Privacy Policy

1. Our Core Principle — Your Data, Your Control

Wellness Project is a health passport built for you. Five commitments shape how we treat your data, and everything else in this policy is designed to give effect to them:

• You own your data. The health and fitness information you put into the app belongs to you.
• Nothing is shared without your action. We do not share your personal or health data with any third party except as strictly necessary to operate the services you have chosen to use (e.g., our cloud database, or an AI provider you message), or where required by law.
• You can disconnect any integration at any time. Apple Health, Fitbit, Oura, Google, Anthropic (Claude), OpenAI (ChatGPT), Google (Gemini), and any future third-party connection can be turned off from the Settings page. Disconnecting halts further data flow to or from that service going forward.
• You can download everything. One click on Export All My Data at the bottom of the Settings page produces a complete copy of your data in a portable spreadsheet format, no questions asked.
• You can delete everything. One click on Delete Account at the bottom of the Settings page, or a request submitted at our public deletion-request page at wellnessproject.ai/delete-account if you cannot sign in, permanently removes your account and associated health data from our systems, subject only to the limited backup and legal-retention exceptions described in Section 11.

If you are a Washington, Nevada, Connecticut, or Colorado resident, our Consumer Health Data Privacy Policy describes the additional rights and disclosures that apply to your health data under those state laws.

2. What We Collect

We collect only what the service needs:

• Account information. When you sign in with Google or with Sign in with Apple, we receive your email address, display name, and (from Google) profile image. If you use Sign in with Apple with “Hide My Email,” we receive only the private-relay address Apple generates on your behalf.
• Health and fitness data you enter. Workouts, exercises, sets and reps, meals and macros, body metrics, sleep logs, wellbeing ratings, injuries, supplements, recovery sessions, runs, lab markers and lab results, and any notes, descriptions, or photos you attach.
• Menstrual cycle data (optional, separate consent required). If you enable the cycle tracking feature, we store the period start and end dates you log. This data is collected only after you provide separate, explicit, affirmative consent through the in-app consent screen. Cycle data is never shared with any third party, never sent to an AI provider at launch, and can be permanently deleted in one tap from the Cycle page in Health. See the dedicated section below for full details.
• Wearable and health-platform data you connect. If you enable Apple Health (HealthKit, on iOS), Android Health Connect (on Android), Fitbit, Oura, or another supported source, we import only the categories of data you explicitly authorize. The specific data types we may request from Android Health Connect are enumerated in Section 8.
• Chat content you send to an AI advisor. Messages you type into an in-app chat or a challenge-advisor conversation, together with the minimum subset of your logged data the conversation needs to answer you.
• Basic technical data. Session cookies used to keep you logged in, and standard server logs (IP address, user agent, timestamps) kept for security and abuse-prevention purposes.

3. How We Use Your Data

• Service delivery: displaying your logs, generating insights and summaries, rendering charts, and providing the core functionality of the app.
• AI features you invoke: forwarding your chat message and the necessary context to whichever AI provider powers the feature, so it can return a reply.
• Communications: service-related messages (verification, security alerts, feature notices) and — until you opt out — promotional messages about the app.
• Product improvement and debugging: aggregated or de-identified usage patterns used to improve reliability and features.
• Legal compliance and safety: responding to valid legal process and enforcing our Terms of Service.

4. What We Do Not Do With Your Data

• We do not sell your personal data or health data to anyone.
• We do not share your personal data or health data with any third party for that third party's own advertising or marketing purposes.
• We do not use health, fitness, or medical data — including data from Apple HealthKit, Android Health Connect, Fitbit, Oura, or lab results you enter — for advertising, marketing, or data-mining purposes.
• We do not allow Anthropic, OpenAI, Google, or any other AI provider we route requests through to train, fine-tune, evaluate, or otherwise improve their models on any data you submit to the Service. Every AI provider we use is on a paid API or enterprise tier with model training and data sharing turned off in that provider's settings or contract.
• We do not share your data with third parties except as strictly necessary to operate the services you have chosen to use (for example, passing a chat message to the AI provider that generates the response, or storing your logs in our cloud database), or as required by law.
• We do not store identifiable personal health information in iCloud.
• We do not embed advertising pixels, cross-site tracking cookies, or third-party marketing analytics that follow you off the service.

Looking ahead. The commitments in this section describe our current practices. If we ever decide to change them — for example, to introduce an ad-supported free tier, to share de-identified or aggregated data for research, or to offer any other use or disclosure not described above — we will update this policy and notify you in advance in accordance with Section 15. Any new use of personal or health data we collected before the change takes effect will require your separate affirmative consent, not merely your continued use of the Service. Where state law requires a specific form of consent (for example, for any sale or share of consumer health data under the Washington My Health My Data Act or similar statutes), we will obtain consent in the form the law requires, and you can always decline.

5. Third-Party Integrations You Control

The app supports optional integrations with several third-party services. Each is off by default and must be enabled by you. Once enabled, any integration can be turned off at any time from the Settings page; disconnecting stops further data from flowing to or from that service going forward.

Current integrations:

• Sign-in providers: Google (Google Sign-In) and Apple (Sign in with Apple). Used only to authenticate you.
• Wearables and health platforms: Apple Health (HealthKit, on iOS), Android Health Connect (on Android), Fitbit, Oura. These are one-way reads into the app of the categories of data you have explicitly authorized.
• AI providers: Anthropic (Claude), OpenAI (ChatGPT / Custom GPT), Google (Gemini). Invoked only when you send an in-app chat message or use an AI-powered feature.
• Infrastructure providers: Supabase (database and authentication host) and Vercel (application host). These are not user-toggleable because they are the platforms the app runs on; they process data only under written data-processing terms.

When you enable a third-party integration, the third party's own terms and privacy policy also apply to how they handle your data. We do not control a third party's internal processing.

6. AI Providers — What Happens to Chat Content

When you use an in-app AI advisor (Coach Jamie, Casey, Evelyn, etc.) or a Custom GPT integration, the text of your message and the subset of your logged data necessary to answer it is transmitted to the underlying AI provider — currently Anthropic (Claude), OpenAI, and/or Google (Gemini), depending on the feature.

Once the content reaches the AI provider, it is processed under that provider's data-handling practices, which we do not control. To protect that content we: (i) use the paid API or enterprise tier of every AI provider, with model training and data sharing explicitly disabled in that provider's settings or contract, so the provider is contractually prohibited from using your messages or attached data to train, fine-tune, evaluate, or otherwise improve its models; (ii) send only the minimum data needed to answer the message; and (iii) do not share your identifying account metadata with the provider beyond what the API requires.

Limits of our control. We cannot directly observe, audit, or enforce what happens inside an AI provider's systems. If an AI provider violates its own terms, suffers a security incident, mishandles content we transmit, or uses that content in a way it has agreed not to, that is the AI provider's conduct and not ours. We are not responsible for any AI provider's acts or omissions, and any remedy you may have for an AI provider's misuse of content lies against that AI provider rather than against us. See Sections 13, 14, and 15 of the Terms of Service for the related warranty disclaimer, limitation of liability, and indemnification.

Photos attached to AI chats. As of the date of this policy, any photo you attach to an AI chat (for example, a meal photo for macro analysis) is transmitted to the AI provider for real-time analysis and is not retained on our servers after the analysis is complete. The AI provider may briefly retain the photo and accompanying message per its own API data-handling policy. If we change this handling in the future — for example, if we add optional chat history that saves past messages and attachments — we will update this policy and provide notice in accordance with Section 15 before the change takes effect.

AI processing of photos (photo meal scanning). Photo meal scanning is opt-in per device. When you tap or chat-trigger “Find meals in today's photos,” your photos are sent to our AI providers (Google Gemini and Anthropic Claude) for analysis only. We do not retain image bytes on our servers. Our providers' contracts prohibit using your photos to train models. Providers may retain images for up to 30 days for safety review and then delete them. We retain text-only descriptions and nutrition estimates derived from your photos for up to 30 days, or until you log them as meals.

Do not type into an AI chat, or attach to an AI chat, any information you would not be comfortable being processed by the underlying AI provider.

7. Apple HealthKit

If you enable the Apple Health / HealthKit integration on iOS, the app reads only the HealthKit data categories you explicitly authorize in the native iOS permission sheet. HealthKit data is used solely to display your metrics back to you inside the app and to power the insights, charts, challenges, and AI summaries you choose to interact with.

In line with Apple's HealthKit requirements, we:

• do not use HealthKit data for advertising or similar services, and do not sell HealthKit data to advertising platforms, data brokers, or information resellers;
• do not disclose HealthKit data to any third party for advertising, marketing, or data-mining purposes;
• do not use HealthKit data for any purpose other than improving health, fitness, or wellness management within this app;
• do not store HealthKit data in iCloud; and
• do not write into HealthKit any data that was not produced by you using the app.

You can revoke the app's HealthKit access at any time through iOS Settings > Health > Data Access & Devices, or by disabling the integration from inside the app.

8. Android Health Connect

If you enable the Android Health Connect integration, the app reads only the data types you explicitly authorize in the system Health Connect permission sheet. The categories we may request access to are:

• Activity: active calories burned, total calories burned, distance, exercise sessions, floors climbed, steps, respiratory rate.
• Body measurements: basal metabolic rate, body fat, height, weight, basal body temperature.
• Sleep: sleep sessions and stages.
• Vitals: blood glucose, blood pressure, body temperature, heart rate, heart rate variability, oxygen saturation, resting heart rate.
• Wellbeing: mindfulness sessions.

Health Connect data is used solely to display your metrics back to you inside the app, to power the insights, charts, daily Fit Score, and AI advisor responses you choose to interact with, and to reduce the need to log the same data manually.

In line with Google's Health Connect requirements, we:

• do not use Health Connect data for advertising or similar services, and do not sell Health Connect data to advertising platforms, data brokers, or information resellers;
• do not disclose Health Connect data to any third party for advertising, marketing, or data-mining purposes;
• do not use Health Connect data for any purpose other than improving your health, fitness, or wellness management within this app; and
• do not write into Health Connect any data that was not produced by you using the app.

You can revoke the app's Health Connect access at any time through Android Settings > Apps > Health Connect > App permissions, or by disabling the integration from inside the app.

9. Email Communications

By creating an account, you consent to receive email communications from us:

• Transactional emails: account verification, password resets, security alerts, and service notifications.
• Promotional emails: product announcements, feature updates, health and fitness content, tips, and special offers related to Wellness Project.

You can opt out of promotional emails at any time by clicking the “unsubscribe” link included in every promotional email, or by contacting us. Opting out does not affect transactional emails necessary to operate your account.

We never share your email address with third parties for their own marketing purposes.

10. Data Storage and Security

Wellness Project is operated by Wellness Project LLC, a Delaware limited liability company, which acts as the data controller for the personal information described in this policy. Your data is stored on servers operated by Supabase (database and authentication) and Vercel (application hosting). We implement reasonable administrative, technical, and physical safeguards appropriate to the nature of the data, including transport encryption (HTTPS/TLS) for all traffic between you and the service, encryption-at-rest for the underlying database, session-based authentication, row-level security policies in the database, and auditing of privileged access.

No internet-connected service can be made completely secure. We do not promise that our measures will prevent every possible breach — but we commit to using reasonable measures, to notifying affected users without undue delay if we become aware of a breach affecting their data, and to not collecting or retaining data we do not need.

11. Data Retention and Deletion

We retain your account and health data for as long as your account is active and only as long as we need it to provide the service. When you delete your account (via Delete Account in the app's Settings page, or via our public deletion-request form at wellnessproject.ai/delete-account if you cannot sign in), we delete the underlying records from our active production databases promptly (typically within 30 days). Encrypted backups roll off on a finite schedule (currently 30–90 days), after which the deleted data ages out of backups as well. We may retain a minimal set of records longer where required for legal, tax, fraud-prevention, or dispute-resolution purposes, and will keep any such retention narrowly scoped and protected.

12. Your Rights and Controls

You can exercise the following controls at any time, free of charge:

• Access: review everything you have logged directly inside the app.
• Download (Export): use Export All My Data at the bottom of the Settings page to receive a complete copy of your data in spreadsheet form.
• Delete: use Delete Account at the bottom of the Settings page, submit a request at our public deletion form at wellnessproject.ai/delete-account (no sign-in required), or email us, to permanently delete your account and associated data.
• Disconnect integrations: turn off Apple Health (iOS), Android Health Connect (Android), Fitbit, Oura, Google, an AI provider, or any other third-party connection from the Settings page. Disconnecting halts further data flow with that service.
• Opt out of promotional email: click “unsubscribe” in any promotional email.
• Correct or amend: edit or delete any individual log entry directly in the app.

Depending on where you live, you may have additional rights under applicable privacy law (for example, the California Consumer Privacy Act, the Washington My Health My Data Act, and the Connecticut, Nevada, and Colorado consumer-health-data statutes). We honor those rights regardless of where you reside; to exercise them formally, email us at the address in Section 16.

13. Cookies & Authentication

We use cookies and browser storage solely for authentication (keeping you logged in) and for remembering your basic preferences. We do not use advertising or cross-site tracking cookies, and we do not embed third-party marketing pixels or analytics that track you off the service.

14. Children

The service is intended for adults aged 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, contact us and we will promptly delete it.

15. Changes to This Policy

We may update this policy from time to time. If we make a material change — especially one that narrows your rights or expands the categories of data we collect — we will provide reasonable advance notice (by email to the address on file, by an in-app notice, or both) before the change takes effect. Non-material updates (wording, clarifications, structural changes) may be made by updating the date at the top of this page. Continued use of the Service after a change takes effect constitutes acceptance of the updated policy going forward.

Prospective vs. retroactive changes. A change that introduces a new data-sharing, data-sale, advertising, or similar monetization use of personal or health data takes effect only on a prospective basis — that is, it applies only to data you submit, or events that occur, after the change becomes effective — unless you separately and affirmatively consent to apply the new use to data we collected earlier. Continued use of the Service after such a change is consent to the new practice going forward, but it is not, by itself, consent to apply any new monetization use to data we already hold.

16. Menstrual Cycle Data

Cycle tracking is an optional feature that requires a separate, un-bundled, affirmative consent before any data is collected. The consent screen explains exactly what is stored and can be declined at any time without affecting any other feature.

• What we store. Period start dates and period end dates you manually log. No symptom scores, no flow intensity, no inferred cycle states beyond calendar-anchored phase labels derived at read time. Phase labels are never stored as a column.
• No third-party egress. Cycle data is not sent to any AI provider, analytics service, error-monitoring tool, or advertising platform. Cycle routes are excluded from our error-monitoring service by configuration.
• No fertility prediction. This feature does not predict fertile days, ovulation, or safe periods. It is a wellness logging tool, not a contraceptive device.
• Your control. You can delete all cycle data permanently in one tap from the Cycle page in Health. Deleting your account also removes all cycle data. You can also disable the feature at any time in Settings without deleting your data.
• State law. We comply with the Washington My Health My Data Act and similar consumer-health-data statutes. Separate consent, the right to delete, and no sharing without additional consent apply to cycle data by design.

17. Contact

For questions about this privacy policy, to exercise a data right, to opt out of promotional emails, or to report a concern, contact Wellness Project LLC at support@wellnessproject.ai.