WH Data Ingestion Engine — Privacy Policy

Thank you for using WH Data Ingestion Engine, an application designed to advance research in women's health by gathering anonymized data from wearable devices. Your privacy is extremely important to us. This Privacy Policy explains what data we collect, how we use it, and what rights you have regarding your information.

1. Overview

WH Data Ingestion Engine collects physiological and behavioral data from wearable devices (such as WHOOP, Oura, Garmin, or Apple Watch) to support open scientific research in women's health.

All data collected is anonymized, stripped of direct identifiers, and shared only as part of an open-source research dataset. We do not collect or release personally identifiable information (PII) unless explicitly provided by you (e.g., an optional email address for contact), and we never publish or share any PII.

2. Data We Collect

a. Information You Provide

• Optional contact data, such as an email address, if you choose to create an account or contact us
• Optional demographic information (for example, age range or menstrual cycle history), collected only with your consent and anonymized before use

b. Wearable Device Data

If you link a wearable device, we may collect:

• Heart rate and heart-rate variability
• Sleep stages and sleep duration
• Activity metrics (steps, workouts, movement patterns)
• Temperature or skin temperature
• Respiratory rate
• Menstrual or reproductive-health markers (if available from your device)
• Additional device-specific physiological data

All wearable data is anonymized immediately after collection.

c. Device and Usage Information

We may automatically collect:

• Device type, model, and operating system
• App usage patterns
• IP address (which is anonymized immediately)
• Error logs or crash reports

This helps us improve performance, usability, and security.

3. How We Anonymize Data

WH Data Ingestion Engine uses a multi-stage anonymization process to ensure that your identity cannot be linked to your data. This process includes:

• Removing direct identifiers such as names, email addresses, or device IDs
• Replacing identifiers with randomly generated participant codes
• Aggregating or adding small amounts of noise to high-risk attributes when necessary
• Storing any optional contact information separately from all research data

We follow widely accepted guidelines for data anonymization, including HIPAA de-identification standards and GDPR anonymization principles.

Once anonymized, data cannot be traced back to you.

4. How We Use Data

WH Data Ingestion Engine uses anonymized data to:

• Support open scientific and medical research in women's health
• Analyze trends in physiological metrics, behavior, and well-being
• Improve the design and functionality of the application
• Provide open-source datasets to researchers, clinicians, and the public

We will never use your data for advertising, marketing, or commercial profiling.

5. Open-Source Data Sharing

A core mission of WH Data Ingestion Engine is to promote transparency and collaboration in women's-health research.

Anonymized data may be:

• Published in open-source databases such as GitHub, Zenodo, or PhysioNet
• Shared with academic researchers, clinicians, and health-technology developers
• Used for scientific publications, educational purposes, and research benchmarks

Before release, all datasets undergo an anonymization and privacy review to ensure they contain no PII or identifiable attributes.

You may opt out of future data sharing at any time (see Section 8).

6. Data Storage and Security

We protect all data using industry-standard security measures, including:

• Encrypted data transmission and storage
• Strict access controls
• Separation of contact data from wearable data
• Regular internal security audits and reviews

No system is perfectly secure, but we apply strong safeguards to minimize risks.

7. Legal Bases for Processing

Depending on your location, our legal bases for data processing may include:

• Your explicit consent (e.g., when connecting a wearable device)
• Our legitimate interest in supporting scientific and public-interest research
• Compliance with applicable data-protection laws

WH Data Ingestion Engine does not sell personal data.

8. Your Rights

You have the right to:

• Withdraw consent at any time
• Request deletion of your data
• Opt out of future open-source data releases
• Request a copy of the data you provided
• Ask questions about our anonymization process

To exercise any of these rights, contact us at: fmml@mit.edu

10. Updates to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

• Update the "Last Updated" date at the top
• Notify users through the app if major changes occur

Continued use of the app indicates acceptance of the updated policy.