FAQ
How secure is HealthExport Remote?
TL;DR: Health data is end to end encrypted between your phone and your browser, so nobody except you can read it. The app does not collect any analytics or crash data.
- User's health data is end to end encrypted between the iOS app and user's web browser.
- HealthExport Remote server stores encrypted version (ChaCha20 and Poly1305 algorithms) of user's health data. The iOS app and the user's browser use user's Apple Sign In identity token for encrypting / decrypting the data. Both apps never share the Apple Sign In identity token.
- HealthExport Remote server uses hashed version (SHA512) of Apple Sign In identity token for identifying user's records.
For more information visit HealthExport Remote Privacy White paper.
HealthExport Remote lets the user share health data with another person (for example a doctor) by sharing user's account key. See this section for more information. The account key cannot be revoked or changed, so the User should be careful with their account key and never share it with an untrusted person. When health data is shared with another person, the data is end to end encrypted between user's phone, user's browser, and a browser of the person that has been given the account key by the user.
Why is HealthExport Remote a subscription?
I would like to offer Remote as a free feature to all HealthExport users, but there are monthly costs associated with running and maintaining the Remote server. A monthly subscription is unfortunately the only financially sustainable business model for me at this moment.
Can I cancel the subscription?
Yes, you can cancel the subscription at any time. For more information see the guide on Apple's website. If the subscription is canceled, you will retain access to the HealthExport Remote for the rest of prepaid time period. Your access to the HealthExport Remote website will be revoked when the subscription ends.
What health types are supported?
At this moment, Remote supports all data types found in the mobile application except:
- Record based heart rate types
I plan to add support for these types as soon as possible.
How often is the background data upload performed?
Generally speaking, the aggregated data is synced once an hour and the record based data is synced within a few seconds/minutes after it has been inserted into the Health app.
The precise time period of background data upload depends on many factors such as your iOS version, iPhone model, battery level, etc.
Can I upload old health data to the Remote?
Yes. The mobile app has a manual upload feature, which allows you to manually upload health data from selected time period.
Is there an API?
Yes, there is an API.
User’s privacy is a top priority of mine. The data is end to end encrypted. This unfortunately means that you can get only encrypted data through the API and you need to decrypt it on your side. HealthExport uses ChaCha20 and Poly1305 algorithms for data encryption and there are many open source libraries for ChaCha20 Poly1305 data encryption/decryption for most popular programming languages.
API documentation: link
Can I share my health data with another person?
You can share access to your health data with another person (for example a doctor). To share your data, send the person your account key. Be extremely careful with your account key! The key cannot be revoked in the future. Once you send the key to someone, the person can read all of your health data.
To get your account key, or to connect an account key of another person, go to Settings → Data sharing on the Remote website.
Is it possible to license HealthExport Remote for business use?
Yes, it's possible to license HealthExport Remote for business use (for example as a fitness coach or a clinic). For more information about business use please reach out at hello@healthexport.app
If you have any questions, don’t hesitate to contact me via hello@healthexport.app