Skip to Content

SOUND HSA Privacy Policy

SOUND HSA Privacy Policy

Last updated: May 13, 2025

V0.1 Bitcoin Vegas Release

SOUND HSA, Inc. and its affiliates (“SOUND”, “we”, “us”, or “our”) value your privacy. This Privacy Policy explains how we collect, use and protect your information when you use our services. This Privacy Policy applies when you use our services, including our website, mobile apps (SOUND for iOS and Android, referred to as the “App(s)”), and other related features (collectively, the “Services”). It also applies when you contact us through social media or by seeking support, or otherwise interact with us or our Services.

Please read this Privacy Policy carefully, as your access to and use of the Services signifies that you have read, understand and agree to all terms within this Privacy Policy. If you do not agree with any part of this Privacy Policy or our Terms of Service, please do not access or continue to use any of the Services or otherwise submit any of your information to us.

This policy was written in English. To the extent a translated version exists and that version conflicts with the English version, the English version controls.

Please note that you must be 18 years of age or older to use the Services. Please do not use the Services or provide us with any personal information if you are under 18 years of age.

1. Overview

We are committed to protecting your privacy. We collect only the minimum amount of data necessary to provide and improve our Services, operate the Apps, and comply with applicable laws.

We may collect certain information as specified in Section 2 below. All data collection is purpose-specific and limited to supporting and improving the functionality of the Services described in this policy.

2. Information We Collect

2.1 Account Creation. You may create an account on the public Nostr network using SOUND. Only a username is required in order to create this account. Any additional information (e.g. display name) you provide during the account creation process is optional. Any information you disclose during the account creation process is published to the relays on the public Nostr network as a normal manner of course for all Nostr accounts. This information is public and can be seen by anyone on the Nostr network. SOUND does not collect any further information about you during the account creation process.

2.2 Email address for waitlist. When you sign up for the SOUND HSA waitlist, we collect your email address. This information is used solely to notify you when our Services will include setting up a health savings account, and to invite you to sign up. We do not use your email address for any other purpose. You can request removal from the waitlist at any time by notifying us at support@soundhsa.com.

2.3 Bitcoin Lightning address. You may optionally provide your bitcoin lightening address if you wish to receive small amounts of bitcoin rewards for steps and challenges. You are not required to use this feature of the Services in order to use the App.

2.4 Support-related information. SOUND provides support via email and over social media. The information you provide during the regular course of communication with us will be stored in our email systems and otherwise be recorded on the various social media systems we use to communicate with you. 

2.5 Health Data. At your election,  made within the App by opting to grant us access, we collect certain Health Data from you. “Health Data” may include, at your election: (i) data that you provide to us about your wellness goals and step counts. (“SOUND Health Data”); (ii) data that is ingested from your connected devices’ native pedometer – such as Apple’s Motion & Fitness sensors or Android’s Step Counter API – to read your step count data (also referred to herein as “SOUND Health Data”); and (iii) data that is imported, at your election from Third Party Health Services (as defined in the paragraph below) (such data, “Third Party Health Data”) that integrates with our Services (such as other fitness tracking devices or apps).

At your election, we collect this data in order to provide certain Services to you, including the ability to earn sats (short for “satoshis”), which is the unit of bitcoin, as a reward for certain of your health-related activities, including participation in certain challenges as may be described in our Terms of Service. You may revoke your election to this Health Data collection at any time within the “settings” tab of the App, or by deleting your account from the App.

Any Health Data collected by us will be encrypted before being saved to our Nostr Secure Web Socket Relay (our relay or server) or other relays designated by you, meaning that such data can only be decrypted using your private key. Please see https://github.com/nostr-protocol/nips to understand further the Nostr protocol standards that govern the operation of our Nostr relays. 

When a user creates a Nostr Key Pair (a private key and a public key) within the SOUND app environment, that user is by default utilizing our Nostr Secure Web Socket Relay. Users are free to utilize their own relays as well if they desire. The data that is sent is encrypted before arriving at the relays. Users are only able to decrypt the data by using their private key. A user’s private key is not visible to us and CANNOT be recovered; therefore, users are encouraged to save their private key safely. Data on our private Nostr Secure Web Socket Relay is stored for as long as required by applicable regulations, consistent with industry practice.

SOUND may utilize connections to the Apple Health App (“HealthKit”), Google Fit, and other third-party fitness, health, and tracking applications and services including Nostr-based apps (“Third Party Health Services”) in order to enhance your experience with SOUND’s Services. You can choose to grant access for us to read data from Third Party Health Services. Upon receiving such access, we can read information such as your activity steps and activity recordings (such data defined above as “Third Party Health Data”). Likewise, you may elect to grant access for us to share certain activity data collected on a SOUND app (such data defined above as your “SOUND Health Data”) with Third Party Health Services as selected and specified by you. Upon receipt of such access, we can share your selected SOUND Health Data with Third Party Health Services selected and specified by you.

SOUND cannot read data from or write data to Third Party Health Services unless you grant access. You can remove such access at any time by editing access permissions in your device or App settings or deleting your SOUND account.

SOUND does not use any of your SOUND Health Data or Third Party Health Data for any marketing or advertising purposes, or share such data with, or sell such data to, advertising platforms, data brokers, or information resellers. 

SOUND is in no way responsible for the protection of any of your information that you agree to store with Third Party Health Services, which is governed by the privacy policies and other terms of the applicable Third Party Health Service. You and the applicable Third Party Health Service are solely responsible for the protection of such information. Please review the applicable Third Party Health Service's applicable policies and procedures before granting permission to sync your Health Data and/or other information with the applicable Third Party Health Service.

2.6 Technical Information and Logs. When you use our Services we may collect technical information from your browser, computer, or mobile device. This technical information includes device information, cookies, log files and analytics information.

We use this information to protect and secure the Services and analyze aggregate usage trends for the purpose of improving the product and your experience with the App. The information stored in these logs includes IP addresses, browser type, internet service provider (ISP), referring/exit pages, platform type and version, timestamps with time zones, device screen size, system settings like preferred language/locale, technical performance metrics such as network, energy and memory usage, details about technical exceptions and crashes, and product usage data such as time spent on pages and button clicks or taps. Logs can be linked to session IDs, account IDs and device identifiers.

3. How We Use Your Information

We use the personal information we collect from you in order to provide and operate the Services, deliver rewards based on your step activity (upon your election), respond to support requests, and comply with applicable legal obligations. We may use your email address only for the purpose of notifying you when the SOUND HSA is available or to invite you to sign up for the SOUND HSA if you are on the waitlist

4. Sharing Your Information

We do not share your personal information with third parties, except as requested by you as set forth in Section 2.5 (Health Data), above, and as described in this paragraph. We may share your personal data with law enforcement, data protection authorities, government officials and other authorities when: (i) compelled by subpoena, court order or other legal procedure; (ii) we believe that disclosure is necessary to prevent damage or financial loss; (iii) disclosure is necessary to report suspected illegal activity; or (iv) disclosure is necessary to investigate violations of our Terms of Service or Privacy Policy. 

5. Your Rights and Choices

You have the right to access or update your personal information at any time by logging into your account. You can deactivate your account or request the deletion of your information. Additionally, you can remove your email from the waitlist at any time by contacting us. If you choose to revoke access to any of your health data (SOUND Health Data or Third Party Health Data), you can do so in the settings of your device or App.

6. Security of Your Information

We use industry-standard security practices to protect your data. However, no system is completely secure, and we cannot guarantee the absolute protection of your information.

7.  Data Transfer

BY USING THE SERVICES, YOU CONSENT TO THE COLLECTION, USE AND TRANSFER OF YOUR PERSONAL DATA FOR PROCESSING IN THE UNITED STATES. 

The Services are hosted on servers in the United States. By using the Services and providing information to us, you consent to the transfer to and processing of the information in the United States. We use this consent as the legal ground for that data transfer unless stated otherwise.

If you are located outside the United States, please be aware that information we collect will be processed and stored in the United States, a jurisdiction in which the data protection and privacy laws and principles may differ from the country or region where you reside or of which you are a citizen. 

8. Children

SOUND is committed to protecting the online privacy of children and making the internet safe. We do not provide services to children or knowingly collect or solicit personal information from children under 13 years of age. Any communication we get that is identified as being from a child under 13 will not be kept by SOUND. We encourage parents or guardians of children under 13 to regularly check and monitor their children’s use of email and other activities online.

9. Changes to This Privacy Policy

We may update this policy periodically. We will post the latest version with an updated “Last Updated” date. We encourage you to review this Privacy Policy regularly to stay informed about our practices and the choices available to you.

10. Notice to California Residents

If you are a California resident, California Civil Code Section 1798.83 permits you to request a notice regarding the disclosure of your personal information by SOUND to other parties, including third parties. If you are a California resident and would like a copy of this notice, please contact us at support@soundhsa.com.

11. California Do Not Track Notice Disclosures

We do not track our users and visitors over time and across third-party platforms to provide targeted advertising. Consequently, we do not respond to Do Not Track (DNT) signals. Other third-party platforms may keep track of your browsing activities when they provide you with content, which enables them to customize what they present to you on their platforms.

12. Additional Information for California Residents

This section of our Privacy Policy provides information for California residents, as required under applicable California privacy laws, including the California Consumer Privacy Act (“CCPA”) to the extent applicable. California privacy laws, including the California Consumer Privacy Act (“CCPA”) require that we provide California residents information about how we use their personal information, whether collected online or offline, and Section 2 of this Privacy Policy is intended to satisfy that requirement.

Under the CCPA, “Personal Information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

13. California Residents’ Rights

California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below. 

Right to Opt-out. California residents have the right to opt-out of “Sale” of their Personal Information. California defines the term “Sale” broadly, and includes selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating (collectively a “Sale”) California residents’ Personal Information to another business or third party for monetary or other valuable consideration. We do not sell, share, or rent your Personal Information as such terms are defined under the CCPA. In the event that our data practices should change in the future, we will inform you of this change before selling your Personal Information and provide instructions on how you can opt-out.

Notice at Collection. We are required to notify California residents, at or before the point of collection of their Personal Information, the categories of Personal Information collected and the purposes for which such information is used.

Verifiable Requests to Delete, and Requests to Know. Subject to certain exceptions, California residents have the right to make the following requests, at no charge, up to twice every 12 months:

Right of Deletion: California residents have the right to request deletion of their Personal Information that we have collected about them, subject to certain exemptions, and to have such Personal Information deleted, except where necessary for any of a list of exempt purposes.

Right to Know – Right to a Copy: California residents have the right to request a copy of the specific pieces of Personal Information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance.

Right to Know – Right to Information: California residents have the right to request that we provide them certain information about how we have handled their Personal Information in the prior 12 months, including the:

*categories of Personal Information collected;

*categories of sources of Personal Information;

*business and/or commercial purposes for collecting or selling their Personal Information;

*categories of third parties/with whom we have disclosed or shared their Personal Information;

*categories of Personal Information that we have disclosed or shared with a third party for a business purpose; and

*categories of third parties to whom the California resident’s Personal Information has been sold and the specific categories of Personal Information sold to each category of third party.

Submitting Requests. Requests to exercise the Right of Deletion, Right to a Copy, and the Right to Information may be submitted by California residents by sending an email to support@soundhsa.com. We will respond to verifiable requests received from California consumers as required by law.

Right to Non-Discrimination, and Incentives. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California residents related to their Personal Information. 

Discrimination: California residents have the right to equal service by us, and we will not discriminate against any California residents if they exercise their rights under the CCPA.

Disclosure of Incentives: If businesses offer any financial incentives for the collection, sale or deletion of California residents’ Personal Information, residents have the right to be notified of any financial incentives offers and their material terms, the right not to be included in such offers without prior informed opt-in consent, and the right to be able to opt-out of such offers at any time. Businesses may not offer unjust, unreasonable, coercive or usurious financial incentives. We offer rewards for certain health activities  as described in Section 2.5 of this Privacy Policy.

14. Contact Us

If you have any questions regarding this Privacy Policy, you may contact us at support@soundhsa.com.