Consumer Health Data Privacy Policy
Last updated: April 23, 2026 Version: 1
This is the Consumer Health Data Privacy Policy for Kettle Muscle, published by Pulkit Kakkar as the regulated entity. It is maintained as a separate, stand-alone document, linked prominently from the app's Privacy screen (Profile → Privacy → Legal) and from the website footer, as required by:
- Washington My Health My Data Act ("WMHMDA"), RCW 19.373.020;
- Nevada SB 370 (Nevada consumer-health-data statute); and
- Connecticut Data Privacy Act, P.A. 23-56 §6 (consumer-health-data amendment).
Residents of other jurisdictions with equivalent rights over consumer health data should read this policy together with our general Privacy Policy and our Data Retention Policy.
1. Who we are
Kettle Muscle is a consumer fitness application published by Pulkit Kakkar, an individual developer based in Ontario, Canada.
- Primary email: contact@kettlemuscle.com (please mark requests with the subject line "Consumer Health Data")
- Postal address:
{{POSTAL_ADDRESS}} - Telephone:
{{PHONE_NUMBER}}
We are not a HIPAA-covered entity (see §12 of the Privacy Policy). This policy governs consumer health data that you, the consumer, provide to us directly through the app.
2. What consumer health data we collect
For purposes of WMHMDA and the parallel state laws listed above, "consumer health data" means personal information that is linked or reasonably linkable to you and that identifies your past, present, or future physical or mental health status. The categories of consumer health data that we collect through the Kettle Muscle app are as follows:
- Body measurements: height, body weight, and biological sex (entered by you at onboarding and editable in your profile).
- Fitness activity: workouts you log, including exercises performed, sets, repetitions, weight lifted, rest intervals, tempo notations, rate-of-perceived-exertion notations, and freeform notes.
- Derived fitness signals computed on your device from the above, including estimated one-rep-max values, session volume, personal records, fatigue state, and recovery estimates.
- Date of birth, collected solely to enforce the age gate required by children's-privacy laws. Only the accepted age threshold (pass/fail plus year of birth) is retained after the gate.
- Apple Health data (currently disabled feature): if and when you grant permission, this may include heart rate, body weight, and similar metrics that you authorise. Apple Health data is processed on-device and is not transmitted to our backend except as part of cloud-synced workout records you have already consented to.
We do not collect: precise geolocation, biometric identifiers (fingerprint, face scan, gait), genetic data, reproductive or sexual-health data, gender identity or sexual orientation, disability status, mental-health or substance-use history, inferences about diagnoses, or any other consumer-health-data category not listed above.
3. Where consumer health data comes from
Consumer health data covered by this policy is collected only directly from you, through the app's input surfaces. We do not purchase, receive, or otherwise acquire consumer health data from data brokers, health plans, healthcare providers, wearable-data clearinghouses, or any third-party source.
4. Why we process consumer health data
We process consumer health data for the following specific purposes, each of which is disclosed to you through the in-app consent screen titled "Built around your workouts" before the data is collected:
- To operate the fatigue engine and workout planner, which are the core purpose of the service;
- To compute and display your personal records, progress, and session history;
- To support cloud sync across your devices (only if you sign in);
- To export your data on your request under §8 of the Privacy Policy; and
- With your separate and additional opt-in consent, to generate de-identified aggregates for product research (see §2.5 of the Privacy Policy).
We do not process consumer health data to serve you advertising, to profile you for behavioural targeting, or to make decisions about you that produce legal or similarly significant effects.
5. Who receives consumer health data
The specific third parties that receive consumer health data, and the categories they receive, are listed below.
| Recipient | Consumer health data received | Reason |
|---|---|---|
| Google LLC (Firebase Authentication, Firestore, Cloud Functions, App Check) | Cloud-synced fitness activity and body measurements, if you sign in and enable cloud sync | To store and synchronise your account data; Google processes this as our service provider |
| Apple — Sign in with Apple | None (Apple provides the sign-in token; no consumer health data is transmitted) | Sign-in federation only |
| Google — Sign in with Google | None (Google provides the sign-in token; no consumer health data is transmitted) | Sign-in federation only |
| Apple Health | Only data you authorise (currently the Apple Health integration is disabled) | On-device only; not routed through our servers |
| OpenAI, Anthropic, or Google Gemini | Only if you enter your own API key and affirmatively consent at the in-app disclosure screen; the prompt and context you include | User-directed disclosure — transmission is initiated by you, not by us, at your specific request. We note this distinction because WMHMDA RCW 19.373.010(28) excludes user-directed disclosures from the definition of "share." |
We do not, and we will not, sell consumer health data or share it for cross-context behavioural advertising, profiling, or any similar purpose. A general acceptance of the Privacy Policy or the Terms of Use is not authorisation to sell or share consumer health data; any such sharing would require your separately-signed written authorisation, and we have no plans to seek one.
We do not geofence any location (including within 2,000 feet of any healthcare facility) for advertising or any other purpose, and we do not operate any advertising feature.
6. How long we keep consumer health data
Retention of consumer health data is set out in our Data Retention Policy and summarised in §5 of the Privacy Policy. In particular:
- Consumer health data tied to your account is retained until you delete each record or your account.
- Within 90 days of account deletion, consumer health data tied to your personal identity is removed from our backend, other than the consent and audit records described below.
- The timestamp, version, and surface of each consent you gave us to process consumer health data is retained for 24 months after account deletion, to evidence lawful processing in the event of a later regulatory inquiry.
7. How we protect consumer health data
Our technical and organisational safeguards are set out in our Information Security Program. For consumer health data specifically:
- Transport is encrypted with TLS 1.2 or higher.
- At-rest data is encrypted by Firebase's default encryption.
- Firestore rules enforce per-user isolation so that no user can read or write another user's consumer health data.
- Firebase App Check rejects requests that do not originate from a genuine app install.
- BYO-AI API keys and authorisation tokens are stored in the iOS Keychain, protected by the Secure Enclave where available.
8. Your rights under WMHMDA and parallel laws
You have the following rights with respect to consumer health data that we have collected about you. These rights apply whether you are a Washington resident (under WMHMDA), a Nevada resident (under SB 370), a Connecticut resident (under the Connecticut Data Privacy Act's consumer-health-data provisions), or a resident of another US state with equivalent rights.
- Right to confirm whether we are collecting, sharing, or selling (we do not sell) your consumer health data, and to access that data.
- Right to withdraw consent to our collection and processing of consumer health data, at any time. Withdrawing consent is effective for future processing; it does not reverse processing that already happened lawfully. To withdraw consent, go to Profile → Privacy → Delete account, or email us at the address above.
- Right to delete your consumer health data. Deletion cascades across our backend within 90 days; see §16 of the Terms of Use and §3 of the Data Retention Policy. We will also instruct our affiliates, processors, and contractors who received that data on our behalf to delete it, as required by WMHMDA §19.373.030.
- Right to appeal a denial of any of the above requests. If we deny your request, you may appeal by replying to our response email with the subject line "Appeal." If we uphold the denial on appeal, you may contact the Washington Attorney General's Office at atg.wa.gov.
- Right to file a complaint. Washington residents may file a complaint with the Washington Attorney General's Office. WMHMDA also provides a private right of action under the Washington Consumer Protection Act.
How to exercise these rights
Email contact@kettlemuscle.com with the subject line "Consumer Health Data Request" and tell us what you want. To protect your account, we may ask you to verify you are the account holder before we act on a request.
We will respond within forty-five (45) days of verifying your request. That period may be extended by an additional forty-five (45) days where reasonably necessary, with notice to you.
9. No discrimination for exercising these rights
We will not discriminate against you — for example, by denying service, charging a different price, or providing a different level or quality of service — because you exercised a right under this policy.
10. Updates to this policy
Material changes bump the version number at the top of this document. We will surface an in-app notice before a material change takes effect, and where the change requires your renewed consent we will obtain it before the change applies to you.
End of Consumer Health Data Privacy Policy.