HIIT Pro

HIITTracker – Privacy Policy

Effective date: September 19, 2025
Last updated: December 9, 2025

This Privacy Policy explains how HIITTracker ("the App", "we", "us") handles data. HIITTracker is a native iOS/watchOS app that connects to Apple Watch to display and record workout and heart rate information, and optionally controls Spotify playback on your iPhone. We do not operate any backend servers; data is stored on your devices and/or in Apple’s Health app when you choose.

What We Collect and Where It Lives

Health & Fitness data (on-device and Health app only)

  • Heart rate, active energy, walking/running distance read via HealthKit; workout records written to HealthKit when you save a workout.
  • Stored locally in the app’s on-device database (Core Data) for your workout history and charts; may also be saved to Apple Health if you permit.
  • Not transmitted to our servers (we have none) and not shared with third parties.

Workout metadata (on-device)

  • Interval types, start/end times, heart rate samples with timestamps, computed averages/maxima, and optional calories.
  • Stored locally on your iPhone; can be deleted in‑app (where available) or by deleting the app.

Preferences (on-device)

  • UI theme, toggle states (e.g., show controls, keep screen awake), countdown settings, Apple Watch enablement, max heart rate and alert preference.
  • Stored in UserDefaults on your device.

Connectivity state (on-device only)

  • Watch/iPhone connection status, latest heart rate value, recent workout state, and a locally generated workout identifier used to link sessions between iPhone and Apple Watch.

Spotify connection data (on-device and Spotify)

  • If you opt in, the app stores your Spotify access token securely in the iOS Keychain and interacts with Spotify’s SDK and Web API to control playback and fetch track metadata and artwork.
  • We do not receive your Spotify account details. Communication is between your device and Spotify. Track metadata (name, artist, album, artwork URL) may be fetched from Spotify when you request it.

How We Use Data

  • Provide core functionality: show live heart rate, guide intervals, compute workout metrics, and render charts.
  • HealthKit: read allowed data types to display heart rate and metrics; write workouts to Health app when you save. Your consent is required and can be changed anytime in iOS/watchOS Settings.
  • Spotify (optional): control playback and fetch track info/artwork when you connect. If you don’t connect Spotify, no Spotify data is used.

What We Don’t Do With Your Data

  • No sale of your personal data: we don’t sell your personal data or share it with data brokers.
  • No use of Health data for ads: HealthKit data is not used for advertising, marketing, or cross‑app tracking.
  • No own backend servers for Health/workout data: we don’t run our own backend servers for your Health or workout data; it stays on your devices and/or in the Health app under your control.

HealthKit Disclosure

  • The App uses HealthKit to read heart rate, active energy, and distance, and to write workouts if you allow.
  • Health data is used solely to provide health/fitness features in the App and is not used for advertising, marketing, or tracking.
  • Health data is not shared with third parties. You can control access in the Health app and iOS/watchOS Settings.

Data Collection

We collect only the data needed to operate, secure, and improve the App. Depending on your settings and location, this includes:

  • Usage data: information about how you interact with the App (for example, screens viewed, features used, button taps, session duration, and in‑app events). This is primarily collected through Google Analytics for Firebase.
  • Device and app information: device model, operating system version, app version, language, region, time zone, and basic configuration information. Google Analytics for Firebase may also collect device identifiers (such as advertising identifiers where permitted, Firebase Installation IDs, and similar identifiers) and network information such as IP address, which is used to derive approximate location and may be stored in anonymized or truncated form.
  • Diagnostics and crash data: crash logs, performance data, and error reports (for example, stack traces, feature usage leading up to a crash, and diagnostics from Google’s Firebase crash reporting tools) to help us find and fix bugs and improve stability.
  • Health and workout data: with your explicit permission, we read and write heart rate, active energy, distance, and workout records via Apple HealthKit. This data is processed locally on your devices and/or stored in the Health app and is never sold to third parties or used for advertising or cross‑app tracking.

Where required by law (for example in the EU/EEA, UK, or certain US states), we rely on your consent for analytics and tracking activities. You can change these choices at any time as described below under “Third‑Party Services” and “Tracking”.

Third‑Party Services

We rely on a small number of trusted third‑party providers to help us operate the App. These providers process data on our behalf in accordance with this Privacy Policy and their own privacy terms:

  • Google Analytics for Firebase (Google LLC): We use Firebase Analytics and related Firebase services to collect aggregated usage, diagnostics, and crash data. Firebase may receive device and app information (including device identifiers, advertising identifiers where permitted, Firebase Installation IDs, and similar identifiers), IP address (which may be used to derive approximate location and may be stored in anonymized or truncated form), and usage events generated by your interactions with the App. We use this data to understand how the App is used, measure the effectiveness of product changes and marketing, and improve performance and reliability. For more information, see Google’s Privacy Policy at https://policies.google.com/privacy and the Firebase privacy information at https://firebase.google.com/support/privacy.
  • Google User Messaging Platform (UMP): We use Google’s User Messaging Platform SDK to manage consent for analytics and advertising where required by laws such as the GDPR and ePrivacy Directive in the EU/EEA, or applicable US state privacy laws. UMP may use information such as your IP address, device information, and inferred region to determine whether a consent dialog is required and to record your consent choices. Those preferences are stored by Google and/or locally on your device and are honored by our use of Google services. You can review and change your preferences at any time from within the App’s privacy or settings screen, which will reopen the UMP consent form.
  • Apple HealthKit and Apple frameworks: Health and workout data accessed via HealthKit remains under your control in the Health app and on your devices. Apple may process this data in accordance with its own terms and privacy policy; we do not receive Health data on our own servers and we do not share it with third‑party advertisers.
  • Spotify: If you choose to connect Spotify, the App uses Spotify’s APIs to control playback and retrieve track metadata and artwork. We do not permanently store your Spotify login credentials; authentication is handled by Spotify and short‑lived access tokens are stored securely on your device for as long as needed to maintain the connection. Spotify’s handling of your data is governed by its own terms and privacy policy.

Tracking

We respect your choices about tracking and personalized advertising and follow platform and legal requirements such as Apple’s App Tracking Transparency (ATT) framework, the GDPR, and the CCPA where they apply.

  • App Tracking Transparency (ATT) and IDFA: On iOS and iPadOS devices, we may request permission to access your device’s Identifier for Advertisers (IDFA) via the AppTrackingTransparency framework. If you grant permission, we may use the IDFA together with analytics data to (a) measure the effectiveness of our marketing campaigns, (b) understand how users who discovered the App through advertising use it over time, and (c) allow our partners (such as Google services) to show you more relevant content and ads for our App across other apps and websites for personalized ads and analytics, as described in the App’s Info.plist. This constitutes “tracking” under Apple’s policies.
  • If you do not grant ATT permission: We do not access the IDFA or perform cross‑app or cross‑site tracking that requires it. We may still use non‑identifying or aggregated analytics and device information (for example, through Firebase) to maintain security, prevent fraud, and understand basic App usage, but this data is not used to personalize ads across other apps or websites.
  • Consent management via Google UMP: In regions where consent is required (for example, the EU/EEA, UK, and certain other jurisdictions), the App uses Google’s User Messaging Platform to present a consent form that allows you to choose whether we may use cookies and similar technologies for analytics and personalized advertising. Your selections are stored and applied to our use of Google services (including Firebase Analytics and advertising‑related features). You can review or change your consent choices at any time from the App’s privacy or settings screen, which will reopen the UMP consent interface.
  • “Do Not Sell or Share” / Opt‑out rights: Where applicable (for example, under the CCPA/CPRA in California), you may have the right to opt out of the “sale” or “sharing” of your personal information for cross‑context behavioral advertising. We interpret your refusal of tracking or personalized ads through the in‑App consent tools and your device‑level settings (including ATT) as an instruction to limit such activities to the extent required by law.

These tracking and consent choices are in addition to any rights you may have under applicable data‑protection laws (such as the GDPR or CCPA). You can also limit tracking by using your device’s privacy settings (for example, “Allow Apps to Request to Track” on iOS, or resetting your advertising identifier).

Data Sharing

  • Apple: Health data you choose to save is stored by Apple in the Health app under your control. WatchConnectivity syncs state between your watch and iPhone using Apple’s secure channels.
  • Spotify (optional): If connected, your device communicates with Spotify’s services to control playback and fetch metadata/artwork. Spotify’s handling of data is governed by Spotify’s policies.

Security

  • On-device storage: Workout history and preferences are stored locally in the app sandbox (Core Data/UserDefaults).
  • Credentials: Spotify access token is stored in the iOS Keychain.
  • Transport: Communications to Spotify use HTTPS. iPhone–Watch sync uses Apple’s WatchConnectivity with system-level protections.

Your Choices and Controls

  • Permissions: Grant or revoke Health permissions anytime in iOS/watchOS Settings > Privacy & Security > Health.
  • Spotify: Connect/disconnect anytime in the App’s Settings; remove the token by disconnecting.
  • Analytics consent (future): If optional analytics are introduced, you can opt in/out anytime in Settings.
  • Delete data:
    • Delete individual workouts in‑app (where provided) or remove all local data by deleting the App.
    • Delete Health data in the Health app (browse to the workout or data type and delete).
  • Opt-out: Don’t enable Spotify controls to avoid any Spotify interactions.

Data Retention

  • Local data: Retained on your device until you delete it or uninstall the App.
  • Health data: Retained in the Health app under your control.
  • Spotify token: Retained in Keychain until you disconnect Spotify or uninstall the App.

Children

The App is intended for general fitness use and is not directed to children under 13. Do not use Health features for children without appropriate permissions and supervision.

Not Medical Advice

HIITTracker is a fitness tool, not a medical device. It does not diagnose, treat, cure, or prevent any disease. Consult a healthcare professional for medical concerns.

International Users and Rights

Because we do not operate servers and data remains on your devices and/or the Health app, requests to access, port, or delete data are performed directly by you on your device (e.g., delete workouts in‑app, adjust Health permissions, or remove the App). If you need assistance, contact us.

Changes to This Policy

We may update this policy to reflect product or legal changes. We will update the “Effective date” above and, where appropriate, notify you in‑app.

Contact

For questions or requests, please reach us via the in‑app link or our support page: https://hiitpro.app/#contact