Your HealthKit Data: A Complete Privacy Guide for Fitness Apps

You just downloaded a new fitness app. It asks for access to your step count, your sleep data, your calories burned. Your thumb hovers over the "Allow" button. A voice in the back of your head asks: Where is all of this going?

That hesitation is completely reasonable. Your health data is some of the most intimate information your phone collects. It paints a picture of how you move, how you sleep, how active you are on any given day. In the wrong hands, it could be used to infer medical conditions, influence insurance premiums, or target you with manipulative advertising.

At TamagoFit, we believe you deserve total clarity about what happens to your health data. This guide breaks down exactly how Apple HealthKit works, what protections are built in, what TamagoFit accesses, and what we do (and do not do) with your information.

Why People Worry About Health Data Privacy

In 2024, a major fitness social platform was found to be sharing user workout data with advertising networks. Another popular step-tracking app was caught sending granular health metrics to third-party analytics services without clear user consent. These are not hypothetical risks. They are documented incidents that erode public trust in digital health tools.

The concerns are legitimate. Health data can reveal patterns about chronic conditions, mental health, reproductive health, and daily routines. Unlike a social media post you chose to share publicly, health data is generated passively and often without you thinking about it. People rightly expect a higher standard of care for this category of information.

How Apple HealthKit Protects Your Data

Apple designed HealthKit with privacy as a foundational principle, not an afterthought. Here is how the system works at a technical level:

• Sandboxed storage. HealthKit data is stored in an encrypted database on your device. Each app that requests HealthKit access gets its own sandboxed view. App A cannot see what data App B has access to.
• Granular, per-app permissions. When a fitness app requests HealthKit access, you choose exactly which data types to share. You can allow step count but deny heart rate. You can allow sleep data but deny reproductive health. Every data type is individually toggleable.
• On-device by default. HealthKit data lives on your iPhone. It is not automatically uploaded to Apple's servers. If you enable iCloud Health syncing, that data is end-to-end encrypted, meaning even Apple cannot read it.
• No background snooping. Apps can only read HealthKit data that you have explicitly granted permission for. They cannot silently request new data types or expand their access without your knowledge.

Apple's Strict Rules for HealthKit Apps

Beyond the technical safeguards, Apple enforces strict policies for any app that uses HealthKit. These rules are not optional guidelines. They are mandatory requirements enforced during App Store review:

• No selling HealthKit data. Apps are prohibited from selling health data to third parties, data brokers, or any external entity. Period.
• No advertising use. HealthKit data cannot be used to serve targeted ads, build advertising profiles, or inform marketing campaigns.
• No iCloud storage of raw HealthKit data. Apps cannot store raw HealthKit samples in iCloud or any non-encrypted cloud service.
• Clear purpose requirement. Apps must clearly explain why they need each HealthKit data type and use it only for the stated purpose.

Any app that violates these rules faces removal from the App Store. Apple takes HealthKit compliance seriously, and so do we.

What TamagoFit Specifically Accesses

TamagoFit requests access to five HealthKit data types. Here is exactly what each one does in the app:

• Step Count. Your daily steps are the core gameplay mechanic. Steps earn XP (experience points) to level up your monster and coins to buy food and items in the in-game shop.
• Active Energy Burned (Calories). Calories burned from physical activity earn additional coins. This rewards all types of movement, not just walking.
• Sleep Hours. When you get 7 to 9 hours of sleep, you earn bonus coins. This encourages healthy sleep habits without punishing people who occasionally have a rough night.
• Walking/Running Distance. Stored for future features. Not currently used in gameplay calculations.
• Mindful Minutes. Stored for future features. Not currently used in gameplay calculations.

What TamagoFit Does NOT Access

We believe in requesting only the data we need. TamagoFit does not request access to:

• Heart rate or heart rate variability
• Blood pressure or blood oxygen
• Medical records or clinical data
• Reproductive health data
• Nutrition or water intake logs
• Body measurements (weight, BMI, body fat)

If TamagoFit ever adds support for new HealthKit data types in the future, your device will prompt you for permission before any new data is accessed.

TamagoFit's Privacy Commitments

We go beyond Apple's baseline requirements with the following commitments:

• No third-party data sharing. Your health data is never shared with advertisers, analytics companies, data brokers, or any external party.
• No ads, ever. TamagoFit does not display advertisements. Your health data will never be used to build an advertising profile.
• Encrypted transmission. All data sent between your device and our servers uses TLS/SSL encryption. Your health data is never transmitted in plain text.

How Your Data Is Stored

TamagoFit uses Convex as its backend platform. When your health data syncs to our servers, we store only aggregated daily values. For example, we record "12,345 steps on February 3" rather than the raw HealthKit samples that show exactly when each step was taken throughout the day. This minimizes the sensitivity of stored data while still powering your gameplay experience.

Raw HealthKit samples remain on your device. They are read by the app, converted into daily totals, and the aggregated values are synced to your account. We do not have access to the minute-by-minute breakdown of your activity.

How to Check or Revoke Permissions

You are always in control of what TamagoFit can access. To review or change permissions:

1. Open the Settings app on your iPhone.
2. Tap Health.
3. Tap Data Access & Devices.
4. Find and tap TamagoFit.
5. Toggle individual data types on or off.

Revoking access will prevent the app from syncing new health data. Your monster will continue to exist with its current stats, but it will not earn new XP or coins from HealthKit until permissions are restored.

Account Deletion and Your Rights

You can request complete deletion of your account and all associated data by emailing privacy@tamagofit.app. Upon receiving your request, we will delete your account data, including your virtual pet, inventory, achievements, health snapshots, and streak history, within 30 days.

GDPR and CCPA Rights

If you are a resident of the European Economic Area (EEA), you have rights under GDPR including the right to access, rectify, erase, restrict processing, and port your data. If you are a California resident, CCPA grants you the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. TamagoFit does not sell personal information.

To exercise any of these rights, contact us at privacy@tamagofit.app. We will respond within 30 days.

The Bottom Line

Your health data deserves the same care and attention you give your monster. At TamagoFit, we built our privacy practices on a simple principle: your data powers your pet, and nothing else. We do not sell it. We do not share it. We do not use it for ads. We store only what we need, encrypt everything in transit, and give you full control to revoke access at any time.

When you tap "Allow" on that HealthKit permission screen, you are not handing your health data over to a black box. You are feeding your monster. And that is exactly how it should be.