Privacy Policy

Last updated: March 2026

The short version: Your health data goes from your device directly to your Intervals.icu account. The app uses a lightweight authentication server to securely connect your Intervals.icu account via OAuth — no health data passes through this server. The app collects no analytics and includes no third-party tracking.

IntervalsWellnessSync is built and maintained by Ryan Grgurich. This policy explains what data the app accesses, where it goes, what is stored on your device, and how authentication works.

What Health Data the App Reads

IntervalsWellnessSync requests read-only access to the following Apple HealthKit data types. You control which types to grant during the iOS permission prompt, and you can change permissions at any time in iOS Settings → Health → IntervalsWellnessSync.

Sleep analysis (duration, sleep stages)
Heart rate variability (SDNN)
Heart rate
Resting heart rate
Body mass (weight)
Body fat percentage
Step count
Oxygen saturation (SpO₂)
VO₂ max
Respiratory rate
Dietary energy consumed (calories)
Dietary macronutrients (carbohydrates, protein, fat)
Blood glucose
Menstrual cycle data

If you enable Enhanced HRV Mode, the Apple Watch companion app also accesses heartbeat series data (beat-to-beat RR intervals via HKHeartbeatSeriesBuilder).

The app does not write any data to HealthKit.

Authentication

IntervalsWellnessSync uses OAuth2 to connect to your Intervals.icu account. When you sign in, you are redirected to Intervals.icu to authorize the app. You never enter your Intervals.icu password into IntervalsWellnessSync.

The OAuth flow requires a lightweight server hosted by the developer to securely exchange an authorization code for an access token. This server handles only the token exchange. It does not receive, process, or store any of your health or wellness data. The server does not maintain user accounts and does not log or retain any information after the token exchange is complete.

The access token returned by Intervals.icu is stored on your device and used to authenticate API requests. You can revoke access at any time from your Intervals.icu settings page.

Where Your Health Data Goes

When you tap "Sync" or when the app syncs automatically on your configured schedule, the app sends your health and wellness data directly from your device to the Intervals.icu API at https://intervals.icu/api/v1/. The data is transmitted over HTTPS and authenticated using the OAuth access token stored on your device.

Your health data never passes through the developer's server. The authentication server is only involved in the initial OAuth sign-in flow. All subsequent data transfers go directly from your device to Intervals.icu.

You control what is synced. Each metric can be individually excluded from sync. Subjective wellness ratings (soreness, fatigue, stress, mood, motivation, sleep quality) are only sent when you manually submit them.

What Is Stored on Your Device

OAuth access token (issued by Intervals.icu): stored in the iOS Keychain, Apple's encrypted credential storage. The token is obtained once during sign-in via a secure token exchange through intervalswellnesssync.com — this is done so that the OAuth client secret is never embedded in the app itself, where it could be extracted from the binary. Once obtained, the token is stored on-device and used only as an authorization header in requests to Intervals.icu.
Athlete ID (your Intervals.icu athlete identifier): received automatically during sign-in and stored in the iOS Keychain. Used to associate your data with your Intervals.icu account.
User preferences (selected metrics, display settings, sync schedule): stored in UserDefaults and/or App Group shared storage for the Watch companion.
Locally cached wellness data (today's readings and recent sync history): stored on-device to support the dashboard display.
Backfill history: When you use the backfill feature to upload historical data, the app saves a snapshot of your Intervals.icu wellness data from before the backfill. This snapshot is stored on-device using SwiftData and serves as an undo mechanism — if a backfill overwrites data you didn't intend to change, you can revert to the previous state. Backfill history includes the date range, mode, and a full copy of the pre-backfill wellness data from Intervals.icu for the affected days. You can delete backfill history at any time from within the app.

HealthKit is the source of truth for all health data. The app reads from HealthKit at sync time and does not retain copies beyond what is needed for the current session, dashboard display, and backfill undo records.

What Is Stored on the Server

The developer's authentication server does not store any user data. It processes the OAuth token exchange in memory and does not persist tokens, athlete IDs, or any other information. The server has no database.

What the App Does NOT Do

Does not collect, store, or transmit analytics or usage data
Does not include any third-party SDKs, frameworks, or tracking libraries
Does not use advertising identifiers
Does not collect device identifiers
Does not collect your name, email, or any contact information
Does not collect location data
Does not send crash reports to any service
Does not route health data through any server — all wellness data goes directly from your device to Intervals.icu
Does not share data with anyone other than Intervals.icu at your explicit direction

Third-Party Services

The app communicates with the following services:

Intervals.icu (intervals.icu): For OAuth authentication and all wellness data uploads. Data sent to Intervals.icu is governed by Intervals.icu's own privacy policy.
IntervalsWellnessSync authentication server: Used only during the initial OAuth sign-in to exchange an authorization code for an access token. No health data is sent to this server.

Data Deletion

Uninstalling the app removes all locally stored data including cached wellness data, backfill history, user preferences, and Keychain credentials (including your OAuth access token).
Backfill history: You can delete individual backfill records or all backfill history from within the app at any time.
Revoking access: You can revoke IntervalsWellnessSync's access to your Intervals.icu account at any time from the Intervals.icu settings page. This invalidates the access token.
HealthKit data is owned and managed by iOS. Removing the app does not affect your HealthKit data.
Data already uploaded to Intervals.icu is managed within your Intervals.icu account.

Children's Privacy

IntervalsWellnessSync is not directed at children under 13. The app does not knowingly collect any information from children.

Changes to This Policy

If this policy is updated, the revised version will be posted at this URL with an updated date. Material changes will be noted in the app's release notes.

Contact

If you have questions about this privacy policy or the app's data practices, please reach out via the Intervals.icu forum.