Privacy

Privacy Supplement

This notice supplements our main Privacy Policy with additional detail on two data processors not covered there: our email delivery provider and Google Health Connect. Both operate under GDPR as Data Processors acting on our instruction.

This document forms part of SystemOS's privacy documentation. Where this supplement conflicts with the main Privacy Policy, this supplement takes precedence for the specific processors described here. Last updated: April 2026.
✉️
Resend
Email delivery · Data Processor
Purpose
Transactional email delivery — waitlist confirmation, account notifications, DSAR acknowledgements
Data transferred
Email address only. No other personal data is shared with Resend.
Legal basis
Contract performance and legitimate interest (transactional communications)
Data location
United States. Resend participates in standard contractual clauses for EU data transfers.
Retention
Email logs retained by Resend per their data retention policy. We do not store email content.
Processor policy
resend.com/privacy

Resend acts solely on our instruction to deliver emails you would expect to receive — for example, a confirmation when you join the waitlist or when you submit a data request. We do not use Resend to send unsolicited marketing. Your email address is transmitted to Resend's infrastructure solely for the purpose of delivering the specific message, and is not used by Resend for any independent purpose.

Resend's data processing agreement is incorporated into their Terms of Service. If you would like a copy of the applicable contractual safeguards, contact us at support@systemos.app.

💚
Google Health Connect Special category
Android health data · Data Source
Purpose
Reading sleep, activity, and recovery signals to calculate your Environment Score
Data accessed
Sleep duration, sleep stages, steps, active energy. Read-only — we never write to Health Connect.
What is stored
Derived numeric scores and signals only. Raw health records are never written to our servers or Firestore.
Legal basis
Explicit consent (GDPR Article 9). You grant access via Android permissions and may revoke at any time.
Data location
Derived scores stored in Firebase Firestore (europe-west6, Zürich). No raw health data leaves your device.
Google's policy
health.google/health-connect-help

Health data is special category personal data under GDPR Article 9. We access Google Health Connect only on Android devices, only with your explicit permission, and only to read the signals necessary to calculate your Sleep and Vitality pillar scores within The System.

What we read: sleep duration, sleep stages, step count, and active energy expenditure. These are used to produce a numeric score (0–100) for the relevant pillar. The raw data records themselves are processed on-device and are never transmitted to or stored on SystemOS servers.

Your control: You can revoke Health Connect access at any time via Android Settings → Health Connect → App permissions → The System. Revoking access will cause affected pillar scores to fall back to manual check-in values. It will not delete your account or other data.

Google Health Connect is provided by Google LLC and governed by Google's own privacy policy. SystemOS is not responsible for Google's data practices within the Health Connect platform itself.

Questions about this supplement or any aspect of how we handle your data? Contact us at support@systemos.app or submit a formal data request via your account settings.