App Privacy Policy

Effective Date: 06/09/2025

SmartHabits Mobile is powered by myday.

SmartHabits Mobile is an application customised and branded for Logitech. It leverages the technology and infrastructure of the myday platform to deliver tailored experiences and functionality. While the branding and certain features are specific to SmartHabits Mobile, the underlying data handling, privacy protections and operational framework are managed by myday in accordance with this Privacy Policy.

At a Glance

myday helps you track wellbeing habits such as steps, active minutes, sleep, and other entries you choose. You control what you share. Health data is only collected with your explicit consent, is never sold, and is never used for advertising. You can disconnect integrations or delete your account at any time. Sharing in leaderboards is optional and can be disabled instantly.

1. Introduction

This Privacy Policy explains what we collect, how we use it, who we share it with, how long we keep it, and your rights.

Controller: Evexia Health International Ltd (trading as myday), registered in England & Wales No. 12935845. Registered office: Woodwater House, Pynes Hill, Exeter, Devon, United Kingdom EX2 5WR.

Depending on a client/Sponsor agreement, we may act as a processor for specific reporting they instruct. Otherwise, we act as controller.

The Logitech-branded SmartHabits Mobile app is powered by the myday platform and is covered by this same Privacy Policy.

2. About this Policy

This Policy forms part of our Terms & Conditions. Questions can be sent to hello@myday.health. You may also complain to your Supervisory Authority (in the UK, the ICO).

We rely on several lawful bases (see Section 7). Where we rely on consent, you can withdraw it at any time (Section 10).

We update this Policy from time to time. The latest version is always available in-app and on our website. Continued use constitutes acceptance.

3. Information we collect

3.1 Information you give us directly

  • Account & profile: name, email, phone (optional), month and year of birth, employee ID, password, country/timezone/language, and any content you post.

  • Wellbeing entries (optional): e.g., height, weight, water intake, sleep duration, and other wellbeing notes you choose to add. These are always optional and stored only if you enter them.

  • Calendars (Google/Outlook/Apple): we use the calendar.events.owned scope to create and manage only app-owned events (e.g., habit reminders). We never read, store, or modify your personal calendar events.

  • Third-party sources (including wearables): with your explicit consent, you may connect Apple Health, Google Health Connect and/or a wearable via our provider Rook to import activity metrics (e.g., steps, distance/active minutes, calories, sleep). Heart-rate may be used transiently for validation/derivation but is not stored as a user-level metric.

We do not use health data with medical devices unless required regulatory approvals are in place and you provide explicit consent.

3.2 Information we collect automatically

  • Device & app telemetry: device/OS and app version, crash/error data, and limited technical identifiers used for stability/analytics. We do not use advertising IDs (AAID/IDFA).

  • Approximate location & session data: IP-based approximate location, time zone, session timestamps, feature usage, and performance metrics.

  • Website (cookies): see our Cookies Policy for details about website cookies.

4. What We Never Do With Health Data

Because health, fitness, and wellness data is sensitive, we want to clearly state what we do not do:

  • We do not sell, transfer, or share your health data with advertisers, data brokers, or resellers.

  • We do not use your health data for marketing, advertising, or personalised ads.

  • We do not use your health data for credit, lending, or insurance purposes.

  • We do not share health data with third parties without your explicit, informed consent.

  • We do not use health data with medical devices unless required regulatory approvals are in place and you provide explicit consent.

  • We do not use health data in any way that could lead to death, personal injury, or harm.

  • We do not process health data in hidden or headless apps — our app is always visible on your device.

  • We do not use health data to sync between incompatible devices or platforms.

  • We do not design the app to target children or use health data in child-focused services.

5. How we use your information

We use information to:
(a) provide and personalise the Services (e.g., challenges, incentives, rewards, reminders);
(b) tailor content and insights you see;
(c) respond to questions and provide support;
(d) operate, secure and improve the Services (troubleshooting, testing, research, statistics);
(e) enable interactive features you choose;
(f) comply with law and enforce terms;
(g) protect users, our Services and our rights (e.g., fraud/abuse prevention).

We never use health data for advertising and we never sell your personal data.

6. Leaderboards & challenges

Only steps and active minutes are visible to other challenge participants via leaderboards. No heart-rate or other sensitive metrics are shown.

Sharing in leaderboards is optional. You can opt out anytime in app settings or by contacting support, and your step/active minute data will immediately stop being shown to others.

7. Lawful bases for processing (UK GDPR)

  • Consent – for special-category (health) data from Apple Health, Google Health Connect and connected wearables (Section 7.6), and for any optional features that explicitly request consent.

  • Contract – to provide the Services you request and that your Sponsor funds (e.g., create an account, deliver challenges, rewards, deep-link navigation).

  • Legal obligation – where processing is required to comply with law.

  • Vital interests / public task – only where applicable (rare).

  • Legitimate interests (LI) – to run a safe, stable and useful service (e.g., crash diagnostics, security, aggregated product analytics with ads features disabled). We balance these interests against your rights; you can object (Section 10). A summary LIA is available on request.

Special-category (health) data (GDPR Art. 9) – When you connect Apple Health, Google Health Connect or a wearable via Rook, we process health-related metrics only with your explicit consent (Art. 9(2)(a)). Withdrawing consent does not affect data already processed lawfully before withdrawal, but collection stops immediately once you disconnect.

8. SDKs & trackers (mobile app)

We keep SDKs to the minimum required for functionality, stability and privacy-preserving analytics. Ads features are disabled, and we do not use AAID/IDFA.

  • Google Firebase Dynamic Links – deep-link navigation.

  • Google Firebase Crashlytics – crash diagnostics and stability.

  • Google Firebase Analytics – aggregated product analytics to improve the app; ads features disabled.

  • GIPHY SDK (Shutterstock) – optional GIF search/selection. Search terms may indirectly reflect personal preferences, but we do not link searches to your identity (name, email, or account).

  • Rook – wearable/health data connection layer, always based on explicit consent.

  • Huawei Mobile Services (HMS) – excluded from production builds; not used in live apps.

Transfers may occur outside UK/EEA under SCCs/UK Addendum.

9. Sharing & disclosures

We may share data:

  • Within group companies that support the Services;

  • With service providers (processors) that host, support or help deliver the Services;

  • With your Sponsor in anonymised/aggregated form, or in limited cases in identifiable form where strictly necessary;

  • At your request; in corporate transactions; to comply with law; or to protect rights, users or the Service.

We do not sell, rent, or trade personal data to third parties.
We will never use HealthKit/Health Connect information for advertising.

10. Your rights & choices

You have rights to be informed; access; rectification; erasure; restriction; portability; and to object (including to processing based on legitimate interests).

  • Withdraw consent at any time (e.g., for health data): disconnect in the app and/or revoke OS permissions.

  • Object to analytics: contact us and we will cease Firebase Analytics collection for your device and delete associated analytics where feasible.

  • Account deletion: you can request deletion at any time. All user-level steps/active minutes stored in our app database are permanently deleted when you delete your account.

Contact: hello@myday.health (we may need to verify your identity).

11. Retention

We keep personal data only as long as needed for the purposes in this Policy, to comply with law, or to resolve disputes.

  • Firebase Analytics events – 2 months (auto-deleted).

  • Crash diagnostics – retained as necessary for stability and security troubleshooting.

  • Rook-processed activity metrics – retained for the duration of the service and up to 6 months after termination.

  • App database (steps/active minutes) – permanently deleted when you delete your account.

  • Operational/debug logs – retained short-term for security/reliability before automatic purge.

12. International transfers

myday is UK-based. Personal data may be processed in the US and other countries. Where we transfer data outside the UK/EEA, we use appropriate safeguards (e.g., EU Standard Contractual Clauses + UK Addendum) and conduct transfer risk assessments. Details are available on request.

13. Security

We apply technical and organisational measures appropriate to the risk (encryption in transit, access control, monitoring, least-privilege, etc.). No system is 100% secure; where required, we will notify authorities and users of personal data breaches.

14. Children

Our Services are not designed for individuals under 18. We do not knowingly allow under-18s to register, and any accounts identified as belonging to a minor will be promptly deleted.

15. California residents

If you are a California resident, see our “Notice to California Residents (CCPA/CPRA)” for disclosures and rights specific to California.

16. Contact (Data Protection Officer)

17. Definitions

“Data Protection Legislation” means UK GDPR, the Data Protection Act 2018, PECR 2003, and any successor laws. “Personal Data”, “Controller”, “Processor”, “Data Subject” and “Supervisory Authority” have the meanings in that legislation.