Privacy Policy

Last updated: February 2026

1. Introduction

This Privacy Policy explains how Stark Health (“the App”) collects, uses, stores, and protects personal data when you connect your health and fitness accounts to our platform.

By authorizing access to any third-party service (WHOOP, Withings, Hevy, or others), you consent to the data practices described in this policy.

2. Data We Access

With your explicit permission, the App may access the following data from your connected accounts, depending on the services you authorize:

WHOOP (via OAuth 2.0)

Recovery metrics (recovery score, HRV, resting heart rate, SpO2)
Sleep data (duration, stages, performance, consistency)
Strain and workout data (strain score, heart rate, calories)
Basic profile information and body measurements

Withings (via OAuth 2.0)

Weight and BMI measurements
Body composition (body fat percentage, muscle mass)
Daily activity and step count

Hevy (via API Key)

Workout history (exercises, sets, reps, weight)
Exercise templates and muscle group data
Personal records and routines

We do not access any data beyond the scopes you authorize.

3. How We Use Your Data

Your health data is used solely to:

Display and analyze your health and performance metrics on your dashboard
Calculate your Stark Health Score by cross-referencing data from multiple sources
Provide AI-powered insights and recommendations via the Stark Health assistant
Cache data locally in your Supabase database for faster dashboard loading

Your data is never sold or used for advertising purposes.

4. AI Assistant & API Keys

The AI assistant is powered by Anthropic Claude. Each user provides their own Anthropic API key
Your health data is sent to Anthropic only when you use the chat feature, as context for generating responses
API keys are stored encrypted in your Supabase database and are never shared with third parties
Anthropic’s use of data sent via their API is governed by their own privacy policy

5. Data Storage and Security

OAuth access tokens, refresh tokens, and API keys are stored securely in Supabase with Row Level Security
Each user can only access their own data — enforced at the database level
Health data is cached for up to 4 hours to reduce API calls and improve performance
Data is retained only for as long as necessary to provide the service

If you revoke access or disconnect a provider, we immediately stop collecting new data from that provider.

6. Data Sharing

We do not share your health data with third parties, except:

When required by law
When you use the AI assistant, your data is sent to Anthropic to generate responses (using your own API key)
When necessary to operate the service (e.g., Supabase for database, Vercel for hosting), under strict confidentiality obligations

7. Your Rights

You may:

Disconnect any provider at any time from Settings
Revoke WHOOP access from your WHOOP account settings
Revoke Withings access from your Withings account settings
Delete your Stark Health account and all associated data from Settings

Account deletion permanently removes all stored data including tokens, cached health data, and profile information.

8. Third-Party Services

This App integrates with:

WHOOP API — governed by WHOOP’s terms and privacy policy
Withings API — governed by Withings’ terms and privacy policy
Hevy API — governed by Hevy’s terms and privacy policy
Anthropic API — governed by Anthropic’s terms and privacy policy
Supabase — database and authentication provider

9. Open Source

Stark Health is open source. Users who self-host the application are responsible for their own data storage, security practices, and compliance with applicable regulations. The open-source codebase does not include any pre-configured credentials or user data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated “Last updated” date.

11. Contact

If you have any questions or requests regarding this Privacy Policy or your data, you can contact us at:

Email: contact@starkhealth.io