About This Policy
This Consumer Health Data Privacy Policy is a standalone disclosure required by the Washington My Health My Data Act (RCW 19.373), Nevada Senate Bill 370, and the Connecticut Data Privacy Act. It describes how StepSavvy LLC ("StepSavvy," "we," "us," or "our") collects, uses, shares, and protects consumer health data.
This policy is separate from and supplements our general Privacy Policy. Where this policy addresses consumer health data specifically, its terms govern.
This policy applies to all consumers whose health data we collect, regardless of residency, and provides the rights and disclosures required under applicable state consumer health data laws.
Effective Date: April 9, 2026
Categories of Consumer Health Data We Collect
We collect the following categories of consumer health data, as defined under RCW 19.373.010:
Surgical & Medical History
Surgery type, surgery date, recovery phase
Chronic Health Conditions
Plantar fasciitis, Achilles tendinopathy, shin splints, and other foot, ankle, knee, and lower-extremity conditions
Pain Data
Body region, pain intensity (1–10 scale), pain type (sharp, burning, achy, throbbing, tingling, stiffness), body side (left, right, both)
Gait Analysis Data
Video recordings of walking and gait submitted for AI analysis
Exercise & Physical Therapy Data
Exercise completion, adherence rates, daily plan progress
Recovery Metrics
Pain trends over time, recovery milestones, phase progression
Purposes for Collection and Use
We collect and use consumer health data for the following purposes:
- Generating personalized physical therapy recovery plans based on your surgery type and health conditions
- Providing AI-powered gait analysis and biomechanical feedback
- Tracking pain patterns and monitoring recovery progress over time
- Generating recovery reports that you may choose to share with your healthcare providers
- Maintaining app functionality, security, and technical diagnostics
- Sending recovery-related communications, including welcome emails and weekly activity summaries
Categories of Sources
We collect consumer health data from the following categories of sources:
- Directly from you: Information you provide during onboarding (surgery type, conditions) and daily app use (pain logs, exercise completion)
- From your device: Video recordings you submit through the app for gait analysis
- Automated collection: Crash and error logs from error monitoring services, which may incidentally include app state information
Third Parties and Affiliates
The following third parties receive consumer health data from StepSavvy:
| Third Party | Category | Purpose | Data Received |
|---|---|---|---|
| Anthropic PBC (Claude API) | AI Analysis Processor | Gait interpretation, exercise recommendations with dosing, shoe compatibility. Anthropic does not use API data to train AI models. | Video recordings, pain context, biomechanical data, foot strike classification |
| Google LLC (MediaPipe) | On-Device Processing | Body landmark detection from walking videos. Runs entirely on the user’s device — no data is sent to Google servers. | None (on-device only) |
| Functional Software Inc. (Sentry) | Error Monitoring Processor | Crash diagnostics | Technical error data only |
| Supabase Inc. | Cloud Infrastructure | Data storage and authentication | All consumer health data |
| Resend Inc. | Email Service | Recovery communications | Email address only (no health data in emails) |
| Serper (Google Search API) | Product Lookup Service | Receives shoe brand/model names for product lookup. No health data shared. | Shoe brand/model names only (no health data) |
StepSavvy has no corporate affiliates. We are an independently operated company with no parent company, subsidiaries, or affiliated entities that receive consumer health data.
Your Rights
Under applicable consumer health data privacy laws, you have the following rights:
- Right to Confirm: You may request confirmation of whether we collect, share, or sell your consumer health data.
- Right to Access: You may request a copy of the consumer health data we have collected about you.
- Right to a Third-Party List: You may request a list of all third parties and affiliates, including contact information, with whom we have shared your consumer health data during the prior 12 months.
- Right to Withdraw Consent: You may withdraw your consent to the collection and sharing of your consumer health data at any time.
- Right to Delete: You may request that we delete your consumer health data. Upon receiving a verified deletion request, we will delete your data from active systems within 30 days and from backup systems within an additional 6 months. We will direct all third parties who received your data to delete it as well.
How to Exercise Your Rights
Email: stepsavvy.app@gmail.com
In-app: Profile > Data & Privacy
We will respond to verified requests within 30 days, free of charge, up to twice per calendar year. We will not discriminate against you for exercising any of these rights.
Right to Appeal: If we deny your request, you may appeal by contacting us at stepsavvy.app@gmail.com. If you are unsatisfied with the outcome of an appeal, you may file a complaint with the Washington State Attorney General, the Connecticut Attorney General, or the Nevada Attorney General, as applicable.
Consent
We obtain your consent to collect, use, and share consumer health data as follows:
- Collection consent: Obtained when you voluntarily enter health information into the app (such as surgery type, conditions, and pain data), or relied upon as necessary to provide the service you have requested.
- Sharing consent: Obtained separately before sharing your data with our AI analysis provider, through an in-app consent modal presented prior to your first gait analysis.
We do not sell consumer health data and therefore do not require sale authorization.
Your consent must be freely given, specific, informed, and unambiguous. We will never collect consumer health data without valid consent or a permissible legal basis.
Withdrawing Consent: You may withdraw your consent at any time by navigating to Profile > Data & Privacy within the app, or by emailing stepsavvy.app@gmail.com. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal.
Geofencing
StepSavvy does not use geofencing technology in any form. We do not use GPS, cell tower data, Wi-Fi signals, Bluetooth beacons, or any other location technology to establish virtual boundaries around health care facilities, mental health facilities, reproductive health clinics, or any other physical locations.
This disclosure is made in compliance with RCW 19.373.080, which prohibits the use of geofencing around health care facilities for the purpose of collecting consumer health data.
Data Security
We implement administrative, technical, and physical security measures appropriate to the sensitivity of consumer health data, including:
- Encryption of data in transit using TLS 1.2 or higher
- Encryption of data at rest on our infrastructure provider's servers
- Access controls and authentication mechanisms to limit data access to authorized personnel
- Regular security reviews of our systems and practices
All third-party processors who receive consumer health data are contractually required to maintain appropriate security measures consistent with industry standards.
Data Retention
We retain your consumer health data only for as long as your account is active or as needed to provide you with our services.
Upon account deletion or a verified deletion request, your consumer health data is removed from active systems within 30 days and from backup systems within 6 months.
You may request deletion of your consumer health data at any time by contacting us at stepsavvy.app@gmail.com, or through the in-app privacy settings.
Changes to This Policy
If we make material changes to this Consumer Health Data Privacy Policy, we will notify you before those changes take effect. Material changes include, but are not limited to, new categories of consumer health data collected, new purposes for collection, or new third parties with whom data is shared.
If we collect new categories of consumer health data or use existing data for materially different purposes, we will update this policy and obtain your affirmative consent before proceeding.
Contact Us
If you have questions about this Consumer Health Data Privacy Policy or wish to exercise your rights, please contact us:
StepSavvy LLC
Consumer Health Data Privacy Inquiries
stepsavvy.app@gmail.com201 Rue Beauregard STE 202
Lafayette, LA 70508
Website: stepsavvy.app
We respond to verified requests within 30 days.