1300 734 643ContactFor CorporatesFor Clinicians
Privacy Impact Assessment

Wearable data

Last updated 24 May 2026

This Privacy Impact Assessment covers wearable device data collected via the Janet Cares sync workflow. It supplements the full Privacy Policy.

1. What wearable data we collect

We read seven fields from your device:

  • Sleep duration
  • Deep sleep percentage
  • Step count
  • Resting heart rate
  • Heart rate variability (HRV)
  • Active calories
  • Date of measurement

We do not access GPS location, raw accelerometer data, audio, photos, or any other sensor data your device may hold.

2. How your data flows

  1. Your device — Apple HealthKit or Android Health Connect stores the measurements locally.
  2. Your workflow — an iOS Shortcuts or Android Tasker automation (running on your device) packages the seven fields.
  3. Encrypted transit — the workflow sends an HTTPS POST to janet.care/api/wearable/sync. All data is encrypted in transit (TLS 1.3).
  4. Storage — the fields are written to biomarkers.daily_logs in our Supabase database, Sydney region (ap-southeast-2).
  5. Use — data is read server-side by our risk engine. It is never exported to third parties and never used for advertising.

3. Who can see your data

Access is strictly limited to:

  • You — enforced by row-level security. Your wearable rows are never readable by other members.
  • Your care team clinician, if you have connected one to your account.
  • Work Healthy Australia clinical staff for technical support purposes only. All such access is recorded in our audit trail.

4. Audit trail

Every sync request is recorded in our audit log, capturing:

  • Which device provider sent the data (Apple Health, Android Health, or manual entry)
  • Which fields were written in that request
  • The IP address of the request
  • The timestamp of the sync

You can export this log as part of your full data export at /account.

5. Deleting your wearable data

You can delete all Apple Health, Android Health, or manual-entry rows from your health record at /account/data/wearables without affecting your questionnaire answers, lab results, or any other data.

6. Data minimisation

We only receive data you explicitly send via your Shortcuts or Tasker workflow. We do not run continuous background sync and do not request access to your HealthKit beyond what your workflow sends. You can stop syncing at any time by deleting your Shortcuts workflow — no data will flow after that point.

7. Retention

Wearable data is retained for the life of your account unless you delete it earlier. When you close your account, all wearable data is permanently deleted as part of the erasure process.

← Full Privacy Policy

01 /Your data is encrypted at rest and never shared with advertisers or insurers.
02 /Cancel your membership in one click. Export or delete your data anytime.
03 /If you're not happier after 30 days, we refund the month. No questions.
StoriesPrivacySecurityData handling
Janet Cares2026janet.care