Privacy Policy

Astraeus Health Connect — Last updated: May 31, 2026

Overview

Astraeus Health Connect ("the Application") is a personal integration that connects the Hermes AI agent to Google Health API. It is designed as a private, single-user tool and is not made available to the general public. This Privacy Policy explains how user data is accessed, handled, and protected.

Data We Access

The Application requests read-only access to the following categories of data from your Google Health account:

• Activity and fitness data — including steps, distance, active energy, heart rate, heart rate variability, resting heart rate, breathing rate, oxygen saturation (SpO₂), sleep data, and workout/exercise logs.
• Health metrics and measurements — including weight, body fat percentage, body temperature, blood pressure, blood glucose, and hydration.

All access is read-only. The Application never writes, modifies, or deletes any data in your Google Health account.

How We Use Your Data

Your health data is used solely for the following purposes:

• Query responses — When you ask questions about your health data (e.g., "How many steps did I take yesterday?"), the Application fetches the relevant data from Google Health and presents it to you via a chat interface.
• Periodic summaries — If configured, the Application may generate periodic summaries of your health metrics (e.g., weekly step count trends).

Data Storage and Retention

• Health data is not persistently stored. Data is fetched on-demand from Google Health API in response to your queries and is not retained beyond the duration of the request-response cycle.
• OAuth tokens are stored securely on the private server running the Application. These tokens are used exclusively to authenticate API requests to Google Health and are never shared with any third party.
• Conversation history may be stored locally for continuity purposes. Health data within conversation history is incidental and not used for any purpose other than answering your follow-up questions.

Data Sharing

We do not share your data with any third parties. Specifically:

• Health data is never sold, traded, or transferred to third parties.
• Health data is never used for advertising, marketing, or profiling.
• Health data is never used to train AI models or machine learning algorithms.
• The Application communicates only with Google Health API servers and the authorized user's chat interface.

Data Security

• The Application runs on a private, password-protected server with SSH-key-based access.
• OAuth tokens are stored with filesystem-level permissions restricted to the application user.
• All API communications use HTTPS/TLS encryption.
• Access to the Application is limited to the authorized user via their personal messaging platform.

Your Rights

Since this is a private, single-user application, you have full control over your data:

• Revoke access at any time by visiting your Google Account permissions page and revoking the Application's access.
• Delete stored tokens by contacting the developer.
• Export your data at any time via Google Takeout.

Changes to This Policy

This Privacy Policy may be updated occasionally. The "Last updated" date at the top of this page will reflect the most recent changes. Since this is a personal-use application, significant changes will be communicated directly.

Contact

For questions about this Privacy Policy or the Application's data practices:

Cody Bingham
Email: codybingham@gmail.com

This Privacy Policy is effective as of May 31, 2026.