Privacy Policy

Effective date: 2026-02-11

Who we are

This is a personal integration that connects a WHOOP account to a private automation service (running on a private VPS) to generate summaries and analytics for the authorized user.

Data we collect

After you authorize access via WHOOP OAuth, we may access and process the following WHOOP data (depending on granted scopes):

• Profile data (e.g., name/email, if granted)
• Recovery data (e.g., recovery score, HRV, resting heart rate)
• Sleep data (e.g., sleep duration, sleep performance, sleep stages)
• Workout / strain data
• Cycle data

How we use the data

We use the data only to provide personal insights, summaries, and analytics to the authorized user (for example, daily/weekly reports).

Data storage

OAuth tokens (including refresh tokens) are stored on the private server to keep the integration working. Data retrieved from WHOOP may be cached or stored to generate summaries and trends.

Sharing

We do not sell your data and do not share it with third parties, except where required to operate the integration (e.g., communicating with WHOOP’s API) or as required by law.

Security

We use HTTPS (TLS) for connections to this service. Server access is restricted. However, no method of transmission or storage is 100% secure.

Retention

We keep tokens and any stored data only as long as necessary to provide the service. You can request deletion (see Contact) and you can revoke access in the WHOOP app at any time.

Your choices

• Revoke access in the WHOOP app to stop further access.
• Contact us to delete stored tokens and any stored data.

Contact

For privacy requests, contact: privacy@dmbor.ru