I'm about to submit my first app to the Google Play Store and I want to make sure I've covered everything to avoid rejection. Would really appreciate experienced devs reviewing my setup.
About the App:
It's a studio management app for a Yoga, Pilates, and Physiotherapy studio in India
Users can book sessions, buy packages, track wellness progress, and view assessment reports
All health assessments are done in-person at the physical studio — the app just displays them digitally
The app does NOT provide medical diagnosis or treatment
Built with React Native (Expo)
Sensitive Data We Display in the App:
Musculoskeletal Assessments: Postural analysis, Range of Motion (ROM) metrics, muscle strength scores (Upper Body, Lower Body, Core)
Progress Photographs: Before/after images captured by studio staff during in-person sessions — visible only to the user in a private gallery
Health & Wellness Scores: Calculated scores based on sleep patterns, stress levels, and physical posture
Medical Background: Surgical history, blood pressure, and pain/discomfort data provided by the user during studio intake
PDF Assessment Reports: App-generated PDFs that display the raw assessment data — users can download/share these
Important: ALL of this data is:
❌ NOT collected through the app
✅ Collected in-person at the physical studio by certified physiotherapists
✅ Digitized by authorized admin staff and uploaded to the user's private dashboard
✅ Only collected with the user's prior, explicit, in-person consent
✅ Classified as "Sensitive Personal Data" in our Privacy Policy
✅ Visible only to the authenticated user — never shared with third parties
What I've prepared:
✅ Account Deletion:
In-app "Delete Account" button with confirmation dialog
Immediate deactivation upon request
14-day permanent data purging (including all health data, progress photos, and assessment reports)
Web-based deletion portal at our domain (requires login → then delete option)
Email option for deletion requests
✅ Privacy Policy:
Health data classified as "Sensitive Personal Data" under applicable laws
Explicit user consent before collecting any health data
Firebase (auth, notifications, Crashlytics) and Razorpay (payments only) disclosed
Stated we don't store credit card/CVV info
"We do not sell data" clause
Data retention policy
Children's privacy (18+)
Web deletion link + email contact
✅ Terms of Service:
18+ age requirement
Medical disclaimer ("the app does not constitute a digital medical diagnosis")
Razorpay payment security — no card data stored on our servers
Full account deletion lifecycle
Jurisdiction (India)
✅ Refund Policy:
24-hour cancellation window
No refunds for missed sessions
Packages non-refundable once activated
Deleted accounts = frozen packages, no refunds
✅ Play Store Listing:
Category: Health & Fitness
Short description: "Your digital companion for in-studio yoga, pilates, and physiotherapy sessions."
Health Apps Declaration: "Yes, has health features" → "Fitness, wellness, or activity tracking" → "NOT a medical device"
Target age: 18+
Disclaimer at bottom of full description stating it's not a medical app
Data Safety Form answers prepared (Health data = Collected, Optional, Not shared)
✅ Test Account:
- Dedicated test account with pre-loaded dummy data (packages, sessions, 1 assessment report, progress photos)
My concerns:
Will displaying musculoskeletal assessment data and progress photos trigger a "medical app" flag?
Will "Physiotherapy" in the listing trigger additional scrutiny?
Is requiring login on the web deletion page acceptable?
Is a 14-day data purging grace period okay, or does Google want instant deletion?
Do I need to mark health data as "Shared" in the Data Safety Form even though it's only visible to the user?
Anything else I'm missing?
Thanks in advance! 🙏