This Privacy Policy describes how ST Solutions ("we", "us", or "our") collects, uses, and protects your information when you use the Health Central mobile application (the "App"). Health Central is a local-first health tracking app — all your personal health data stays on your device.
ST Solutions is the data controller for the purposes of the General Data Protection Regulation (GDPR). You can reach us at hello@st-solutions.dev.
The App allows you to track health metrics including blood pressure, heart rate, weight, sleep, exercise, oxygen saturation, respiratory rate, body temperature, blood glucose, VO2 Max, calorie intake, nutrition logs, and supplement schedules. All health data is stored exclusively on your device. We do not upload, transmit, or have access to any of your personal health information.
The App can read health data from Android Health Connect with your explicit permission. This data is used solely to display your health metrics within the App and is never sent to any external server. The App only has read access — it never writes to or modifies Health Connect data. You can revoke these permissions at any time through your device settings.
When you search for food products or scan a barcode, your search query or barcode number is sent to our backend server, which forwards it to the Open Food Facts database. These requests contain no personal or health-related information — only the search term or barcode number is transmitted.
The App may request the following permissions: Camera — used solely for scanning food product barcodes, no images are stored or transmitted. Notifications — used to deliver measurement and supplement reminders you configure. Health Connect — used to read health metrics from your device with read-only access.
We process data for the following purposes and legal bases under GDPR: Displaying your health metrics locally (consent, Art. 6(1)(a)); Reading Health Connect data (explicit consent, Art. 9(2)(a)); Food product and barcode lookups (legitimate interest, Art. 6(1)(f)); Sending reminders you configure (consent, Art. 6(1)(a)).
All personal and health data is stored in a private database on your device. We do not operate user accounts, cloud storage, or synchronization services. The App does not include any analytics SDKs, advertising frameworks, or third-party tracking tools. Our backend server, used only for food lookups, employs rate limiting, input validation, security headers, and encrypted HTTPS connections. It does not store any user data.
The only third-party service used is Open Food Facts, an open-source food product database queried through our backend when you search for food products or scan a barcode. Only the search term or barcode is transmitted. No other third-party services receive any data from the App. You can review the Open Food Facts privacy policy at https://world.openfoodfacts.org/privacy.
We do not sell, rent, or share your personal data with any third parties. Your health data never leaves your device.
All data is stored on your device for as long as you choose to keep it. You can delete individual records within the App or remove all data by uninstalling the App.
You can export all of your data at any time as a JSON file using the App's built-in export feature. This supports your right to data portability under GDPR Article 20.
As a user in the EU/EEA, you have the right to: access your personal data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict processing; data portability — export your data in a structured format; withdraw consent at any time without affecting prior processing; and lodge a complaint with your local data protection authority. Since all data is stored locally on your device, you have full and direct control over your information at all times.
The App is not intended for use by children under the age of 16. We do not knowingly collect data from children.
We may update this Privacy Policy from time to time. Changes will be posted within the App or on our website, with the updated date reflected at the top of this document.
If you have any questions about this Privacy Policy or your data, please contact ST Solutions at hello@st-solutions.dev.