Privacy Policy

Privacy Policy — Hiyd

Hiyd · Legal

Privacy Policy

Effective: May 11, 2026Last updated: May 11, 2026

This Privacy Policy explains how Hiyd Incorporated ("Hiyd," "we," "us," or "our"), a company incorporated federally in Canada, collects, uses, shares, and protects information when you use the Hiyd mobile application, Hiyd wearable device, and related services (collectively, the "Service"). It applies to all users worldwide.

If you do not agree with this Policy, please do not use the Service.

1. Information We Collect

Information you provide directly

When you create an account and use the Service, you may provide:

  • Account information: name, email address, date of birth, biological sex, height, weight, and fitness goals.
  • Nutrition data: food, beverage, and supplement intake you choose to log.
  • Communications: messages you send to support@hiyd.ai, including the contents and any attachments.

Information collected from the Hiyd wearable device

The Hiyd-branded wearable collects raw analog-to-digital converter (ADC) signals from on-device sensors. These signals are processed (on-device or on our servers) to derive:

  • Sleep stages and duration
  • Heart rate (HR)
  • Heart rate variability (HRV)
  • Step counts and related activity metrics

The raw ADC data and the derived metrics are linked to your account.

Information from Apple Health

With your explicit permission, the Service reads data from Apple HealthKit (for example, steps or other metrics you have permitted). We do not write data to HealthKit unless you have authorized us to do so for a specific data type. See Section 4 for the additional terms that apply to HealthKit data.

Information collected automatically

  • Usage and product analytics: screens viewed, features used, session duration, in-app events, crash and error events, and similar diagnostics, collected through PostHog.
  • Device information: device model, operating system version, app version, language, time zone, and a device push token used to deliver notifications via Firebase Cloud Messaging.
  • IP address at the time of API requests, used for security and abuse prevention.

2. How We Collect It

  • Directly from you when you register, log nutrition, or contact support.
  • From your Hiyd wearable via a Bluetooth connection to the Hiyd app, which then transmits data to our servers.
  • From Apple Health with your explicit permission, granted through iOS system prompts that you can change at any time in iOS Settings > Privacy & Security > Health.
  • Automatically while you use the app, via the SDKs listed in Section 5.

3. How We Use Your Information

We use your information for the following purposes:

  • Provide the Service: create and maintain your account, sync your wearable, compute sleep, HR, HRV, step, and nutrition metrics, and display them in the app.
  • Personalize your experience: use your profile (age, sex, height, weight, goals) to calibrate metrics and recommendations.
  • Communicate with you: send push notifications, respond to support requests, and notify you of important Service or policy changes.
  • Improve the Service: understand how features are used, diagnose bugs, and improve product quality.
  • Train and fine-tune models: we use anonymized data (with direct identifiers removed) to fine-tune models that power Service features. We do not use Apple HealthKit data for this purpose (see Section 4).
  • Security and fraud prevention: detect, investigate, and prevent abuse, fraud, and unauthorized access.
  • Legal compliance: comply with applicable laws, regulations, and lawful requests.

Legal bases (EEA/UK users): we process your personal data on the basis of (i) performance of our contract with you, (ii) your explicit consent (which you can withdraw at any time) for health data and Apple Health integration, (iii) our legitimate interests in operating and improving the Service, and (iv) compliance with our legal obligations.

4. Apple HealthKit

Hiyd uses Apple HealthKit subject to additional terms required by Apple. We take these obligations seriously.

Specifically:

  • We do not use HealthKit data for advertising, marketing, or other use-based data mining purposes other than improving health, managing health, or for health research.
  • We do not sell HealthKit data to any third party, including advertising platforms, data brokers, or information resellers.
  • We do not disclose HealthKit data to third parties except (a) with your explicit permission, (b) to service providers acting on our behalf and bound to confidentiality, or (c) where required by law.
  • We do not use HealthKit data to train or fine-tune any models, anonymized or otherwise.
  • You can revoke HealthKit access at any time in iOS Settings > Privacy & Security > Health > Hiyd.

5. Third-Party Service Providers

We use the following third parties to operate the Service. Each is contractually required to provide protections at least equivalent to those described in this Policy, to use your data only for the purposes we direct, and to maintain appropriate security measures.

Provider Purpose Data accessed
DigitalOcean Cloud hosting and database infrastructure All account, nutrition, and wearable-derived data, in encrypted form
PostHog Product analytics and diagnostics Usage events, device metadata, anonymized user identifiers
Apple Sign in with Apple authentication; In-App Purchases Apple ID identifier, subscription/transaction status
Firebase Cloud Messaging (Google) Push notification delivery Device push token, notification payloads

We do not currently use third-party advertising networks or analytics providers beyond those listed above. If we add new service providers that materially change how your data is handled, we will update this Policy and, where required by law, obtain your consent.

6. How We Share Information

We do not sell your personal information. We share information only as follows:

  • Service providers, as described in Section 5, acting on our behalf under contractual confidentiality and security obligations.
  • Legal and safety: when required by law, subpoena, court order, or other lawful request, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Hiyd, our users, or others.
  • Corporate transactions: in connection with a merger, acquisition, financing, reorganization, or sale of assets. In such cases, we will require the recipient to honor this Policy or provide you notice and choice before your data becomes subject to a different policy.
  • With your consent: for any other purpose disclosed to you at the time we collect the information.

7. Data Retention & Deletion

We retain your personal information for as long as your account is active or as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.

Deleting your account

You can delete your account, and all associated data, directly from within the Hiyd app:

  1. Open the app and go to Settings.
  2. Select Account.
  3. Tap Delete Account and confirm.

You can also request deletion by emailing support@hiyd.ai from the email address associated with your account.

What happens after deletion

  • Your account and personal data are removed from our production systems immediately upon confirmation.
  • Residual copies may remain in encrypted backups for up to 30 days, after which they are permanently purged.
  • Anonymized data that no longer identifies you may be retained for analytics and model improvement.
  • We may retain limited information where required by law (for example, transaction records for tax purposes) or to resolve disputes.

Revoking consent

You can revoke consent at any time by deleting your account, disabling specific permissions in iOS Settings (HealthKit, notifications), or contacting support@hiyd.ai. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

8. Your Rights & Choices

Depending on where you live, you may have the following rights regarding your personal information. To exercise any of these rights, contact support@hiyd.ai. We will respond within the timeframe required by applicable law.

All users

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and data, as described in Section 7.
  • Export your data in a portable format.

European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

You also have the right to:

  • Restrict or object to processing.
  • Withdraw consent at any time, without affecting the lawfulness of prior processing.
  • Lodge a complaint with your local data protection authority. A list of EU authorities is available at edpb.europa.eu. UK users can contact the ICO at ico.org.uk.

California (CCPA / CPRA)

California residents have the right to know what personal information we collect, to delete that information, to correct inaccurate information, to opt out of "sale" or "sharing" of personal information (we do not sell or share personal information as defined by the CCPA), and to limit the use of sensitive personal information. You will not be discriminated against for exercising these rights.

Canada (PIPEDA and provincial laws)

Canadian users may access and correct personal information held by Hiyd and may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Authorized agents

Where applicable law allows, you may use an authorized agent to submit a request on your behalf. We will verify the agent's authority before responding.

9. Security

We use industry-standard administrative, technical, and physical safeguards to protect your information, including encryption in transit (TLS) and at rest, access controls, logging, and routine security reviews. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify you and applicable regulators as required by law.

10. Children's Privacy

Hiyd is intended for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us personal information, contact support@hiyd.ai.

Users between 13 and the age of digital consent in their jurisdiction (which may be up to 16 in parts of the EEA) should use the Service only with the involvement of a parent or legal guardian.

11. International Data Transfers

Hiyd is based in Canada, and our service providers (including DigitalOcean, PostHog, Apple, and Google) may process your information in the United States and other countries. These jurisdictions may have data protection laws different from your own. Where required, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) and your consent to transfer personal information internationally.

12. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you in-app, by email, or by another reasonable means before the changes take effect. The "Last updated" date at the top of this Policy indicates when it was most recently revised. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Policy or your personal information, contact us:

Hiyd Incorporated
Email: support@hiyd.ai

© 2026 Hiyd Incorporated. All rights reserved.