Privacy Policy

HealthZap("we", "us") helps you track daily health habits through our website and Telegram bot. This policy explains what information we collect, how we use it, and the choices you have.

Account information: name, email address, phone number, and password (stored in hashed form).

Health and tracker data: logs and goals you choose to save, such as weight, water intake, supplements, calories, height, and related notes or timestamps.

Telegram data: if you use our Telegram bot or mini app, we may store your Telegram user ID and link it to your account when you verify with the same phone number.

Payment information: subscriptions are processed by Stripe. We do not store full card numbers. Stripe provides us with billing status, customer IDs, and subscription details.

Technical data: basic logs needed to operate the service, such as request timestamps, error reports, and the source of a log entry (web or Telegram).

We use your information to:

• create and manage your account;
• store and display your tracker data across web and Telegram;
• process subscriptions and provide billing support;
• improve reliability, security, and product features;
• respond to support requests and important service notices.

We do not sell your personal information. We do not use your health logs for advertising.

Where applicable privacy laws require a legal basis, we rely on: performance of our contract with you (providing the service), your consent where required, and our legitimate interests in operating, securing, and improving HealthZap.

We share information only with service providers that help us run HealthZap:

• Stripe for payments and subscription management.
• Telegram when you choose to log through our bot or mini app.
• Infrastructure providers that host our application and encrypted database backups.

We may also disclose information if required by law or to protect the rights, safety, and security of users and the service.

We keep your account and tracker data while your account is active. If you delete your account, we remove associated personal and health data from our primary systems, except where retention is required for billing, legal, or security purposes.

Encrypted database backups may persist for a limited period as part of our disaster recovery process before being rotated out.

You can update tracker settings in the app, manage billing through Stripe, and delete your account from Settings. Depending on where you live, you may also have rights to access, correct, delete, or export your personal data, or to object to certain processing.

To make a privacy request, contact us at [email protected].

We use technical and organizational measures appropriate to the service, including encrypted connections, password hashing, access controls, and encrypted off-site backups. No online service can guarantee absolute security.

HealthZap is not intended for children under 16, and we do not knowingly collect personal information from children.

If you use HealthZap from outside the country where our servers are located, your information may be processed in that location and by the service providers listed above.

We may update this policy from time to time. We will post the revised version on this page and update the effective date above.

Questions about privacy? Email [email protected].