Privacy Policy

📋 Overview

Glimetry ("we", "our", or "us") is a wellness engagement platform that helps employees track gym activity and health metrics to qualify for employer HRA (Health Reimbursement Arrangement) benefits.

This Privacy Policy explains what data we collect, how we use it, and your rights. We take your health data seriously — it is never sold, never used for advertising, and never shared with third parties beyond what is required to deliver the service.

🏥 Health Data (Apple HealthKit)

With your explicit permission, the Glimetry app reads the following health metrics from Apple HealthKit:

• Step count
• Resting and active heart rate
• Sleep analysis (total sleep duration)
• Active energy burned (calories)
• Apple Exercise Time (active minutes)
• Walking + running distance

We do not use HealthKit data for advertising, marketing, or any purpose unrelated to the Glimetry benefit program. We do not share HealthKit data with third-party analytics providers, data brokers, or insurers.

📊 Data We Collect

Account data: your name, email address, and employer code provided at sign-up.

Engagement score: your daily composite score (0–100) derived from health metrics and gym check-ins. This is synced to your employer's dashboard in aggregate form to verify benefit eligibility.

Gym check-ins: timestamp, partner gym name, and your policy number when you scan a QR code at a participating gym.

Device data: platform (iOS/Android) and app version for support purposes only.

🔒 How We Use Your Data

• Calculate and display your daily wellness engagement score
• Verify gym check-ins and attribute points to your policy
• Enable your employer to confirm HRA benefit eligibility (aggregate score only)
• Send transactional emails (account setup, password reset)

We do not sell your data, use it for targeted advertising, or share it with any party outside of what is described above.

🏢 Data Shared With Your Employer

Your employer receives only the information necessary to administer your HRA benefit:

• Your policy number
• Whether you met the monthly activity threshold (yes/no)
• Aggregate activity days and score range

Your employer does not receive your raw health metrics, individual step counts, heart rate readings, or sleep data.

🛡️ Data Security

All data is encrypted in transit (TLS 1.3) and at rest. We use Supabase (hosted on AWS) for our backend, which undergoes regular security audits. Access to production databases is restricted to authorised personnel only.

Authentication tokens are stored securely in device storage and never transmitted in URLs.

⏱️ Data Retention

We retain your data for as long as your account is active. Daily health records are stored for up to 90 days locally on your device and up to 12 months on our servers for benefit verification purposes.

You can delete your account and all associated data at any time by contacting us at the address below.

✅ Your Rights

You have the right to:

• Access — request a copy of all data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and data
• Portability — export your activity data in CSV format (available in the app under Settings)
• Revoke HealthKit access — at any time via iOS Settings → Privacy & Security → Health

🍪 Cookies & Analytics

Our marketing website (glimetry.com) uses only essential cookies required for navigation. We do not use third-party advertising cookies or cross-site tracking. The mobile app does not use cookies.

👶 Children's Privacy

Glimetry is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately.

🔄 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by updating the "Last updated" date above. Continued use of the app after changes constitutes acceptance of the updated policy.