Privacy Policy

Effective: July 11, 2026
The short version: we don't collect your data. Your health data moves directly from Oura's servers to your iPhone and into Apple Health. It never passes through us, and we have no way to see it. The app contains no analytics, no crash-reporting SDKs, no advertising identifiers, and no user accounts.

What the App Does With Your Data

OuraSync reads health metrics (resting heart rate, heart rate variability, blood oxygen, body temperature, and VO₂ Max) from your Oura account using Oura's official API, and writes them to Apple Health on your device. All processing happens on your iPhone.

Sign-In and Tokens

You sign in with your Oura account using OAuth. Your Oura password is never seen by the app. To complete sign-in, a minimal token service operated by Steelheart Labs exchanges and refreshes OAuth tokens with Oura. Only authentication tokens transit this service — never health data. The service is stateless: it stores nothing and does not log token contents. Tokens are kept in your device's Keychain.

What We Don't Collect

Purchases

Subscriptions are processed entirely by Apple. We never receive your payment details. Apple provides us anonymized transaction records only.

Support and Problem Reports

If you choose to contact support, you can attach a problem report generated by the app. It contains your local sync history and device diagnostic logs. It is created and shared only when you explicitly export it, and you can review its contents before sending.

Your Controls

Children

OuraSync is not directed at children under 13, and we do not knowingly collect personal information from anyone — including children.

Changes

If this policy changes, the updated version will be posted here with a new effective date. Because the app collects nothing, material changes are unlikely; any change that introduced data collection would be prominently disclosed in the app before taking effect.

Contact

Questions: support@steelheartlabs.com