Consumer Health Data Privacy Policy

This Consumer Health Data Privacy Policy applies to consumer health data, as that term is defined under the Washington My Health My Data Act (RCW 19.373.010(8)). It supplements our general Privacy Policy. Where the two conflict for consumer health data, this policy controls.

• Body measurements: weight, height, body measurements, progress photos.
• Medication information: medication name, dose, injection time and site, vials and reconstitution details.
• Reported symptoms and side effects: severity, type, timing.
• Sleep and activity logs: bedtime, wake time, sleep quality, steps, workouts, cardio sessions.
• Diet and supplements: food entries, macros, supplement schedules and logs.
• Bloodwork results: panels and individual marker values.
• Inferences derived from the above: drug-level curve, side-effect patterns, titration step, weight trend.

All consumer health data is provided directly by you. We do not purchase consumer health data, do not receive it from data brokers, and do not infer it from sources outside the entries you choose to make in the service.

Consumer health data is collected and used solely to operate the service for you: visualizing your data, calculating macros and trends, computing drug-level curves, and showing patterns across your own logs. We do not use consumer health data for advertising, behavioral profiling, sale, rental, or training of artificial intelligence or machine learning models.

We do not share consumer health data with any third party for any purpose other than the limited operational sharing described in the next section.

Consumer health data is processed only by service providers that operate the underlying platform on our behalf: hosting and database, transactional email delivery, and error monitoring. These providers are bound by contractual confidentiality and data-protection terms and have access only to the minimum data required to deliver their service. We do not share consumer health data with affiliates, advertisers, analytics providers, data brokers, or any other third party.

We do not disclose consumer health data in response to law enforcement requests except as required by valid legal process, and we will challenge requests we believe are overbroad or improperly issued.

• Right to know: request a copy of the consumer health data we hold about you. Available at any time through Settings then Privacy as a JSON export.
• Right to delete: delete individual entries or your entire account. Account deletion permanently purges consumer health data within 30 days.
• Right to withdraw consent: withdraw consent for collection, sharing, or sale of consumer health data at any time. Because the service cannot operate without your consumer health data, withdrawing the health-data consent triggers full account deletion within 30 days.
• Right to appeal: if a request is denied, you may appeal by replying to the support address shown in your account settings. We will respond within 45 days.

To exercise any of these rights, sign in and use the controls in Settings, or contact the support address in your account.

We do not sell consumer health data. We do not share consumer health data for cross-context behavioral advertising. We do not train artificial intelligence or machine learning models on consumer health data. These limitations apply regardless of where you live.

Consumer health data is encrypted in transit and at rest. Access is segregated per account. Photographs and other private files are delivered via short-lived signed URLs that expire within an hour and cannot be accessed by URL guess. We continually monitor for unauthorized access.

We retain consumer health data while your account is active. After account closure, all consumer health data is permanently purged within 30 days, including stored photographs. We retain consent records for up to seven years after account closure, anonymized to a hashed identifier, solely to demonstrate compliance with this policy.

The service is restricted to users 18 and older. We do not knowingly collect consumer health data from anyone under 18. If we learn we have inadvertently collected consumer health data from a minor, we will permanently delete it.

We may update this policy. Material changes are notified in-app before they take effect. The effective date and version above identify the current version.

For questions about this policy or to exercise any right described in it, contact the support address shown in your account settings.