Privacy Policy

Effective Date: May 11, 2026  |  Last Updated: May 11, 2026

1. Scope and Acceptance

By using our Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services. Using a Service that requires you to authorize a connection to a third party (such as Garmin Connect) is your express consent to the data flows described for that integration.

2. Information We Collect

2.1 Information You Provide Directly

When you contact us, request access to a Service, or sign up for an account, you may provide your name, email address, employer, role, and any information you include in a message.

2.2 Information Collected Automatically

When you visit convergehealth.net, our hosting provider may log standard technical information such as IP address, browser type, pages visited, and timestamps for security, troubleshooting, and analytics. We do not use this information to build advertising profiles.

2.3 Information From Connected Services

If you authorize a connection between a Converge Health Service and a third-party platform such as Garmin Connect, we receive data from that platform as described in Section 7. We only receive data you have expressly authorized us to access.

2.4 Information We Do Not Collect

We do not collect biometric identifiers, government-issued identification numbers, payment card data through this Service, or precise location data by default. Where a Service requires location data, we will request your opt-in consent before collecting it; location collection is never enabled by default.

3. How We Use Information

We use the information we collect to:

• Provide, operate, and improve our Services;
• Display your own data back to you in the application interface;
• Respond to your inquiries and provide customer support;
• Send service-related communications (such as account verification or security notices);
• Protect the security and integrity of the Services and our users; and
• Comply with legal obligations.

We do not sell personal information. We do not use personal information for behavioral advertising. We do not use your data to train third-party machine learning or artificial intelligence models.

4. How We Share Information

We share personal information only in the limited circumstances below:

• Service providers. We may use vetted service providers (for example, web hosting or email delivery) who process information on our behalf and under contractual obligations to protect it.
• Legal compliance. We may disclose information if required by law, subpoena, court order, or other lawful process, or to protect our rights, safety, or the rights and safety of others.
• Business transfers. If Converge Health is involved in a merger, acquisition, or sale of assets, information may transfer as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
• With your consent. We will share information with other parties when you direct us to do so.

5. Data Retention and Storage

Local-first architecture. Converge Health Services that integrate with health and fitness platforms are designed on a local-first principle: data retrieved from connected platforms such as Garmin Connect is stored locally on your device whenever technically feasible. Where local-only storage is not feasible, data is encrypted in transit and at rest and stored only for the minimum period necessary to operate the Service.

We retain personal information only for as long as needed for the purposes described in this policy, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. You may request deletion at any time as described in Section 8.

6. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit (TLS), encryption at rest where data is stored on our infrastructure, principle-of-least-privilege access controls, multi-factor authentication for administrative access, and regular security review of our development practices.

No method of transmission or storage is completely secure. You are responsible for safeguarding your account credentials and notifying us promptly of any suspected unauthorized access.

7. Garmin Connect Data

7.1 Data We Access

Subject to the scopes you authorize, we may access the following categories of data from Garmin Connect through the Garmin Health, Activity, Training, Courses, and Women's Health APIs:

• Activity data (workouts, sport type, duration, distance, pace, splits);
• Wellness and health metrics (steps, calories, heart rate, sleep, stress, body battery, SpO2, respiration, HRV);
• Body composition and weigh-in data you have recorded;
• Training metrics (training load, training status, VO2 max, race predictions, FTP);
• Courses and route data;
• Women's Health data (menstrual cycle and pregnancy tracking) only if you explicitly authorize this scope;
• Device and gear metadata associated with your activities.

7.2 How We Use Garmin Data

We use Garmin Connect data only to provide the features you requested within the Converge Health Service to which your Garmin account is connected. We do not sell Garmin data, share it with advertisers, use it to train third-party AI or machine learning models, or combine it with data from other users for any purpose other than aggregate, non-identifying analytics necessary to operate the Service.

7.3 Transfer of Data to Garmin

Where a Converge Health Service writes data back to Garmin Connect (such as scheduling a workout or uploading a course), that data is transmitted from your device to Garmin Connect using the Garmin Connect Developer Program APIs. By using such a feature, you provide express consent to that transfer. The purpose of the transfer is to fulfill the action you initiated. The categories of data transferred are limited to the specific records you have created or modified.

7.4 Relationship With Garmin

Converge Health is an independent third-party developer authorized under the Garmin Connect Developer Program. Garmin is not a party to your agreement with Converge Health. Any data you submit to a Converge Health Service is submitted to Converge Health and not to Garmin, and Garmin has no responsibility or liability for any such data. Garmin's own collection and use of your data through Garmin Connect and Garmin devices is governed by the Garmin Connect Privacy Policy at https://www.garmin.com/privacy/connect.

7.5 Authorization and Revocation

You authorize Converge Health to access your Garmin Connect data through Garmin's standard OAuth consent flow. You can review and revoke this authorization at any time through your Garmin Connect account at connect.garmin.com under Account Settings → Account Information → Manage Connected Apps, or by deleting your Converge Health account. Revocation stops further data access immediately. You may also request deletion of any Garmin-derived data we hold by contacting us as described in Section 13.

7.6 Location Data From Garmin

Some Garmin activities include GPS or location data. We access activity location data only when you have explicitly enabled an activity feature that requires it (for example, a route or course display). Location collection is never enabled by default. You can disable location-dependent features in the Converge Health Service settings or revoke the Garmin authorization to stop further access.

8. Your Rights and Choices

Subject to applicable law, you have the following rights regarding personal information we hold about you:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate information.
• Deletion: Request that we delete your information, subject to legal retention requirements.
• Portability: Request a copy of your information in a structured, commonly used format.
• Withdraw consent: Withdraw consent for any processing based on consent, including by revoking connected service authorizations.
• Object or restrict: Object to or request restriction of certain processing.

Residents of California, Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have additional rights, including the right to opt out of certain processing and the right to non-discrimination for exercising privacy rights. California residents should also see Section 9 for additional disclosures. To exercise any of these rights, contact us as described in Section 13. We will respond within the timeframe required by applicable law.

9. California Notice at Collection

This section provides additional disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), for California residents.

9.1 Categories of Personal Information Collected

In the preceding 12 months, we may have collected the following categories of personal information, as defined by the CCPA/CPRA:

• Identifiers: name, email address, IP address.
• Customer records information: contact details and account information.
• Internet or other electronic network activity: server logs, pages visited, browser type.
• Geolocation data: only when expressly authorized by you in connection with a location-dependent feature (see Sections 2.4 and 7.6).
• Health-related information: wellness, activity, and biometric metrics received from Garmin Connect at your direction, as described in Section 7. We treat this information as sensitive personal information under the CCPA/CPRA.

9.2 Sources, Purposes, and Retention

We collect this information from you directly, automatically when you use our Services, and from third-party platforms you authorize (such as Garmin Connect). We use it for the purposes described in Section 3 and retain it as described in Section 5.

9.3 Sale and Sharing of Personal Information

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not knowingly sell or share the personal information of consumers under 16 years of age.

9.4 Use of Sensitive Personal Information

We use sensitive personal information, including health-related information received from Garmin Connect, only for the purposes permitted under CCPA/CPRA Section 1798.121, namely to provide the Services you requested. We do not use sensitive personal information to infer characteristics about you for any other purpose.

9.5 Your California Rights

California residents have the right to: (a) know what personal information we have collected, used, disclosed, and sold or shared; (b) request deletion of personal information; (c) request correction of inaccurate personal information; (d) opt out of the sale or sharing of personal information (not applicable here, as we do neither); (e) limit the use and disclosure of sensitive personal information; and (f) be free from discrimination for exercising these rights. To exercise any of these rights, contact us using the information in Section 13. You may also designate an authorized agent to make a request on your behalf, subject to our verification of the agent's authority.

10. Children's Privacy

Our Services are not directed to, and we do not knowingly collect personal information from, children under the age of 16. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11. International Users

Converge Health is based in the United States. If you access our Services from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your country of residence. By using the Services, you consent to this transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our Services, or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this policy and, where appropriate, provide additional notice (such as a banner on our website or an email to registered users). We will not change the URL of this policy without redirecting users from the previous location. Your continued use of the Services after a change takes effect constitutes your acceptance of the updated policy.

13. Contact Us

For questions or requests related to data we receive from Garmin Connect, please reference "Garmin Connect" in your subject line so we can route your request appropriately.