Balnc

Privacy Policy

Your Privacy Matters

Privacy Policy

We are committed to protecting your privacy and complying with applicable data protection laws, including GDPR and UK GDPR.

Last Updated: January 6, 2026

Quick Navigation

Data CollectionSecurityYour RightsContact

1. Data We Collect

Account Information

  • Email address
  • Name (if provided)
  • Profile information you choose to share

Strava Integration Data

When you connect your Strava account, we collect:

  • Activity data (type, distance, duration, calories, elevation)
  • Activity timestamps and dates
  • Basic athlete information (athlete ID)
  • Activity statistics and performance metrics

Note: We only access data you explicitly authorize through Strava's OAuth consent screen.

Garmin Connect Integration Data

When you connect your Garmin Connect account, we collect:

  • Health metrics (steps, active calories, resting heart rate, HRV)
  • Sleep data (duration, sleep score, sleep stages)
  • Activity data (type, distance, duration, calories)
  • Device information (device model for attribution purposes)
  • Body composition data (if available from your device)

Note: We only access data you explicitly authorize through Garmin's OAuth consent screen. Data is attributed to your Garmin device as required by Garmin's API Brand Guidelines.

Apple Health Integration Data (iOS)

When you enable Apple Health access on your iOS device, we collect:

  • Activity metrics (steps, distance, flights climbed, exercise minutes)
  • Heart health data (resting heart rate, HRV, respiratory rate)
  • Sleep analysis (duration, sleep stages, time in bed)
  • Workout data (type, duration, distance, calories burned)
  • Energy data (active calories, resting calories)

Note: Apple Health data is accessed via iOS HealthKit and synced only when you explicitly grant permission through your device's privacy settings. Data remains on your device until you choose to sync it.

Google Fit Integration Data

When you connect your Google Fit account, we collect:

  • Activity data (steps, distance, calories burned)
  • Workout sessions (type, duration, distance)
  • Heart rate data (if available)
  • Sleep data (duration, sleep stages)

Note: We only access data you explicitly authorize through Google's OAuth consent screen.

Fitbit Integration Data

When you connect your Fitbit account, we collect:

  • Activity data (steps, distance, floors, active minutes)
  • Heart rate data (resting heart rate, heart rate zones)
  • Sleep data (duration, sleep stages, sleep score)
  • Exercise and workout data
  • Body composition data (if available)

Note: We only access data you explicitly authorize through Fitbit's OAuth consent screen.

WHOOP Integration Data

When you connect your WHOOP account, we collect:

  • Recovery data (recovery score, HRV, resting heart rate)
  • Strain data (daily strain, activity strain)
  • Sleep data (sleep performance, sleep stages, time in bed)
  • Workout data (activity type, strain, calories)

Note: We only access data you explicitly authorize through WHOOP's OAuth consent screen.

Samsung Health Integration Data

When you connect your Samsung Health account, we collect:

  • Activity data (steps, distance, floors, active time)
  • Heart rate data (resting heart rate, heart rate during activities)
  • Sleep data (duration, sleep stages, sleep score)
  • Exercise and workout data
  • Stress and wellness metrics (if available)

Note: We only access data you explicitly authorize through Samsung's consent process.

Usage Data

We collect information about how you interact with our App to improve our services and ensure compliance with our API agreements.

2. How We Collect Data

Direct Collection

When you create an account or update your profile

Strava API

When you authorize our App to connect via OAuth 2.0

Garmin Health API

When you authorize our App to connect via OAuth 1.0a

Automatic Collection

Usage data collected through normal App operation

3. How We Use Your Data

1

Display your activity data and statistics in the App dashboard

2

Calculate health metrics and progress tracking

3

Provide personalized insights and recommendations

4

Maintain and improve our services

5

Ensure compliance with Strava API Agreement requirements

6

Communicate with you about your account and our services

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

🔒

All data transmitted over HTTPS encrypted connections

🔐

Sensitive credentials encrypted at rest

Secure authentication using industry-standard protocols

🔍

Regular security audits and updates

🛡️

Access controls and monitoring to prevent unauthorized access

Your Strava data is stored on secure servers and is only accessible by you when you're logged into the App.

5. Data Retention

Strava Activity DataRetained for 90 days from the activity date(subject to Strava API requirements)
Garmin Health DataRetained for 90 days from the data date(subject to Garmin API requirements)
Apple Health DataRetained for 90 days from the data date
Google Fit DataRetained for 90 days from the data date
Fitbit DataRetained for 90 days from the data date
WHOOP DataRetained for 90 days from the data date
Samsung Health DataRetained for 90 days from the data date
Account DataRetained while your account is active
After Integration DisconnectionAll data from that integration is immediately deleted
After Account DeletionAll integrations automatically disconnected and all personal data permanently deleted within 30 days

6. Data Sharing and Disclosure

We do NOT:

  • Share your fitness data with other users
  • Sell, rent, or lease your personal data
  • Use your data for advertising or marketing
  • Share your data with data brokers
  • Use data for AI/ML training purposes

We may share data only:

  • With your explicit consent
  • To comply with legal obligations
  • To protect our rights and safety
  • With service providers under strict confidentiality

7. Your Rights

Under GDPR and UK GDPR, you have the following rights:

Right to Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate personal data

Right to Erasure

Request deletion of your personal data

Right to Restrict Processing

Limit how we use your data

Right to Data Portability

Receive your data in a structured format

Right to Object

Object to processing of your personal data

Right to Withdraw Consent

Withdraw consent at any time

8. How to Manage Your Data

Disconnect Strava

Go to Settings → Fitness Integrations → Strava → Disconnect

Disconnect Garmin

Go to Settings → Fitness Integrations → Garmin Connect → Disconnect

Disconnect Apple Health

Revoke permissions in iOS Settings → Privacy → Health, then disconnect in our app Settings

Disconnect Google Fit

Go to Settings → Fitness Integrations → Google Fit → Disconnect

Disconnect Fitbit

Go to Settings → Fitness Integrations → Fitbit → Disconnect

Disconnect WHOOP

Go to Settings → Fitness Integrations → WHOOP → Disconnect

Disconnect Samsung Health

Go to Settings → Fitness Integrations → Samsung Health → Disconnect

Delete Your Account

Go to Settings → Privacy & Data → Delete My Account. This will automatically disconnect all integrations, revoke all third-party access tokens, and permanently delete all your data.

Access Your Data

All your data is visible in your dashboard, activities page, and health metrics while logged in.

Update Your Data

Update your profile information in Settings at any time.

9. Third-Party Services

Our App integrates with the following third-party services:

Strava

We use the Strava API to fetch your activity data.

View Strava's Privacy Policy →

Garmin Connect

We use the Garmin Health API to fetch your health and activity data.

View Garmin's Privacy Policy →

Apple Health (HealthKit)

We use Apple HealthKit on iOS to access your health and fitness data.

View Apple's Privacy Policy →

Google Fit

We use the Google Fit API to fetch your fitness data.

View Google's Privacy Policy →

Fitbit

We use the Fitbit Web API to fetch your health and fitness data.

View Fitbit's Privacy Policy →

WHOOP

We use the WHOOP API to fetch your recovery, strain, and sleep data.

View WHOOP's Privacy Policy →

Samsung Health

We use Samsung Health to fetch your health and fitness data on Samsung devices.

View Samsung's Privacy Policy →

Supabase

We use Supabase for authentication and data storage.

View Supabase's Privacy Policy →

Note: Each third-party service's Privacy Policy controls how they handle your data. In the event of any conflict between our Privacy Policy and their Privacy Policies regarding their data, their Privacy Policies will control.

10. Children's Privacy

Our App is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please reach out through the app settings. For Strava-specific data inquiries, you may also contact Strava directly or manage your data through your Strava account settings.

13. GDPR Compliance

We are committed to compliance with the EU General Data Protection Regulation (GDPR) and UK GDPR. Our legal basis for processing your personal data is:

Consent

For all fitness integration data access and processing

📋

Contract Performance

To provide our services to you

⚖️

Legitimate Interests

To improve and maintain our services

Back to Home