Sihat App - Privacy Policy

Last Updated: April 29, 2026
Effective Date: April 29, 2026

Overview

Sihat ("App", "we", "us", "our") is a health tracking application that helps users monitor their daily nutrition and fitness activities. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

1. Information We Collect

1.1 Information You Provide Directly

Authentication Information:

• Google account information (email, name, profile picture) when you sign in via Google Sign-In
• Google access tokens and ID tokens used to authenticate your session

Health & Nutrition Data:

• Meal photos captured through the app's camera feature
• Calorie intake entries (manually entered or AI-estimated)
• Daily food/nutrition descriptions
• Exercise and activity data

Configuration & Settings:

• User preferences and app configuration settings

Third-Party Integration Data:

• Health Connect data: nutrition information, exercise data, active calories burned, total calories burned, and step count (only if you enable Health Connect integration)

1.2 Information Collected Automatically

Device Information:

• Device model, OS type, and OS version
• App version and build information
• Camera permissions and usage patterns

Local Storage:

• Daily calorie entries stored in local CSV files on your device
• Cached configuration and session data

2. How We Use Your Information

We use the collected information for the following purposes:

1. App Functionality: To provide and maintain core app features including meal tracking, calorie estimation, activity monitoring, and daily dashboard
2. AI Calorie Estimation: To send meal photos to AI providers to estimate calorie content (see Section 3.2)
3. Health Tracking: To retrieve, display, and track your health data from Health Connect
4. Cloud Backup: To optionally backup your calorie CSV data to your Google Drive account
5. Improvements: To understand how you use the app and identify ways to improve functionality
6. Authentication: To maintain secure user sessions and prevent unauthorized access

3. Data Sharing & Third-Party Services

3.1 Google Services

Google Sign-In:

• Your email, name, and profile information are shared with Google during authentication
• We store your Google access tokens securely to authenticate future requests
• Google's Privacy Policy applies: https://policies.google.com/privacy

Google Drive:

• If you enable the optional auto-upload feature, your daily calorie CSV file is uploaded to your personal Google Drive account
• Only you and Google have access to this data; we do not access or retain copies on our servers
• Google Drive's Privacy Policy applies: https://policies.google.com/privacy

Health Connect:

• Health data (nutrition, exercise, calories, steps) is retrieved directly from Google Health Connect
• We do not store this data on external servers; it remains on your device
• Health Connect Privacy: https://www.google.com/fit/privacy

3.2 AI Providers

OpenAI:

• When you use the calorie estimation feature, your meal photo (in base64 format) and a text prompt are sent to your configured AI provider (OpenAI or Grok)
• The AI provider processes your image to estimate calorie content
• Your API key is stored locally on your device and is your responsibility to manage
• Please review the privacy policies of your chosen AI provider:
  • OpenAI: https://openai.com/privacy

3.3 No Data Selling

We do not sell, rent, lease, or trade your personal information to third parties. We do not share your data with advertisers, data brokers, or marketing companies.

4. Data Storage & Security

4.1 Local Storage

• Meal photos and calorie entries are stored locally on your device
• Local data is not encrypted by the app but is subject to your device's security settings

4.2 Cloud Storage

• Calorie CSV backups uploaded to Google Drive are encrypted in transit (HTTPS)
• Google applies encryption and security measures to files stored in Drive
• You have full control to delete backup files from Drive at any time

4.3 Security Measures

• All communications with third-party services use encrypted HTTPS connections
• API keys and authentication tokens are never logged or transmitted to Sihat servers
• The app does not maintain centralized servers; your data is processed locally or sent directly to third-party services you authorize

5. Data Retention

• Local Data: Your meal photos, calorie entries, and configuration remain on your device indefinitely until you delete them
• Google Drive Backups: Backed-up files remain on your Google Drive until you delete them
• Health Connect Data: Remains on your device in the Health Connect system

Upon app uninstallation, local app data is removed from your device (subject to your OS settings).

6. Your Privacy Rights

6.1 Access & Control

• You can access, review, and delete your local data at any time
• You can revoke app permissions through your device settings
• You can disconnect third-party integrations (Google) in app settings
• You can delete Google Drive backups through Google Drive directly

6.2 Data Portability

• Your calorie data is stored in standard CSV format and can be easily exported or migrated to other tools

6.3 Right to Delete

• You can request deletion of your local app data by uninstalling the app
• To delete your Google Drive backups, visit your Drive account
• To delete your Health Connect data, use Google's Health Connect app

6.4 California Consumer Privacy Act (CCPA)

If you are a California resident, you have the right to:

• Know what personal information is collected
• Know whether your personal information is sold or disclosed
• Delete personal information collected from you
• Not be discriminated against for exercising your CCPA rights

Please contact us at the email address below to exercise these rights.

6.5 General Data Protection Regulation (GDPR)

If you are located in the EU, you have additional rights under GDPR including the right to access, correct, delete, restrict, port, and object to processing of your personal data.

7. Children's Privacy

Sihat is not intended for children under 13. We do not knowingly collect information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete such information promptly.

Parents or guardians who believe their child has provided information to Sihat should contact us immediately.

8. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the "Last Updated" date at the top of this policy.

Your continued use of the app following changes to this policy constitutes your acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy, your privacy rights, or our privacy practices, please contact us:

Email: sihat.asia@gmail.com
Website: http://sihat.asia

We will respond to privacy inquiries within 30 days.

10. Additional Disclosures for App Stores

Permissions Requested

Android Permissions:

• Camera: To capture photos of meals for calorie estimation
• Health Data (Health Connect): To read nutrition, exercise, and calorie burn data
• Internet: To communicate with AI providers, Google services, and Strava
• Storage: To save calorie entries locally and manage backups
• Secure Storage: To store authentication tokens and API keys securely

Data Collection Summary

11. Limitation of Liability

To the fullest extent permitted by law: Sihat is provided "as-is." We are not liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the app or privacy-related issues, except where prohibited by law.

Acknowledgment

By using Sihat, you acknowledge that you have read this Privacy Policy and agree to its terms and conditions.

End of Privacy Policy