Privacy Policy

Effective April 9, 2026

What data we collect

When you use Freddy, we collect:

Email address — used for authentication via magic link and account identification.
Wearable OAuth tokens — used to sync data from your connected wearable (e.g., Polar). These tokens grant read-only access to your wearable account.
Health metrics — sleep, heart rate, HRV, activity, workouts, and other data synced from your wearable. Stored as structured rows in our database.

How we use your data

Your data is used exclusively to power your personal MCP server. When your AI client queries your Freddy endpoint, we read your stored health metrics and return them in the response.

We do not sell, share, or broker your health data to third parties. We do not use your data for advertising. Each user's data is isolated and accessible only through their personal MCP token.

Data storage and security

Your data is stored in a PostgreSQL database hosted on Railway (US infrastructure). All connections use TLS encryption. MCP endpoints are served over HTTPS only.

Data retention and deletion

Your health data is retained as long as your account is active. You can request full account deletion at any time. Upon deletion, we remove your user record, all health metrics, wearable connections, and MCP token.

For privacy questions or data deletion requests

privacy@freddy.coach