CONSUMER HEALTH DATA NOTICE
Last updated: January 14, 2025
Your Health Data Rights
This notice supplements our Privacy Policy and specifically addresses your rights under consumer health data privacy laws, including the Washington State My Health My Data Act and Nevada's Consumer Health Data Privacy Law. We extend these protections to all users regardless of location.
1. About This Notice
Goated Coaching ("we," "us," or "our") operates the Goated mobile application and website (collectively, the "Service"). This Consumer Health Data Notice explains how we collect, use, and protect your consumer health data.
This notice is provided in compliance with:
- Washington State My Health My Data Act (effective March 31, 2024)
- Nevada Consumer Health Data Privacy Law (SB 370)
- Other applicable state health privacy laws
This notice should be read alongside our Privacy Policy, which provides comprehensive details about our data practices.
2. What Is Consumer Health Data
Under applicable laws, "consumer health data" means personal information that is linked or reasonably linkable to you and that identifies your past, present, or future physical or mental health status. This includes:
- Health conditions, diseases, or diagnoses
- Bodily functions, vital signs, and biometric data
- Nutrition and dietary information
- Exercise and fitness information
- Attempts to acquire health services or products
- Health-related inferences derived from non-health data
3. Consumer Health Data We Collect
We collect the following categories of consumer health data when you use Goated:
3.1 Data You Provide Directly
| Category | Examples |
|---|---|
| Body Measurements | Height, weight, body fat percentage, waist/hip measurements |
| Nutrition Data | Food logs, meal photos, calorie intake, macronutrients |
| Exercise Data | Workout logs, exercise types, sets, reps, weights |
| Health Goals | Weight loss/gain goals, fitness objectives, dietary preferences |
| Medical Information | Allergies, dietary restrictions, health conditions (if disclosed) |
| Blood Test Results | Cholesterol, glucose, vitamin levels, biomarkers |
| Progress Photos | Body transformation images (if uploaded) |
3.2 Data from Connected Services
With your permission, we may collect data from:
- Apple Health / HealthKit: Steps, active energy, workouts, heart rate, sleep data
- Google Fit / Health Connect: Activity data, exercise sessions, body metrics
Important: We adhere to Apple HealthKit and Health Connect permission policies. Data from these sources is used solely to provide our Service and is never shared for advertising purposes.
3.3 Inferred Health Data
We may derive health-related insights from data you provide, such as:
- TDEE (Total Daily Energy Expenditure) calculations
- BMR (Basal Metabolic Rate) estimates
- Macro and calorie recommendations
- Progress trends and projections
4. How We Use Your Health Data
We use your consumer health data for the following purposes:
- Providing the Service: To track your nutrition, workouts, and progress
- Personalization: To generate personalized meal plans, workout routines, and recommendations
- AI Features: To power natural language food logging and AI-generated plans
- Coach Communication: To share relevant data with your chosen coach (if applicable)
- Progress Tracking: To calculate your Goated Status points and display progress charts
- Service Improvement: To improve our algorithms and user experience (in aggregated, de-identified form)
We do NOT use your consumer health data for advertising, marketing to third parties, or selling to data brokers.
5. Who We Share Health Data With
We may share your consumer health data with the following categories of recipients:
| Recipient | Purpose |
|---|---|
| Your Coach | If you subscribe to coaching, your coach can view your logs and progress |
| Supabase (Database) | Secure storage of your data |
| Groq (AI Provider) | Processing natural language food/exercise logging |
| Apple / Google | Syncing data with Health apps (with your permission) |
| Payment Processors | Apple/Google for subscription management (no health data shared) |
We do NOT sell your consumer health data. We do NOT share your health data for third-party advertising.
6. Your Rights
Under applicable consumer health data privacy laws, you have the following rights:
6.1 Right to Know
You have the right to know what consumer health data we collect, how we use it, and who we share it with. This notice and our Privacy Policy provide this information.
6.2 Right to Access
You can access your consumer health data at any time through the Goated app. You may also request a portable copy of your data by contacting us.
6.3 Right to Delete
You have the right to delete your consumer health data. You can:
- Delete individual entries (food logs, workouts, etc.) within the app
- Delete your entire account and all associated data in Settings
- Request deletion by emailing contact@goatedcoaching.app
Please note: Deleting your data may affect the personalized feedback and features we can provide. Some data may be retained as required by law or for legitimate business purposes (e.g., fraud prevention).
6.4 Right to Withdraw Consent
You may withdraw your consent to the collection of consumer health data at any time. This can be done by:
- Revoking Apple Health / Health Connect permissions in your device settings
- Deleting your account
- Contacting us to request withdrawal
6.5 Right to Non-Discrimination
We will not discriminate against you for exercising any of your rights under applicable health data privacy laws.
7. How to Exercise Your Rights
To exercise your rights regarding your consumer health data:
- In-App: Use the Settings menu to access, modify, or delete your data
- Email: Contact us at contact@goatedcoaching.app
- Response Time: We will respond to verifiable requests within 45 days
We may need to verify your identity before processing your request. If we deny your request, we will explain the reason and inform you of your right to appeal.
8. Data Security
We implement robust security measures to protect your consumer health data:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Row-level security in our database
- Regular security audits and penetration testing
- Strict access controls and employee training
- Secure authentication (Sign in with Apple/Google)
9. Data Retention
We retain your consumer health data for as long as your account is active or as needed to provide you with our Service. When you delete your account:
- Your consumer health data is deleted within 30 days
- Backup copies are purged within 90 days
- Aggregated, de-identified data may be retained for analytics
10. Children's Health Data
Goated is not intended for use by individuals under 18 years of age. We do not knowingly collect consumer health data from minors. If you believe we have collected data from a minor, please contact us immediately at contact@goatedcoaching.app.
11. Changes to This Notice
We may update this Consumer Health Data Notice from time to time. We will notify you of material changes by:
- Posting the updated notice on our website
- Updating the "Last updated" date
- Sending you a notification through the app (for significant changes)
12. Contact Us
If you have questions about this Consumer Health Data Notice or wish to exercise your rights, please contact us:
Email: contact@goatedcoaching.app
Data Protection Officer: contact@goatedcoaching.app
If you are not satisfied with our response, you may have the right to file a complaint with your state attorney general or relevant supervisory authority.