Consumer Health Data Privacy Policy

Washington’s My Health My Data Act (MHMDA) requires services that handle “consumer health data” to publish a standalone notice covering exactly that category. Several signals you bring into Summit Line meet that definition. This page covers them. The rest of our practices live in the main Privacy Policy.

• Resting and maximum heart rate from your profile.
• Per-second heart rate streams pulled from your connected watch account’s activities.
• GPS coordinates from synced runs.
• Weight, sex, and birth year as entered in your profile.
• Training-load derivatives: TRIMP, CTL, ATL, TSB, vertical load. These are inferences computed on top of the raw inputs above.
• Free-text training notes you write — these may reference symptoms, injury, illness, or sleep, so we treat them as health-adjacent.

• Drawing your training-load and progression charts.
• Projecting goal-race finish times against your fitness curve.
• Generating AI coaching summaries when you ask the coach to read your training.

We do not use your consumer health data for advertising, lead generation, profiling for marketing, or any purpose outside the running of Summit Line.

• Your connected watch account— the source. Data flows from your Garmin, Coros, or Suunto account to ours under your OAuth grant.
• Supabase— stores it in our Postgres database with row-level security and at-rest encryption.
• Anthropic— receives activity names, your notes, and metric summaries when you ask for an AI coaching summary. Anthropic’s commercial API terms state this content is not used to train their models.
• Vercel— hosts the application and runs the request infrastructure.
• Resend— sends operator-only digest email. Consumer health data is not included in those digests.

We do not sell consumer health data. We do not share consumer health data for cross-context behavioral advertising. We do not run advertising of any kind.

• Access the consumer health data we hold about you.
• Portability— export it in a machine-readable format.
• Deletion— delete it or your whole account.
• Withdraw consent at any time. Withdrawing consent ends collection going forward.

The fastest path is Settings → Account → Delete my account. That cascades the delete across our database, revokes your connected watch account’s grant, and purges every consumer health data record tied to your user ID.

For requests you cannot serve yourself — targeted access, partial deletion, or correction — email privacy@runsummitline.com. We respond within 30 days.

We do not enter or use location data within 2,000 feet of any healthcare facility for advertising, marketing, or for inferring health care you may be seeking or receiving.

privacy@runsummitline.com