Effective 1 July 2026 · Version 1.0
This policy supplements our Privacy Policy and is the separate consumer-health-data disclosure required by the Washington My Health My Data Act (MHMDA, RCW 19.373). Comparable consumer-health-data laws in other states (such as Nevada's) may also apply; where they do, we honor their requirements, which may differ from those described here. "Consumer health data" means information linkable to you that identifies your past, present, or future physical or mental health status. It governs how HeroTracker ("we," "us") handles that data.
We collect only the health and wellness information you choose to record, which may include:
We collect it to provide the app to you: to record, display, organize, and sync your data across your devices, to show your history and trends, and — only when you enable them — to power optional insights and AI features you request. We do not collect or use consumer health data for advertising or profiling, and we will not use or share it for a purpose not disclosed here without first obtaining your affirmative consent.
Consumer health data comes from two sources, both under your control:
To operate features you use, the categories above may be processed by service providers on our behalf — for the purposes of cloud storage and cross-device sync, and (only when you enable them) the AI and insight features you request. When you connect your own external AI assistant, only the categories you enable are shared with that provider, in a minimized, structured form (no free-text notes, photos, or specific symptom/condition names — only structured category values). We do not otherwise share consumer health data.
We share consumer health data only with the following categories of recipients:
We have no corporate affiliates with whom we share consumer health data. For the current list of specific recipients, contact privacy@herotracker.co.
HeroTracker does not sell consumer health data, does not collect a fee or other valuable consideration in exchange for it, and does not share it for cross-context behavioral advertising.
Under MHMDA (and comparable laws) you have the right to:
/delete-account
route. Deletion propagates to our processors, who are required to delete it as well;
residual copies in encrypted backups are purged within approximately six months.
To exercise any right, use the in-app controls or email privacy@herotracker.co. We may verify your identity via your account email, and you may use an authorized agent where the law allows. We will not deny you service, charge a different price, or provide a different quality of service for exercising a right. If we decline a request, you may appeal by replying to our response.
Consumer-health-data questions or requests: privacy@herotracker.co.