Consumer Health Data Privacy Policy

Last updated: 2026-06-30

This Consumer Health Data Privacy Policy supplements our general Privacy Policy and applies specifically to "consumer health data" as defined under applicable state laws, including the Washington My Health My Data Act (RCW 19.373).

DYDD ("we," "us," "our") operates the DYDD mobile application. This policy describes how we collect, use, and protect data that may be classified as consumer health data.

What consumer health data we collect.

If you opt in to sharing usage data, the App may transmit the following, which could be classified as consumer health data under applicable law:

  • Skip events — records that you chose not to consume an alcoholic drink, with the day of week and approximate time.
  • Challenge interactions — whether you accepted, declined, or completed a challenge card, and the energy level and domain category of that card.
  • Goal data — aggregated progress toward savings goals (not the specific goal names or dollar amounts, which remain on your device).

This data is tagged with a pseudonymous install identifier. It is not linked to your name, email, or any other directly identifying information.

How we collect it.

Consumer health data is collected directly from you through your use of the App, only after you provide affirmative opt-in consent through the first-run consent screen or the Settings toggle. No consumer health data is collected from users who do not opt in.

We do not collect consumer health data from any third-party source.

Why we collect it.

We collect this data for one purpose: to evaluate whether the App is working and to improve it. Specifically, we use it to understand usage patterns in aggregate — which features are used, when skips tend to occur, and whether the challenge system is effective.

We do not use consumer health data for advertising, marketing to you, or any purpose other than product analytics.

Who we share it with.

Consumer health data from opted-in users is processed by Cloudflare, Inc., which provides our compute and database infrastructure (Workers and D1). Cloudflare acts as a data processor on our behalf.

We do not sell consumer health data. Because we do not sell consumer health data, no separate signed authorization for sale is required.

We do not share consumer health data with any other third party.

Your rights.

You have the right to:

  • Confirm whether we are collecting your consumer health data: email privacy@dydd.io.
  • Withdraw consent at any time: turn off the "Help improve DYDD" toggle in the App's Settings. Once withdrawn, no further consumer health data will be transmitted from your device.
  • Request deletion of consumer health data associated with your install identifier: email privacy@dydd.io with the install ID shown in the App's Settings screen. We will delete the associated records within 30 days and confirm deletion in writing.

To exercise any of these rights, contact us at privacy@dydd.io.

Data security.

Consumer health data is encrypted in transit (TLS) and stored in Cloudflare's SOC 2 Type II and ISO 27001 certified infrastructure. Access is limited to the App's developer.

Changes to this policy.

If we make material changes to this Consumer Health Data Privacy Policy, we will update this page and revise the "last updated" date.

Contact.

Questions about this policy or your consumer health data rights: privacy@dydd.io