top of page

Privacy Policy

KYGO HEALTH PRIVACY POLICY

Effective Date: September 30, 2025, 2025 

Last Updated: December 31, 2025

 

1. Introduction

Kygo Health LLC ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with these terms, please do not use the Service.

Limited Use Compliance Statement: The use of information received from Fitbit APIs will adhere to the Fitbit User Data and Developer Policy, including the Limited Use requirements. The use of information received from Google Fit APIs will adhere to the Google Fit Developer and User Data Policy, including the Limited Use requirements.

 

2. Information We Collect

 

2.1 Personal Information

Account Information:

  • Email address and password (encrypted)

  • Name, age, weight, height (optional)

  • Dietary preferences, goals, and restrictions

Health and Fitness Data:

  • Food intake, nutritional information, and meal patterns

  • Custom meal templates and recipes
     

2.2 Wearable Device Data

With your explicit authorization, we access the following data from connected wearable devices:

Oura Ring (via Oura API):

  • Sleep metrics (duration, quality, stages, efficiency)

  • Heart rate and heart rate variability (HRV)

  • Body temperature variations and respiratory rate

  • Activity levels, readiness, and recovery scores

Fitbit (via Fitbit Web API):

  • Activity and exercise data (steps, distance, calories)

  • Sleep metrics and sleep stages

  • Heart rate, HRV, and SpO2 measurements

  • Weight and body composition data

Garmin (via Garmin Connect API):

  • Daily activity summaries and workout data

  • Sleep analysis and stress tracking

  • Heart rate, HRV, and body battery

  • Respiration and pulse ox data

Apple Health (via HealthKit):

  • Activity and workout data

  • Sleep analysis and heart rate data

  • Nutrition and body measurements

  • Mindfulness and respiratory data
     

2.3 Technical Information

  • Device information and operating system

  • App usage patterns and feature preferences

  • Crash reports and performance data

 

3. How We Use Your Information


3.1 Core Service Functionality

  • Provide personalized nutrition tracking and food logging

  • Analyze correlations between nutrition and health metrics

  • Generate health insights and evidence-based recommendations

  • Sync and display data from connected wearable devices

  • Track progress toward your health and wellness goals
     

3.2 Service Improvement

  • Enhance app features and fix bugs

  • Develop new features based on usage patterns

  • Conduct anonymized research on nutrition-health correlations


4. Data Sharing and Disclosure

We do not sell, rent, trade, lease, license, or otherwise transfer your personal information or health data to any third party, including but not limited to advertisers, data brokers, or information resellers, even if you consent to such use.
 

4.1 Service Providers

We work with the following service providers who process data solely to enable our Service:

  • Oura Health Oy: Health metrics via OAuth 2.0 authorization. We comply with the Oura API Agreement. Oura may collect usage data related to our API access.

  • Fitbit LLC / Google: Health metrics via OAuth 2.0 authorization. We comply with Fitbit Platform Terms of Service and Limited Use requirements.

  • Garmin International: Health metrics via OAuth 2.0 authorization. Data submitted through our app is submitted to Kygo Health, not Garmin. We comply with the Garmin Connect Developer Program Agreement.

  • Apple HealthKit: Local device data access with your explicit permission. We comply with Apple's HealthKit guidelines and App Store Review Guidelines.

  • USDA FoodData Central: Nutritional database queries (no personal data transmitted).

  • Firebase (Google): Secure authentication services.

  • MongoDB Atlas: Encrypted cloud database storage.
     

4.2 Prohibited Uses

We will NEVER:

  • Use health data for advertising or marketing purposes

  • Sell or transfer data to advertisers, data brokers, or resellers

  • Use data for serving personalized or interest-based advertising

  • Use data to determine creditworthiness or for lending purposes

  • Share HealthKit data with third parties without explicit consent

  • Write false or inaccurate data to HealthKit or other platforms
     

4.3 Legal Requirements

We may disclose information if required by law, subpoena, or valid legal process. Where permitted, we will notify you of such requests.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)

  • Authentication: Secure OAuth 2.0 authentication for all wearable integrations

  • Access Controls: Role-based access and regular security audits

  • Data Minimization: We only collect data necessary for Service functionality

  • Breach Notification: We will notify affected users and relevant authorities within 72 hours of discovering a data breach, and notify applicable wearable platform providers within 24 hours as required
     

6. Data Retention

  • Active Account Data: Retained while your account is active and as needed for service functionality

  • Wearable Data Cache: Cached for no longer than 60 days per Oura API requirements; refreshed data replaces cached data

  • Deleted Accounts: All personal data permanently deleted within 30 days of account deletion

  • Revoked Access: When you disconnect a wearable device or revoke authorization, we stop processing and delete that device's data promptly

  • Anonymized Analytics: May be retained for research purposes in a form that cannot identify you


7. Your Rights and Choices


7.1 Data Control Rights

  • Access: Request a copy of your personal data

  • Correction: Update or correct inaccurate information

  • Deletion: Request deletion of your account and all associated data

  • Portability: Export your data in a machine-readable format

  • Restriction: Limit how we process your data

  • Objection: Object to certain data processing activities

  • Withdraw Consent: Withdraw consent at any time without affecting lawfulness of prior processing
     

7.2 Managing Wearable Connections

You may disconnect any wearable device at any time:

  • Oura: Disconnect via App Settings or revoke at cloud.ouraring.com

  • Fitbit: Disconnect via App Settings or revoke at fitbit.com/settings/applications

  • Garmin: Disconnect via App Settings or revoke at connect.garmin.com

  • Apple Health: Manage permissions via iOS Settings > Health > Data Access & Devices
     

7.3 Contact Preferences

You may express contact preferences and opt-out of marketing communications at any time via App Settings or by contacting us.


8. Apple HealthKit Compliance

For iOS users who integrate with Apple HealthKit, we adhere to Apple's strict requirements:

  • We only access HealthKit data you explicitly authorize

  • HealthKit data is used solely for health and fitness features within the app

  • We will NEVER use HealthKit data for advertising or marketing

  • We will NEVER sell HealthKit data to third parties

  • We will NEVER share HealthKit data for advertising or data mining purposes

  • We will NEVER write false or inaccurate data to HealthKit

You may revoke HealthKit permissions at any time through iOS Settings. Revoking permissions will limit certain app features.


9. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we have collected information from your child, please contact us immediately at info@kygo.app.


10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. We implement appropriate safeguards for international transfers as required by applicable law.


11. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected, used, and shared

  • Right to delete personal information

  • Right to opt-out of sale of personal information (we do not sell your data)

  • Right to non-discrimination for exercising privacy rights

 

12. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation:

  • Legal basis for processing (consent or legitimate interest)

  • Right to lodge a complaint with supervisory authorities

  • Right to withdraw consent at any time

  • Right to object to automated decision-making


13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes through in-app notifications, email to your registered address, and by updating the "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

 

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: info@kygo.app

Address: Kygo Health LLC, New York, NY

© 2025 Kygo Health LLC. All rights reserved.

New York, NY​

ryan@kygo.app

© 2025 by KYGO Health LLC Kygo Health LLC is not intended to diagnose, treat, cure, or prevent any disease. The information provided is for educational purposes only and is not a substitute for professional medical advice. Consult your physician before making any health decisions.

bottom of page