Privacy Policy

Overview

BeastHeart is a heart rate variability (HRV) tracking app that captures daily readings from a Bluetooth chest strap and computes readiness scores. This privacy policy explains what data BeastHeart collects, how it is stored, and how you can delete it.

BeastHeart is designed to work entirely offline. Cloud features are optional and require an explicit opt-in.

Data Stored on Your Device

When you take an HRV reading, the following data is saved to a local database on your device:

• Raw R-R interval arrays from each Bluetooth reading session
• Computed HRV metrics: RMSSD, lnRMSSD, SDNN, pNN50, mean heart rate
• Readiness scores and baseline statistics
• Bluetooth device pairing information (device ID and name)
• Your preferences (reading duration, preferred device)

This data never leaves your device unless you enable cloud sync.

Cloud Sync (Optional)

If you sign in and enable cloud sync in Settings, your readings are uploaded to Google Cloud Firestore. Each user's data is stored in an isolated subcollection — no data is shared between users.

Cloud data includes:

• All reading data listed above (R-R intervals, HRV metrics, readiness scores)
• API key metadata (key prefix and creation date only — the full key is stored on your device)

Cloud data is stored in the us-central1 (Iowa, USA) Google Cloud region.

How Your Data Is Accessed

• Firestore security rules enforce strict user isolation. You can only read and write your own data.
• The REST API uses per-user API key authentication. All queries are scoped to the authenticated user. All API endpoints are read-only — the mobile app is the only system that writes data.
• The MCP server (for AI assistant integration) accesses your data through the REST API. It does not have direct database access. The same API key authentication applies.

Cookies & Analytics

This website does not use cookies, tracking pixels, or analytics services. No third-party scripts are loaded. The BeastHeart mobile app does not include analytics SDKs.

If this changes in the future, this policy will be updated and the effective date at the top of this page will be revised.

Account Deletion

You can delete your account and all associated cloud data at any time from within the app. See our Account Deletion page for step-by-step instructions.

Deletion is permanent and irreversible. There is no grace period.

Local data on your device is preserved after account deletion so the app continues to work as a standalone tracker. To remove local data, uninstall the app.

Children's Privacy

BeastHeart is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with data, please contact us so we can delete it.

Changes to This Policy

We may update this policy from time to time. Changes will be reflected in the effective date at the top of this page.