and should not be used for medical diagnosis, advice, or treatment.
Data processing
Health Sync does not store your health data on a server, nor does it retain your health data on your device after the synchronization process is complete. The synchronization process is handled entirely locally on your device, utilizing a background service process to directly transfer data between your chosen platforms.
To ensure the maximum protection of your sensitive health data, Health Sync implements the following security mechanisms:
-
Secure Authorization: Health Sync only connects to external platforms using secure, industry-standard authorization protocols (such as OAuth 1.0 and OAuth 2.0) or secure, native app-to-app connections on your device. We never see, process, or store your third-party account passwords.
-
Encryption in Transit: All data transfers between Health Sync and your connected third-party platforms (including Google APIs) are strictly encrypted in transit using industry-standard HTTPS/TLS protocols.
-
Encryption at Rest: Authentication tokens used to maintain these secure connections are encrypted at rest within the app’s secure local storage.
Temporary Data Storage In specific cases—such as syncing location-based workouts to Apple Health while the phone is locked—Health Sync may temporarily hold data in the app’s secure local storage. This temporary data is strictly protected using encryption at rest via the operating system’s native secure storage mechanisms. Once the sync is complete, this data is immediately deleted.
Diagnostic Sync Logs Health Sync maintains a local sync log to monitor background operations, retaining only the last two days of activity before automatic deletion. These logs are stored using secure encryption at rest within the app’s isolated storage space and cannot be read by other apps.
The log data contains diagnostic metadata about the synchronization process (such as timestamps, data types, and sync status) to help troubleshoot issues. It does not contain your account credentials, identifying user profiles, or location (GPS) data.
Data deletion
Health Sync does not collect your health and fitness data, so the concept of deleting your health and fitness data is not applicable.
Authorization access for the apps you’ve linked with Health Sync is immediately removed when you disconnect them within the Health Sync application. This can be done by removing the connected app from the synchronization configuration or by selecting the ‘Deauthorize’ button within the connected app’s page in the Health Sync application. Once the authorization access is deleted, Health Sync will no longer have the ability to access the previously connected app until you reauthorize Health Sync to connect with that app again.
Cloud servers used for the synchronization
For some connected apps, a secure cloud server from appyhapps.nl is used for the synchronization logistics: the server receives messages when new data is available from the connected app (for example Garmin Connect or Strava). The server will inform Health Sync on your phone that new data is available and Health Sync will retrieve and process the data on the phone.
Our secure server stores the necessary authorization tokens (such as OAuth refresh tokens) for third-party connections. To prevent any misuse, these tokens are strictly protected using server-side encryption at rest and are utilized exclusively for maintaining the secure connections with the linked apps. When you deauthorize a connection in the app, or when the connection becomes inactive (for example, when you uninstall the app), the authorization tokens are deleted.
Our cloud server operates strictly as a logistical messenger and, in certain cases, as a secure pass-through proxy to facilitate data retrieval from specific third-party platforms. When acting as a proxy, your health and fitness data is routed securely through our server via encrypted connections, but it is never stored, cached, logged, or analyzed by our systems. The actual processing and integration of your health data are executed entirely and securely on your local device.
Physical activity permission
On Android, Health Sync could require the ‘physical activity’ app permission. This permission is required when syncing steps and/or activity data with Google Fit. Google Fit only allows to read or write steps and activity data when this permission has been given. Health Sync doesn’t use this permission for tracking activity or steps data itself.
Required app permissions
For health and fitness apps involved in the sync, you must authorize Health Sync. Health Sync requires permissions for each app to read and write the data. Health Sync always requests only the permissions necessary for synchronization. It depends on the connected app whether different permissions can be requested or whether no distinction is made between different permissions.
For some apps we need to provide additional information about the rights and authorizations:
Google Fit permissions (Android only): Health Sync needs permission to access the Google Fit data when you sync with Google Fit. Health Sync only asks for the permissions it really needs. Without these permissions, the data can’t be synced. Read permissions are required for reading data from Google Fit. Write permissions are required for writing data to Google Fit. When you sync to Google Fit, Health Sync will ask some read permissions also. The read permissions are needed when writing data to Google Fit, because Health Sync will check if there is other data in Google Fit that could cause sync conflicts.
Access to your Google profile is required to show the Google account that is used for Google Fit in the Google Fit Authorization page in Health Sync. Only the account name is stored. Other profile information is not used or stored. Your Google account name is stored in the private storage space of the app and not on an external server.
The use of information received from Google Fit will adhere to the Google Fit Developer and User Data Policy, including the Limited Use requirements.
Google Health (Fitbit) permissions: To sync your information, Health Sync requires permission to access your Google Health (Fitbit) data.
– Read Permissions: Required to sync data from Google Health. This permission is also used for some sync configurations during write operations to ensure existing data is updated correctly.
– Write Permissions: Required to sync data to Google Health.
Without these permissions, Health Sync cannot synchronize your data.
The use of information received from Google Health API and/or Developer Tools will adhere to the Google Health API Developer and User Data Policy, including the Limited Use requirements.
Health Connect permissions (Android only): Health Sync needs permission to read or write data to Health Connect on your phone, when you want to sync health or fitness data with Health Connect. Health Sync only asks for the permissions it really needs based on the data that you want to sync.
The use of information received from Health Connect will adhere to the Health Connect Permissions Policy, including the Limited Use requirements.
HUAWEI Health permissions: To synchronize your data from or to HUAWEI Health, Health Sync requires your explicit permission to access HUAWEI Health. The app only requests the specific permissions necessary for your active sync configurations. Without these permissions, data synchronization cannot function.
Data Read from HUAWEI Health
Depending on your configurations in the main screen of Health Sync, the app can read the following data types from HUAWEI Health:
- Activity & Fitness: Step count, distance, calories burned, and activity data (including detailed sample data and location data).
- Sleep: Sleep stages and duration.
- Vitals & Health Metrics: Heart rate, blood pressure, blood glucose, oxygen saturation, and temperature data.
- Body Metrics: Weight and height.
- Nutrition: Nutrition.
- Historical Data: Health Sync can also read historical data from the one-year period prior to the day you authorized the app.
Data Written to HUAWEI Health
If you configure Health Sync to sync data to HUAWEI Health, the app can write the following data types:
- Activity: Activity data (including detailed sample data and location data).
- Sleep: Sleep duration and sleep stages data.
- Body Metrics: Weight and height.
- Vitals: Blood pressure and blood glucose.
We request your country of residence because the HUAWEI Health integration is not supported in all regions. This country information is stored securely within your private Health Sync data and is never shared with third parties.
Authorization
Health Sync does not receive the account password of the accounts you use for any of the linked health and fitness apps. Health Sync uses the secure mechanisms of the fitness apps and platforms to get authorization for the connection. When you need to give your account credentials, you only do this on a secure site of the fitness app/platform. Health Sync does not have access to these authorization pages. This safe authorization mechanism is known as OAuth 1 or OAuth 2.
Payment
Health Sync only uses information from your account for the synchronization of the health data. When you purchase Health Sync unlimited usage or subscribe to Health Sync, the financial operation is handled by the app store payment service (Google Play, Huawei AppGallery, Apple App Store). Health Sync does not receive information from Google, Huawei or Apple about your bank account, credit card, or other payment method you may use.
Log data protection
When you choose the ‘Report another problem’ option in the Help Center, Health Sync securely transmits your recent diagnostic log data and the email address you provide to our secure servers (hosted on Google Cloud).
Your email address and log data are used strictly for troubleshooting and support purposes. This information is transmitted via a secure, encrypted connection and can only be accessed by authorized Health Sync personnel. We will never share, sell, or publish your email address or diagnostic logs outside of our secure systems.
Once your support request has been analyzed and resolved, the associated log data is permanently deleted from our servers within one week.
Anonymous crash and log data
When you download Health Sync through the Google Play Store, anonymous crash data will be sent to a Google server when a crash occurs. Only appyhapps.nl has access to this anonymous usage and crash data. This data doesn’t contain any information about personal data or about the synced data.
Contact and Ownership
If you have questions about the Health Sync privacy policy, you can use the contact page on this site or you can send an email to info@appyhapps.nl
Health Sync is a product developed, owned, and maintained by appyhapps.nl.
This privacy policy was last updated on June 14, 2026.