1. Our Commitment to Your Privacy
Rest Coach is built on a privacy-first principle. Your health data — sleep duration, heart rate variability, recovery scores, and any other health metrics — never leaves your device. We do not collect, transmit, store, or have access to your health data on our servers. Period.
2. Data We Collect
We collect only the minimum data necessary to provide the service:
- Account information: Email address and password (hashed). Used for authentication only.
- Session history: Coaching session transcripts and summaries. Stored on our backend to sync across your devices and maintain conversation continuity.
- Usage data: Aggregate, anonymized metrics such as session count and duration. No personally identifiable information is included.
3. Data We Do NOT Collect
- Health data from Health Connect, Apple Health, Whoop, or Oura
- Sleep duration, quality scores, or sleep stages
- Heart rate, HRV, or recovery metrics
- Wearable device data of any kind
- Audio recordings from coaching sessions
- Location data
All health data is read locally on your device, used in real-time to personalize your coaching session, and then discarded. It is never sent to our servers.
4. How Your Data Is Used
- Email: Account verification and password recovery only. We will never sell or share your email.
- Session transcripts: Stored to provide conversation continuity across sessions and to generate session summaries. You can export or delete your session data at any time from within the app.
- Usage metrics: Used to improve the service. All usage data is aggregated and anonymized.
5. Third-Party Services
Rest Coach integrates with the following third-party services:
- Google Gemini AI:Powers the voice coaching conversations. Audio is streamed directly from your device to Google's API and is not stored by us. Google's privacy policy applies to their processing.
- Health Connect / Apple HealthKit:Reads sleep and HRV data locally on your device. No data is transmitted to our servers.
- Whoop / Oura Ring: If you choose to connect, OAuth tokens are stored on your device. Health data is fetched directly to your device and never relayed through our servers.
6. Data Storage & Security
Account and session data is stored in encrypted form on our backend servers. We use industry-standard security practices including HTTPS for all connections, hashed passwords (bcrypt), and JWT-based authentication. Health data stored on your device is protected by your device's built-in security features.
7. Data Retention & Deletion
You retain full control over your data. You can:
- Export:Download all your session data as JSON from the app's Settings screen.
- Delete account:Permanently delete your account and all associated data from Settings > Account > Delete Account. This action is irreversible.
- Disconnect wearables:Revoke OAuth access at any time from Settings. Stored tokens are deleted from your device.
8. Children's Privacy
Rest Coach is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Object to or restrict processing of your data
- Data portability (export your data)
To exercise any of these rights, contact us at privacy@restcoach.ai.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a new "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.