Privacy Policy

A. Motion & Sensor Data (Core Signal)

During active “Steady Check-in” sessions, the App collects motion data from your Apple Watch and/or iPhone, including accelerometer and gyroscope signals.

• Raw sensor data is processed locally on your device.
• Raw motion data is not transmitted to our servers.
• Only derived stability metrics (e.g., Steadiness Score, duration, timestamps) may be stored.

B. Session Summaries

We store aggregated session data such as:

• Steadiness Score (0–100)
• Session duration
• Session timestamps
• Optional self-reported ratings or notes

If you enable cloud features or create an account, session summaries may be securely stored on our backend to allow syncing across devices.

C. HealthKit Data (Optional)

With your explicit permission, PinkSteady may access certain Apple HealthKit data, such as heart rate, heart rate variability, walking steadiness, and step metrics.

HealthKit data:

• Is used solely to provide contextual wellness insights within the App.
• Is not shared with third parties.
• Is not used for advertising or marketing.
• Remains subject to Apple's HealthKit privacy protections.

You may revoke HealthKit access at any time in Apple Health settings.

D. Account & Authentication Information

If you create an account or sign in:

• A unique user identifier may be created.
• Authentication may be handled through secure identity providers.
• We do not receive or store your Apple ID password or payment details.

E. Subscription & Billing Information

PinkSteady offers optional auto-renewable subscriptions through Apple's App Store. Payments are processed by Apple. We do not receive your full payment information. Apple may provide us limited transaction data (such as subscription status or expiration dates) solely to validate premium feature access.

Subscriptions automatically renew unless canceled at least 24 hours before the end of the current billing period. You can manage or cancel subscriptions in your App Store account settings.

F. User Feedback

You may optionally provide ratings, personal notes, or feature feedback. This information is used only to enhance your experience.

We use information to:

• Provide real-time balance feedback (haptic/audio cues)
• Display stability trends and progress charts
• Personalize insights based on your baseline
• Enable premium subscription features
• Sync session summaries (if enabled)
• Improve algorithms using anonymized, aggregated data
• Maintain app security and performance

We do not sell your data. We do not use health information for advertising. Identifiable health data is not shared with third parties except:

• With a caregiver you have explicitly linked via a connection code
• With a care facility you have explicitly consented to share with via a consent code
• With our cloud infrastructure provider (Microsoft Azure) for the purpose of storing and processing your data
• When required by law

• Raw sensor data: Processed on-device and not retained after session completion.
• Session summaries: Retained while your account is active or until deleted.
• Aggregated analytics data: Retained in anonymized form for product improvement.
• Research features (opt-in only): Processed feature vectors may be retained temporarily and deleted within a limited timeframe.

You may request deletion of your account and associated data at any time.

We implement industry-standard safeguards to protect your data, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Secure cloud infrastructure
• Access controls and authentication safeguards
• Device-level security protections provided by Apple

No method of transmission or storage is 100% secure, but we take reasonable measures to protect your information.

We use trusted service providers to operate PinkSteady, including Apple (App Store, StoreKit, HealthKit), secure cloud hosting providers (e.g., Microsoft Azure), and identity and authentication services.

These providers process information only to support app functionality and are not permitted to use your data for marketing purposes.

Participating care facilities: If you choose to link your account to a facility, your session data (scores, timestamps, duration, notes, and display name) is accessible to authorized facility staff via the PinkSteady Facility Dashboard. Facilities are bound by a Business Associate Agreement that restricts how they may use your data.

You may choose to share your session data with a trusted caregiver (such as a family member or friend) by generating a connection code within the app. When a caregiver links to your account:

• They can view your session scores, trends, and session history.
• They cannot modify or delete your data.
• You can revoke a caregiver's access at any time in Settings.

Caregiver access requires an active PinkSteady Premium subscription. If your subscription lapses, your caregiver will no longer be able to view your session data until the subscription is renewed.

No data is shared with a caregiver until you explicitly generate and share a connection code.

If you are a resident of an assisted living facility or care home that participates in the PinkSteady program, you may choose to share your session data with your facility's care team. This is entirely optional.

How it works

• You generate a temporary consent code in the app (Settings → Advanced Settings → Research Participation).
• A member of your facility's staff enters the code on the facility dashboard to create a link.
• The link is valid for one year and can be renewed.

What your facility can see

• Your display name (as you entered it in Settings)
• Session scores, timestamps, duration, and device source (iPhone or Apple Watch)
• Session notes (if you added any)
• Trends and summary statistics derived from your sessions

What your facility cannot see

• Your Apple ID or email address
• Raw sensor or motion data (this is never stored on our servers)
• Data from other apps on your device
• Your subscription status or payment information

Your rights

• You can stop sharing at any time (Settings → Advanced Settings → Research Participation → Stop Sharing).
• When you revoke access, your facility can no longer view your data. Your session history remains on your device and in your account.
• You can also request that your facility revoke the link from their side.
• If you delete your account (Settings → Delete My Data), all server-side data is permanently removed, including any facility links.

Data handling

• Your data is transmitted and stored using encryption (TLS 1.2+ in transit, AES-256 at rest).
• Facility staff access is authenticated via Microsoft Entra ID and is logged for audit purposes.
• Every time a staff member views your data, an audit record is created that includes who accessed it and when.
• PinkSteady maintains a Business Associate Agreement (BAA) with each participating facility to ensure your data is handled in compliance with HIPAA.

PinkSteady maintains audit logs that record when your data is accessed by facility staff or caregivers. These logs include:

• The identity of the person who accessed your data
• What action was performed (e.g., viewing your session history, exporting data)
• The date and time of access

Audit logs do not contain your session scores or personal information — only identifiers and actions. These logs are retained for six years in compliance with HIPAA requirements.

PinkSteady does not:

• Sell personal data
• Use health data for advertising
• Share identifiable health data with third parties except as described in Section 2
• Collect GPS/location data
• Provide medical diagnosis or treatment

You can:

• Access your session history within the App
• Delete sessions at any time
• Disable HealthKit permissions
• Revoke caregiver or facility access at any time in Settings
• Cancel subscriptions via Apple settings
• Request deletion of your account and associated data

To make a deletion request, contact us at the email below.

PinkSteady is intended for adults and is not directed to children under 13. We do not knowingly collect personal information from children.

PinkSteady is a general wellness product and is not a medical device. It is not intended to diagnose, treat, cure, or prevent any disease. Stability scores and insights are for informational and wellness purposes only. Always consult a qualified healthcare provider for medical concerns.

If you access PinkSteady from outside the United States, your information may be processed in jurisdictions where our service providers operate. By using the App, you consent to such processing consistent with this Privacy Policy.

We may update this Privacy Policy periodically. Material changes will be reflected by updating the “Last Updated” date and may be communicated within the App.

If you have questions about this Privacy Policy or your data, please contact us:

• Email: info@pinksteady.com
• Website: https://www.pinksteady.com