Legal · health connect

Health Connect data usage

Per-permission justification for the five Android Health Connect permissions Hexhold reads. Source-of-truth doc: docs/legal/health-connect-declaration.md. Last updated: 2026-05-20.

App overview

Hexhold is a free, multiplayer gaming app where real-world wellness activity (steps, sleep, heart-rate-validated exercise) influences in-game progression. The user plays competitive PC games (Dota 2, CS, etc.) and earns XP per match; wellness signals from Android Health Connect multiply that XP via a "boost" system. XP is spent by player crews to conquer a synthetic territory map across monthly seasons.

The app is positioned for adult competitive PC gamers who already own wearables (Garmin, Samsung, Apple, Whoop). Health Connect is the canonical bridge between those wearables and the in-game boost economy.

Per-permission justification

android.permission.health.READ_STEPS

Use
Daily step total drives the entry-level outdoor boost — ≥3,000 steps activates a 6-hour multiplier on gaming XP. It is also a streak-extension signal.
Why required
Without step data, the app cannot determine whether the user has met the outdoor-boost threshold. Step count is the lowest-friction wellness signal and the most common starting point for users.
Data handled
Daily step totals (integer values) read from Health Connect; aggregated server-side; not transmitted to third parties. Raw step series are not retained.
Retention
Daily totals retained for the life of the account. Deletable on user request.

android.permission.health.READ_DISTANCE

Use
Distance walked corroborates step count and is used in cross-source plausibility checks (anti-cheat: detect step-only spoofing where distance does not move proportionally).
Why required
Anti-cheat. Without distance, a spoofed step source (e.g. phone shaken on a metronome) cannot be distinguished from genuine walking activity.
Data handled
Distance values (meters per day). Aggregated server-side.
Retention
Daily totals for the life of the account.

android.permission.health.READ_EXERCISE

Use
Exercise session metadata (type, duration, time) validates that the user completed an intentional workout, contributing to the wellness-supercharge boost tier and streak extension.
Why required
Without exercise session metadata the app cannot reward intentional workouts (e.g. a 30-minute run) distinctly from incidental walking.
Data handled
Exercise type, start/end time, duration. No raw GPS / route data is read.
Retention
Session summaries retained for the life of the account.

android.permission.health.READ_HEART_RATE

Use
Heart-rate samples during exercise sessions are used to validate that the user performed cardio at moderate intensity ("Zone 2": ≥30 minutes at HR roughly 60–70% of estimated max). Zone-2 validation gates a higher-tier wellness boost.
Why required
Without heart rate, the app cannot distinguish between a leisurely 30-minute walk and a deliberate cardiovascular workout. This distinction is the core of the wellness-supercharge mechanic.
Data handled
Heart-rate samples (BPM + timestamp) read only during the user's logged exercise sessions. Used to compute time-in-zone server-side.
Retention
Raw HR samples retained for ≤ 90 days for anti-cheat plausibility checks (HR variance, source consistency). Aggregated time-in-zone retained for the life of the account.

android.permission.health.READ_SLEEP

Use
Sleep duration (≥7 hours within a 16-hour window) activates the wellness-supercharge boost tier and serves as a streak-extension signal.
Why required
Sleep is one of the three signals (steps, sleep, exercise) required to unlock the highest-tier multiplier in the app's central game mechanic. Without sleep data, the app cannot deliver this feature.
Data handled
Sleep session start, end, and duration. We do not request sleep-stage breakdowns; only top-level session timing.
Retention
Daily totals retained for the life of the account.

Data minimization commitments

  • We do not read any Health Connect permissions not listed above.
  • We do not background-poll for incremental data; reads are user-initiated (open app, sync action).
  • We do not transmit raw Health Connect data to third parties; only aggregated signals (e.g. "boost active yes/no") leave our server toward the user's client.

Data deletion path

Users can delete all stored health data by any of:

  1. Revoking the Health Connect permission via Android Settings → Health Connect → App permissions (immediate)
  2. Emailing the address in the privacy policy with a deletion request (within 30 days)
  3. Deleting their account in-app (immediate for account; within 30 days for any aggregated copies)

Submitter