Privacy Policy
Carlstrom Consulting LLC (“we,” “us,” or “our”) operates developer tools and software integrations under the HormoneTrack product name. This Privacy Policy describes how we collect, use, and protect information in connection with our current developer and research activities.
1. Scope
This policy applies to data processed through Carlstrom Consulting LLC’s developer applications and API integrations, including our integration with the WHOOP Developer Platform and other third-party health data APIs. We are currently in pre-commercial development phase. We do not operate a consumer-facing product or collect data from end users at this time.
2. Information We Access
Through authorized third-party API integrations, our developer applications may access the following categories of data on behalf of users who explicitly grant permission via OAuth 2.0:
From WHOOP: Recovery scores, heart rate variability (HRV), resting heart rate, skin temperature, sleep stage data, respiratory rate, physiological cycle data, and workout strain data.
Access is granted solely by the account holder through the third-party platform’s authorization flow. We do not access any data without explicit user authorization, and users may revoke access at any time through their respective platform account settings.
3. How We Use This Information
Data accessed through our developer integrations is used exclusively for the following purposes:
Product development and testing: We use authorized data to develop, test, and refine software features, data models, and API integrations during the pre-launch phase of the HormoneTrack platform.
Research and analysis: We analyze physiological signal data to evaluate the feasibility of hormone inference models and wearable data integration approaches.
We do not use this data for advertising, we do not sell it to third parties, and we do not share it with any party outside of Carlstrom Consulting LLC except as required by law.
4. Data Storage and Security
During the current development phase, data retrieved through API integrations is stored locally on secured development systems. We take reasonable technical precautions to protect data from unauthorized access, including encrypted storage and access controls. API credentials (client IDs and secrets) are stored securely and are never committed to public version control repositories.
5. Data Retention
Data accessed during development and testing is retained only as long as necessary for the development activities described above. Data obtained through sandbox or test environments is deleted upon the conclusion of the relevant testing activity.
6. Third-Party Platforms
Our developer applications integrate with third-party platforms including WHOOP. Each platform maintains its own privacy policy governing how user data is stored and managed on their systems. We encourage you to review the privacy policies of any third-party platform through which you authorize data access.
WHOOP Privacy Policy: whoop.com/privacy
7. Your Rights
If you have authorized our developer application to access your data through a third-party platform, you may revoke that authorization at any time through the platform’s account settings. To request deletion of any data we may have retained locally, or to ask questions about our data practices, please contact us at the address below.
8. Children’s Privacy
Our developer applications are not directed at or intended for use by individuals under the age of 18. We do not knowingly collect data from minors.
9. Changes to This Policy
We may update this Privacy Policy as our product and data practices evolve. The effective date at the top of this page will reflect the date of the most recent update. Material changes will be communicated through our website or directly to affected users where applicable.
10. Contact
For questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact:
Carlstrom Consulting LLC
Veneta, Oregon, United States
info@carlstromconsulting.com