Consumer Health Data Privacy
1. Who We Are
This policy is published by Icemint LLC (the "Company," "we," "us," or "our"), a Wyoming limited liability company with its principal place of business at 30 N Gould St, Ste R, Sheridan, WY 82801. Contact: [email protected].
2. Plain-Language Summary
The Company does not receive, transmit to its servers, or store on its infrastructure any consumer health data.
Tawen reads health-related data from Android Health Connect on your device only. The readiness score, pillar values, and AI-generated narratives that Tawen produces are computed and stored entirely on your device. No raw Health Connect data and no derived score, pillar, or narrative ever reaches the Company's servers. The Company has no technical ability to read, copy, sell, share, or transmit your consumer health data.
This is enforced by the App's code architecture, not merely promised in this policy. See the general Privacy Policy at https://tawen.app/privacy, Section 2, for the technical detail.
3. Categories of Consumer Health Data Implicated
Important note before reading this list. This list is provided for transparency, not as an inventory of data the Company holds. None of the data listed below is received, transmitted to the Company's servers, or stored on the Company's infrastructure. The list describes data that exists on your device — in Android Health Connect and in the App's local database (including the hourly input snapshots and derived scores, pillar values, and narratives the App computes from Health Connect metrics) — and that Tawen reads or derives on your device only. The Company has no copy of any of this data.
For transparency under RCW 19.373.030(1)(a), the categories of data that would qualify as "consumer health data" under the Washington My Health My Data Act if collected by the Company — but which remain exclusively on your device and are not collected by the Company — include:
- sleep duration, sleep stages, sleep sessions;
- heart rate;
- heart rate variability (HRV, RMSSD);
- resting heart rate;
- skin temperature variations from baseline;
- body temperature;
- blood oxygen saturation (SpO₂);
- steps;
- exercise sessions and training load;
- the readiness score and pillar sub-scores derived from the above (treated by the Company as inferred consumer health data); and
- the AI-generated narrative text derived from the above.
The Company treats inferred and derived attributes as consumer health data for the purpose of this analysis. The architecture described in Section 2 ensures that none of this data leaves your device.
4. Sources of Data
The Company's App reads the above categories of data from Android Health Connect, the centralized health-data store on your Android device, which is managed by Google as part of the Android operating system. Health Connect itself is populated by other apps and devices you have authorized to write data to it — for example, your wearable's companion app (Wear OS, Samsung Health, Fitbit, Garmin Connect, Polar Flow, Whoop, Oura), a third-party fitness app, or manual entry. Tawen reads from Health Connect; Tawen does not connect directly to your wearable or to any other data source.
You expressly authorize Tawen to read each category via:
- the Android Health Connect permission dialog presented by the operating system; and
- a separate, prior in-App consent screen presented by Tawen that lists each Health Connect data type and its purpose.
You may withdraw these permissions at any time by revoking Health Connect permissions in your Android device's Settings or by tapping Settings → Privacy → Delete all data within the Tawen App.
5. How Consumer Health Data Is Used and Shared
| Activity | Performed by the Company? | Performed on your device by the App? |
|---|---|---|
| Reading Health Connect data | No | Yes (read-only) |
| Computing readiness score and pillar values | No | Yes (on-device) |
| Generating AI-narrative text | No | Yes (on-device Gemini Nano) |
| Storing health-derived data | No (the Company has no server-side storage of health data) | Yes (on-device Room database; stored on your device only; history view limited to 7 days (Free) / 90 days (Pro); you can delete all on-device data at any time via Settings → Privacy → Delete all data) |
| Selling health-derived data | No — never | N/A |
| Sharing health-derived data with third parties | No — never | N/A |
| Sharing health-derived data with affiliates | No — never (the Company has no affiliates) | N/A |
| Using health-derived data for advertising | No — never | N/A |
| Using health-derived data for marketing communications | No — never | N/A |
| Using health-derived data for insurance, employment, lending, or credit decisions | No — never | N/A |
| Geofencing around health-care facilities | No — never | N/A |
The Company complies with RCW 19.373.040 (the prohibition on geofencing around health-care facilities) and with RCW 19.373.060 (the prohibition on the sale of consumer health data without valid authorization).
6. Third-Party Recipients of Consumer Health Data
The Company shares no consumer health data with any third party, affiliate, contractor, or service provider. There are no recipients of consumer health data to disclose under RCW 19.373.030(1)(b)–(c).
For completeness, the only third parties to which the Company transmits any data — none of which is consumer health data — are:
- Google LLC (Firebase Analytics, Firebase Crashlytics, Firebase App Check, Google Play Billing): receives anonymous usage events, crash diagnostic data, device-integrity attestation tokens, and Tawen Pro purchase tokens. The Company's analytics-wrapper class enforces at compile time that no health value can be passed to Firebase.
- Cloudflare, Inc. (Website CDN and security): receives IP addresses and request logs for visitors to tawen.app for DoS protection and performance. The Website does not collect or process any consumer health data.
Why the telemetry above is not "consumer health data." RCW 19.373.010(8) defines "consumer health data" as personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status. The telemetry above:
- contains no health values, no readiness score, no pillar values, no AI narrative text, and no Health Connect record of any type;
- contains only pseudonymous device identifiers (Firebase Installation ID, Firebase App Instance ID, App Check tokens) and descriptive event names that do not encode any health signal;
- by the App's compile-time wrapper architecture cannot accept any numeric health value as input; and
- when received by a recipient, cannot be used to identify a consumer's physical or mental health status because it carries no information about that status.
The fact that the data subject installed a wellness app is information about app usage, not about the consumer's health status. The Company therefore takes the position that the telemetry described in this Section 6 is outside the scope of "consumer health data" under MHMDA, NV SB 370, and the Connecticut consumer-health-data amendments. This position rests on the statutory distinction between (a) data that identifies a consumer's physical or mental health status and (b) data that merely identifies use of a product or service, which is the operative distinction under RCW 19.373.010(8) and its sister statutes.
7. Your Rights as a Washington Resident
Under the Washington My Health My Data Act, RCW 19.373.040, you have the following rights with respect to your consumer health data. The Company grants these rights in full. The substantive "no" and "none" responses below are not denials of the right; they reflect the factual reality that the Company has no consumer health data to disclose, share, sell, or transmit, because all such data remains on your device.
| Right | What it means here |
|---|---|
| Confirm collection | Confirm whether the Company is collecting, sharing, or selling your consumer health data. Our answer is: no. You may request written confirmation by contacting [email protected]. |
| Access | Request a list of all consumer health data the Company has collected about you. Our answer is: none — the Company collects no consumer health data. |
| List of recipients | Receive a list of all third parties and affiliates with whom the Company has shared or sold consumer health data. Our answer is: none. |
| Withdraw consent | Withdraw consent for the Company's collection and sharing of your consumer health data. You may withdraw consent at any time by revoking Health Connect permissions in Android Settings and/or by tapping Settings → Privacy → Delete all data within the Tawen App. The Company will honor withdrawal of consent for any future processing. |
| Deletion | Request that the Company delete consumer health data the Company has collected. The most effective deletion mechanism is Settings → Privacy → Delete all data in the Tawen App, which immediately and irreversibly wipes all on-device data. For any server-side data, contact [email protected]. |
| No discrimination | The Company will not deny services, charge different prices, or provide a different quality of service because you have exercised these rights. |
To submit a rights request, email [email protected]. We will acknowledge your request within 10 business days and respond substantively within 45 days of receipt (extendable once by an additional 45 days for complex requests, with notice to you).
Authorized agent. A Washington resident may use an authorized agent to submit a rights request. The agent must provide written authorization signed by you, and the Company may require verification of your identity.
Appeal. If we deny your rights request, you may appeal by replying to our response within 60 days. If your appeal is denied, you may submit a complaint to the Washington State Attorney General at atg.wa.gov.
8. Consent
The Company does not collect consumer health data, so no consent is required for collection by the Company. To the extent the App reads Health Connect data on your device, you provide affirmative consent through:
- the Android Health Connect permission dialog; and
- the separate in-App consent screen presented by Tawen at first launch and before any Health Connect read occurs.
The in-App consent screen identifies the specific Health Connect data types Tawen accesses and the purpose of each. You may revoke consent at any time, as described in Section 7.
9. Sale of Consumer Health Data — Affirmative Statement
Pursuant to RCW 19.373.060, the Company makes the following affirmative statement:
The Company does not sell, and has never sold, any consumer health data. The Company has no intention of selling consumer health data in the future. The Company has not received any valid authorization for the sale of consumer health data because no such sale has occurred or is planned.
10. Geofencing — Affirmative Statement
Pursuant to RCW 19.373.040, the Company makes the following affirmative statement:
The Company does not implement, and has never implemented, any geofence around the location of any entity providing in-person health-care services for any purpose, including but not limited to identifying consumers, tracking consumers, collecting data, or sending notifications, messages, or advertisements related to such consumers' health data or services.
11. Data Security for Consumer Health Data
Because the Company does not store consumer health data on its servers, the relevant security boundary is your device. The App relies on:
- Android's application-sandbox isolation;
- device-level encryption (where available on your Android device);
- read-only access to Health Connect (Tawen never writes to Health Connect);
- on-device storage only, with a history view limited to 7 days (free) or 90 days (Pro), and user-controlled deletion of all on-device data at any time; and
- user-controlled instant deletion via Settings → Privacy → Delete all data.
We recommend that you protect your device with a screen lock and keep your Android OS up to date.
12. Changes to This Policy
We will notify Washington residents of material changes to this Consumer Health Data Privacy Policy at least 30 days before the changes take effect, via the App or, if you have provided an email address, by email. A copy of the previous version is available at https://tawen.app/health-privacy/previous.
13. Contact
Consumer health data privacy questions and rights requests: [email protected]
Icemint LLC 30 N Gould St, Ste R, Sheridan, WY 82801 United States
Washington State Attorney General: 1125 Washington Street SE PO Box 40100 Olympia, WA 98504-0100 atg.wa.gov
This Consumer Health Data Privacy Policy is effective June 14, 2026 (v1.1).