Google Health Privacy Policy

Google Health Privacy Policy

FitThumb Google Health Privacy Policy

Last Updated:

This policy applies specifically to FitThumb's use of Google Health data. For our general privacy practices, see our FitThumb Privacy Policy.

FitThumb integrates with the Google Health API to import fitness, nutrition, and sleep information from health-tracking devices you have linked to your Google account (for example, a Fitbit device linked through Google Health Connect). This section explains exactly what data we access through Google, how we use it, where we store it, and who we share it with. It supplements — and in case of conflict, governs — the more general data sections of this Privacy Policy with respect to information we obtain from Google.

What we access

When you connect your Google account to FitThumb, you grant FitThumb permission to read the following categories of data from Google Health, scoped to your account only:

  • Activity and fitness: daily step counts, distance traveled, and the details of individual exercise or workout sessions (start time, duration, activity type, calories burned, distance, and average heart rate where available).
  • Nutrition : food and hydration entries you have logged, including item names, calories, macronutrient breakdowns, and meal categorization.
  • Sleep : sleep session durations and stage breakdowns (light, deep, REM, awake).

We also receive a stable, opaque identifier that Google uses to identify your Google Health account (“healthUserId”). This identifier allows us to associate incoming data with your FitThumb account.

We do not request and do not receive: your email address, name, profile photo, location data, contacts, calendar entries, Google Drive contents, photos, or any data from Google services other than the Google Health categories listed above.

How we access it

Access is initiated only after you complete Google’s OAuth consent flow inside FitThumb. We receive an access token and refresh token issued by Google that authorize subsequent requests scoped to your account. After your initial consent, FitThumb obtains data from Google in two ways:

  1. Real-time notifications: Google sends FitThumb a cryptographically signed notification each time your linked devices report new data of the categories listed above. We verify the signature on every notification using Google’s published public keys before accepting it.
  2. Periodic synchronization: For certain data types, FitThumb queries Google’s API directly on a scheduled basis (typically once per day) to ensure no records are missed if a real-time notification was not received.

How we use it

FitThumb uses your Google Health data solely to provide and improve the user-facing features you have signed up for. Specifically, we use the data to:

  • Display your daily activity, workouts, nutrition, and sleep within your FitThumb account.
  • Calculate activity points, challenge progress, leaderboards, and rewards offered by your organization through FitThumb.
  • Generate aggregated participation summaries provided to the organization that sponsors your FitThumb account (for example, your employer’s wellness program), in a form that does not expose individual data points beyond what your program agreement permits.
  • Provide customer support when you contact us with a question that requires us to look at your data.

We do not use your Google Health data to serve advertising, train generalized machine-learning models, build user profiles for resale, or for any purpose unrelated to delivering FitThumb’s wellness features to you.

How we store it

Your Google Health data is stored on servers we operate through Amazon Web Services in the United States. Access tokens, refresh tokens, and the healthUserId issued by Google are stored alongside your linked-account record. The fitness, nutrition, and sleep records we import are stored in your FitThumb account history.

Data is encrypted in transit between your device, Google, and FitThumb, and at rest on our servers. Access to production systems is limited to FitThumb personnel with a job-related need and is logged.

Imported data is retained for as long as your FitThumb account remains active so that historical views, year-over-year trends, and program reporting remain available to you. If you disconnect Google from FitThumb (see “Your controls” below), we stop receiving new data immediately and delete the access and refresh tokens within 30 days. The historical fitness records that were already imported into your account remain in your FitThumb history unless you also request account deletion.

How we share it

FitThumb does not sell your Google Health data, share it with advertisers, or transfer it to data brokers.

We share data derived from your Google Health information only as follows:

  • With the organization that sponsors your FitThumb account: aggregated and program-relevant participation information (for example, whether you met a step goal in a challenge) is shared with your employer or wellness program administrator, consistent with the program agreement you accepted when joining. Raw underlying data points are not shared unless your program explicitly provides for that and you consented at enrollment.
  • With service providers we contract with to operate FitThumb: cloud hosting (Amazon Web Services), email delivery, error monitoring, and customer support tooling. These providers process data only on our instructions and are contractually bound to safeguard it.
  • When required by law: in response to a valid legal process, or to protect the safety, rights, or property of FitThumb, our users, or the public.

Google API Services Limited Use disclosure

FitThumb’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, FitThumb:

  • Uses data obtained through Google APIs only to provide or improve user-facing features that are prominent in FitThumb’s interface and require those data scopes.
  • Does not transfer this data to others except as necessary to provide or improve those features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
  • Does not use this data for serving advertisements, including retargeted, personalized, or interest-based advertising.
  • Does not allow humans to read this data unless we have obtained your affirmative agreement to view specific records, doing so is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for internal operations where the data has been aggregated and anonymized.

Your controls

You can review and revoke FitThumb’s access to your Google account at any time, either by:

  • Disconnecting Google from within FitThumb (Account Settings → Connected Apps), which immediately calls Google’s revocation endpoint and stops further data sync.
  • Visiting your Google account’s security settings at https://myaccount.google.com/permissions and removing FitThumb from the list of connected apps.

To request deletion of the Google Health data already imported into your FitThumb account, contact us at support@fitthumb.com and we will process the request within 30 days.

For our general privacy practices, please return to the FitThumb Privacy Policy.

Schedule a Free Demo: We'd love to show you what we can do!

We love to show our customers the power of our corporate wellness portal.
Feel free to schedule a demo and phone consultation today.

Request a Demo
 
TOP