Back to Home

Privacy & Data Protection

Learn how Penng collects, uses, and protects your health data

What Data We Collect

Penng collects several types of health and personal data to provide our services and improve your experience. We only collect what's necessary to deliver accurate health insights and a personalized experience.

Personal Information

  • Account Information: Name, email address, password (stored securely), date of birth, gender, height, and weight
  • Profile Data: Optional information like profile picture, fitness goals, and preferences
  • Billing Information: Payment details for premium subscriptions (processed securely by our payment providers)

Health and Activity Data

  • Biometric Data: Heart rate, heart rate variability (HRV), blood oxygen levels, skin temperature
  • Activity Data: Steps, distance traveled, calories burned, floors climbed, exercise type and duration
  • Sleep Data: Sleep duration, sleep stages, breathing rate, and other sleep metrics
  • Nutrition Data: Food logs, water intake, and macronutrient information you enter

Location Data

  • GPS Location: During outdoor workouts (running, walking, cycling, golf, hiking), we collect precise GPS coordinates to track your route, distance, pace, and elevation
  • Location Frequency: GPS data is collected at intervals of 5-15 meters during active workouts, depending on the activity type
  • Background Location: With your permission, we may track location in the background during workouts to ensure accurate distance and route mapping even when the app is minimized
  • IP-Based Location: We may use your IP address to determine your approximate location for regional pricing and localized content

Device Features and Permissions

  • Camera Access: We request access to your device's camera to enable food tracking features and barcode scanning
  • Photo Library: With your permission, we may access your photo library to upload food images
  • Storage: We temporarily store food images locally before securely uploading them

Penng Band & Bluetooth Data

  • Bluetooth Permissions: We require Bluetooth access to connect to and sync data from your Penng Band wearable device
  • Device Information: We collect device identification, pairing status, battery level, and firmware version from your Penng Band
  • Sync Data: Health metrics collected by the band are synced to the app, including heart rate, steps, sleep, and activity data

Third-Party Health Integrations

  • Apple Health (iOS): With your permission, we read and write health data to Apple Health, including heart rate, HRV, steps, sleep, workouts, and blood oxygen
  • Health Connect (Android): With your permission, we sync health data with Google Health Connect for a unified health experience
  • Strava: If you connect your Strava account, we may import workout data to provide a complete picture of your activity

Health Connect Data Usage (Android)

Penng uses Health Connect to provide a unified health experience on Android. Below is a detailed breakdown of each data type we access and why:

πŸ’€ Sleep Data (READ & WRITE)

Purpose: Track sleep quality, duration, and sleep stages (REM, deep, light, awake)

Usage: Calculate Recovery Scores and provide sleep insights

User Control: Can be disabled in Settings β†’ Health Connect

Android Permissions: READ_SLEEP, WRITE_SLEEP

❀️ Heart Rate Data (READ & WRITE)

Purpose: Monitor cardiovascular health and workout intensity

Usage: Calculate Strain Scores, track resting heart rate trends, analyze workout performance

User Control: Can be disabled in Settings β†’ Health Connect

Android Permissions: READ_HEART_RATE, WRITE_HEART_RATE

πŸ‘£ Steps Data (READ & WRITE)

Purpose: Monitor daily activity levels and movement patterns

Usage: Calculate daily activity metrics and calorie burn

User Control: Can be disabled in Settings β†’ Health Connect

Android Permissions: READ_STEPS, WRITE_STEPS

πŸ‹οΈ Exercise Data (READ & WRITE)

Purpose: Log and analyze workout sessions

Usage: Track fitness progress, workout history, and weekly activity goals

User Control: Can be disabled in Settings β†’ Health Connect

Android Permissions: READ_EXERCISE, WRITE_EXERCISE

Data Retention

All health data is stored locally on your device and in your private encrypted cloud storage. You can delete all data at any time from Settings β†’ Account β†’ Delete Account.

Data Sharing

Health data is never shared with third parties without your explicit consent. We do not sell your health data. When you connect your Penng account to third-party services (like Strava), only the data you explicitly authorize will be shared.

Health Connect SDK

Penng uses the official Health Connect SDK provided by Google to ensure secure and compliant access to your health data. All data access follows Android's health permissions framework and can be reviewed in your device's Health Connect settings at any time.

Analytics & Usage Data

  • App Analytics: We use Firebase Analytics and Mixpanel to understand how you use our app, including feature usage, session duration, and app performance
  • Device Information: Device type, operating system version, app version, and unique device identifiers
  • Error Reporting: Crash logs and error reports to help us identify and fix bugs
  • Push Notifications: Push notification tokens and your notification preferences

Important Note

You control what data is collected. Many data types can be disabled in the app settings if you prefer not to share this information.

POPIA Compliance

Penng is fully compliant with the Protection of Personal Information Act (POPIA) of South Africa, ensuring your personal data is handled with the highest standards of protection and transparency.

How We Meet POPIA Requirements

  • Accountability: We take full responsibility for protecting your personal information
  • Processing Limitation: We only process data that is adequate, relevant, and not excessive
  • Purpose Specification: Your data is collected for specific, lawful purposes
  • Security Safeguards: We implement appropriate technical and organizational measures
  • Openness: We maintain transparent data processing practices

Information Officer

For any POPIA-related inquiries, or to exercise your rights to access, correct, or delete your personal information, please contact our designated Information Officer:

gold@penng.ai

Your POPIA Rights

Right to Access

Request confirmation and details of your personal information

Right to Correction

Update or correct inaccurate personal information

Right to Deletion

Request erasure of your personal information

Right to Object

Object to the processing of your personal information

GDPR Compliance

Penng is fully compliant with the General Data Protection Regulation (GDPR), the comprehensive data protection law in the EU.

How We Meet GDPR Requirements

  • Lawful Basis: We process your data only when we have a legal basis to do so
  • Transparency: Our privacy policy clearly explains what data we collect and how we use it
  • Data Minimization: We only collect data that's necessary for providing our services
  • Storage Limitation: We only keep your data for as long as necessary

GDPR Rights at a Glance

1

Right to Access

Know what personal data we process and why

2

Right to Rectification

Correct inaccurate personal data

3

Right to Erasure

Request deletion of your personal data

4

Right to Restriction

Limit how we use your personal data

5

Right to Data Portability

Obtain and reuse your personal data

Questions About Your Data?

Our privacy team is here to help with any questions or concerns about your data.

Email Privacy TeamVisit Support Center