This Consumer Health Data Privacy Policy is provided as a separate and distinct policy as required by the Washington My Health My Data Act (WMHMDA) and applies to consumer health data Reknit collects from any user. It supplements, but does not replace, our general Privacy Policy.
If any provision of this policy conflicts with a more general statement in our Privacy Policy, the terms of this policy govern with respect to consumer health data.
1. What is “consumer health data”?
For purposes of this policy, “consumer health data” means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status. This includes the categories listed below.
2. Categories of consumer health data we collect
- Injury information — the body part affected and the type of issue, as you enter during intake (e.g., “knee,” “tendon-pattern discomfort”)
- Self-reported pain levels — pain scores you log on a 0–10 scale before, during, or after sessions
- Symptom screening responses — answers to the safety self-check at intake (red-flag screening: night pain, neurological symptoms, recent trauma, etc.)
- Functional status — your self-reported ability to use the affected area in daily life
- Recovery goals — what you want to achieve from your recovery program
- Exercise activity related to your injury — session completions, exercise results, effort ratings, and stage progression for your injury-specific routine
- Coach chat content — messages you send to or receive from the in-app AI coach, where those messages relate to your physical condition or pain
We do not collect biometric data (e.g., genetic, retinal, fingerprint, or voiceprint data), precise geolocation data, or health insurance information.
3. Sources of consumer health data
We collect consumer health data only from you, directly, through the App. We do not purchase or otherwise acquire consumer health data from third parties or data brokers.
4. Purposes of collection and processing
We collect and process consumer health data for the following purposes, each of which is necessary to provide the App’s core functionality to you:
- To match you to a routine. Your intake responses are used to suggest one of our pre-built, professionally-designed exercise routines.
- To track your progress. Your session and pain data are stored so you can review your own history.
- To generate coaching responses. When you message the AI coach, recent session and pain context is sent so the coach can respond meaningfully to you.
- To safety-screen. Red-flag screening responses are evaluated against a fixed rule set to determine whether to recommend you consult a healthcare provider before using a self-guided routine.
- To improve the App. Aggregated, non-identifying patterns may be used internally to improve the product. Individual consumer health data is not used for this purpose without your separate, affirmative consent.
We do not use consumer health data for advertising, profiling for targeted advertising, training of generative AI models, or any purpose unrelated to providing the App to you.
5. Categories of consumer health data shared, and with whom
We share consumer health data only with the following processors, each acting on our behalf and only to the extent necessary to provide the App:
| Processor | Purpose | What is shared |
|---|---|---|
| Supabase, Inc. | Database hosting, authentication, edge function execution | All categories listed in §2; encrypted in transit and at rest; row-level security restricts access to you |
| Anthropic, PBC | AI coach response generation | Coach chat messages and the minimum recent-session context required to respond. Per Anthropic’s API terms, your data is not used to train Anthropic’s models. |
| Expo (650 Industries, Inc.) | Push notification delivery | Device push tokens only; push payloads are written generically (e.g., “Time for your routine today”) and do not contain pain levels, body parts, or stage information. |
We do not share consumer health data with any other third party, except where required by law (e.g., valid subpoena or court order).
6. We do not sell consumer health data
We do not, and will not, sell your consumer health data, exchange it for monetary or other valuable consideration, or share it with third parties for cross-context behavioral advertising or for any third party’s own marketing purposes.
We will not begin selling consumer health data without first obtaining your separate, valid authorization as required by WMHMDA.
7. Your rights
You have the following rights with respect to your consumer health data:
- Right to confirm and access — confirm whether we are collecting, sharing, or selling your consumer health data, and obtain a list of all third parties with whom we have shared it.
- Right to withdraw consent — withdraw consent for our collection and sharing of your consumer health data. Because consumer health data is necessary to operate the App, withdrawal of consent will result in deletion of your account.
- Right to deletion — request deletion of your consumer health data, including from any of our processors that hold a copy.
- Right to appeal — if we deny a request, appeal that denial. We will respond to an appeal within 45 days.
To exercise any of these rights, use the Privacy Center in the app (Profile → Privacy Center) or email us at the address in §10.
We will respond to verifiable requests within 45 days. We may extend this period once by an additional 45 days where reasonably necessary, and we will notify you of any extension.
We will not discriminate against you for exercising any of these rights.
8. How consent is captured and withdrawn
We collect your affirmative, opt-in consent to process consumer health data on first launch of the App, through a dedicated consent screen with a separate checkbox for this policy. Your consent event is recorded in an append-only log that includes the version of this policy you accepted, a cryptographic hash of the exact text shown to you, and the timestamp of your acceptance.
To withdraw consent, open the Privacy Center in the app and tap “Withdraw consent and delete my data.” Withdrawal will be recorded in the same append-only log and will trigger deletion of your account and consumer health data within 30 days.
9. Retention
We retain consumer health data for as long as your account is active. Upon account deletion or consent withdrawal, we delete consumer health data from our production database within 30 days and from routine backups within 90 days, except where a specific category of data is subject to a litigation hold or a legal retention obligation.
We retain consent and consent-withdrawal records (without the underlying health data they relate to) for the period required by applicable law, currently up to six years from the date of the event, as evidence of compliance.
10. Contact
For consumer-health-data privacy questions, requests, or appeals:
Email: support@reknit-app.com Subject line, please use: “Health Data Request — [your account email]“
11. Changes to this policy
If we make material changes to this policy, we will (a) increment the version number above, (b) update the effective date, (c) prompt you in the App to review and re-consent before continuing to use features that rely on consumer health data, and (d) preserve prior versions in our internal records for as long as required to honor consent obligations.
Version history: v1.0 — April 25, 2026 — Initial publication.