local priority
Local health records, training, diet and watch functions are available without logging in.
Local health, training, nutrition and Watch features remain usable without an account.
This description applies to HealthLight App, HealthLight Cloud, optional AI functions, Apple login and subscription, as well as messages and product feedback on the official website of Baiheng Technology. This notice covers the HealthLight app, HealthLight Cloud, optional AI, Sign in with Apple and subscriptions, as well as Baiheng website messages and product feedback.
HealthLight saves records locally by default. Only when you log in with Apple and enable cloud synchronization, or explicitly agree to use cloud AI, the corresponding limited data will be sent to services controlled by Baiheng Technology. Original HealthKit samples are not synced by default. We do not sell personal or health data or use it for ad tracking.
HealthLight stores records locally by default. Limited data is sent to Baiheng-controlled services only when you sign in with Apple and use cloud sync, or explicitly consent to cloud AI. Raw HealthKit samples are not synced by default. We do not sell personal or health data or use it for advertising tracking.
Local health records, training, diet and watch functions are available without logging in.
Local health, training, nutrition and Watch features remain usable without an account.
Cloud sync, AI analytics, subscription verification, and product feedback each process only the data required to complete the function.
Cloud sync, AI, subscription verification and feedback each process only the data needed for that purpose.
You can withdraw your AI consent, log out, and request deletion of your HealthLight Cloud account within the app.
You can withdraw AI consent, sign out, and request deletion of your HealthLight Cloud account in the app.
Local data:HealthLight handles training, diet, body feedback, mood, daily reviews, periods, water intake, reminders and preferences on your device, as well as Apple Health metrics you authorize to read.
HealthLight Cloud:When you sign in with Apple and perform cloud synchronization, training, diet, body feedback, mood, daily review, menstrual and water drinking records and deletion marks can be uploaded to the cloud for personal cross-device recovery. We do not upload raw sample streams from HealthKit by default.
Accounts and Devices:Servers store stable Apple-validated user IDs, HealthLight account and session IDs, random device numbers, app versions, languages, time zones, and region codes for authentication, synchronization, security, and support. HealthLight's Apple Sign-in does not request a name or email, nor does it obtain your Apple ID password.
HealthLight processes your records locally. After Sign in with Apple, cloud sync can store training, nutrition, body feedback, mood, reflection, menstrual-cycle and hydration records for your own cross-device recovery. Raw HealthKit sample streams are not uploaded by default. HealthLight requests neither name nor email from Sign in with Apple; stable account and device identifiers, app version and coarse locale context are processed for authentication, sync, security and support.
Cloud AI is optional. When you explicitly consent and proactively initiate a cloud-based in-depth report, trend interpretation, or image analysis, HealthLight can send the text you entered, your voice transcription, your selected meal photos, and the current and recent context needed to generate that analysis. Context can include steps, heart rate, HRV, training, diet, water, body feedback, and weather cues. Local Smart Log does not call cloud AI and does not consume cloud credits.
Speech is converted to text on the device, and the HealthLight cloud currently sends the transcribed text instead of the original audio file. Food photos are only sent if you select Photo Analysis.
Baiheng Technology's AI gateway is responsible for identity verification, quota, request deduplication, model routing and resource consumption statistics. When the administrator configures DeepSeek or other disclosed model services, the limited content will be handed over to the corresponding service provider for processing. If there are substantial changes to the service provider, purpose or cross-border route, we will update the instructions before activation.
Cloud AI is optional and runs only after consent and a user action. It may process typed text, on-device voice transcripts, selected food photos, and the limited daily or recent context needed for the requested report. Local Smart Log does not call cloud AI or consume cloud quota. The Baiheng AI gateway enforces authentication, quotas, idempotency and routing; configured model providers process the limited request under their applicable terms.
Apple loginUsed to confirm the stable ownership of the HealthLight cloud account. The server verifies the Apple-issued identity token against the stable user ID, not the mailbox, as the primary identity.
App Store SubscriptionPayments are processed by Apple. The HealthLight server only processes transaction information signed by Apple, including product, original transaction chain identification, random UUID associated with the HealthLight account, validity period, revocation status, and Apple-marked transaction environment, to determine AI Pro rights and quotas. We do not process full bank card numbers.
Sign in with Apple identifies the HealthLight cloud account; it does not prove a subscription. Subscription access is determined separately from Apple-signed App Store transactions, including product, original transaction chain, account UUID, expiry, revocation, and Apple-marked transaction environment. Apple handles payment details.
HealthLight no longer creates or updates iCloud backups containing personal health information. Because this feature was available in older versions, the transitional version may temporarily retain the ability to access old CloudDocuments files, only to allow you to check and proactively delete old backups, and no new health data will be written.
When the inventory cleanup cycle is completed, we will remove this transitional capability.
HealthLight no longer creates or updates iCloud backups containing personal health information. A transition release may temporarily retain access only so you can inspect and explicitly delete the legacy CloudDocuments file; it never writes new health data there.
Feedback message:The product and category you select, and the message you choose to write.
Optional contact details:The name, organization, and contact details you choose to provide, used only to understand or reply to this message.
App environment data:HealthLight may submit the app version, iOS version, device model, language, and a random request ID to diagnose compatibility issues.
Website and security data:Website forms submit the current page path and language. When receiving a request, the server processes the IP address and browser or app User-Agent for rate limiting, abuse prevention, and a hashed security identifier. Raw IP addresses are not written to feedback business records; infrastructure may process network metadata briefly in restricted security logs.
We process the selected product and category, your message, optional contact details, limited app environment data, source page, language, and network security signals needed for abuse prevention. Raw IP addresses are not written to feedback business records.
The feedback request never automatically attaches HealthKit data, heart rate, HRV, blood oxygen, sleep, cycle data, training, steps, location, photos, contacts, advertising identifiers, Apple ID credentials, or payment information.
If you type any of this into the message, it will be processed as submitted text. Do not submit passwords, keys, payment information, identity documents, or sensitive raw health data.
The feedback request does not automatically attach HealthKit data, biometrics, location, photos, contacts, advertising identifiers, Apple ID credentials, or payment information.
Used to provide local health management, identity authentication, cross-device synchronization, AI analysis, subscription rights and quotas, device interoperability, customer support, security protection and product improvements. Only aggregated usage, success rate, error rate and resource consumption information is used for service operation analysis; HealthKit or personal health content is not used for advertising, marketing or cross-product profiling.
Feedback data is used to receive and confirm messages, archive by product and category, reproduce and fix problems, respond to your unsolicited requests, analyze common needs, and prevent spam and interface abuse. The feedback business library is not merged with the HealthKit database.
We process data to provide local health management, authentication, cross-device sync, requested AI analysis, subscription entitlements and quotas, device interoperability, support, security and product improvement. Aggregated service metrics may be used for operations; health content is never used for advertising or cross-product profiling.
Feedback submission never calls AI. After a model service is configured, an authenticated administrator or a controlled scheduled task may trigger triage or a digest. The request may include product, channel, category, submission time, feedback ID, internal workflow state, and the message or an excerpt.
Triage does not attach separate name, contact, organization, device, or network security fields. Details typed into the message itself remain part of the message, so do not put sensitive information in the text.
The feedback center supports DeepSeek as its default model provider. Content is sent only when a valid key is configured and an administrator or controlled scheduled task triggers the action. We will update this page before enabling another third-party provider. A triage failure never deletes saved feedback.
Feedback submission never calls AI. After a model provider is configured, an authenticated administrator or a controlled scheduled task may trigger triage or a digest. Structured identity, contact, organization, device, and network security fields are excluded, but personal details typed into the message itself remain part of that message. The feedback center supports DeepSeek as its default model provider.
HealthLight Cloud accounts, sync records, subscription benefits, and necessary AI usage records are handled by restricted infrastructure controlled by Baiheng Technology. AI input, diet photos, and original health context are not written into daily usage statistics; to prevent repeated requests and repeated deductions, the service can save a copy of the request number and result in the short term, clear the copy after expiration, and retain only the billing and security records without the health text.
Feedback is processed by the restricted management background; sensitive operations such as feedback status updates, AI classification, anonymization and deletion will leave audit records. The feedback database creates a restricted disaster recovery backup every 6 hours; after passing the verification, it will be encrypted with an offline public key, and a copy containing only ciphertext will be copied to another controlled host. The decryption private key will not be saved on any server. Both local and off-site backups are retained for a maximum of 30 days and then automatically rotated. Information deleted from the primary database may continue to exist in the backup until the end of this rotation period and is not used for daily analysis.
HealthLight account, sync, entitlement and limited AI usage records are processed on restricted Baiheng-controlled infrastructure. AI inputs and photos are not written to routine usage analytics. A short-lived response copy may be retained only for request idempotency, then removed while non-content billing and security records remain. Feedback disaster-recovery backups run every six hours; verified copies are encrypted with an offline public key and replicated as ciphertext to a separate controlled host. The decryption private key is on neither server, and all copies rotate within 30 days.
You can withdraw your AI consent, log out of your cloud account, or request deletion of your HealthLight Cloud account within HealthLight. Deleting your account does not delete your Apple ID, and cancellations and refunds for App Store subscriptions are handled by Apple's subscription management interface. If you just log out, local records will not be automatically deleted without confirmation.
You can submit feedback without filling in your contact information, but this does not equate to complete anonymity: the server will still generate a hashed security ID for traffic limiting and abuse prevention. If you wish to review, correct, copy or delete information about yourself, or withdraw your intention for subsequent contact, please submit a privacy request through the contact page.
Provide the product, category, approximate submission time, and a message excerpt where possible. Contact details you previously supplied may also help locate the record. We may reasonably verify your connection to a record before disclosing it.
We handle requests as required by applicable rules.
In HealthLight you can withdraw AI consent, sign out, or request deletion of the cloud account. Account deletion does not delete your Apple ID or cancel the App Store subscription. You may submit feedback without contact details, but a hashed security identifier is still generated for abuse prevention. Use the contact page for access, correction, copy, deletion, or contact-preference requests.
Public feedback forms do not set advertising or cross-site tracking cookies. The site may save your language preference locally. Administrator login uses a secure session cookie only for the restricted console.
Public feedback forms do not set advertising or cross-site tracking cookies. The site may store your language preference locally.
If the data scope, purpose, provider, or cross-border processing changes materially, we will update this page and provide additional notice or consent where required.
Data controller:Xiamen Baiheng Technology Co., Ltd.Public contact email:support@baihengtech.com.
Submit privacy questions, rights requests, or complaints through the Baiheng contact page. Product feedback can also be sent from its product page or inside HealthLight.
The data controller is Xiamen Baiheng Technology Co., Ltd. For privacy questions, rights requests, or complaints, use the Baiheng contact page or email support@baihengtech.com.