Back to Login

    Legal

    Privacy Policy

    Last updated: December 4, 2024

    Your privacy matters to us. This policy explains how we collect, use, and protect your personal and health information in plain language.

    GDPR Compliant
    HIPAA Compliant
    Encrypted Storage

    At A Glance

    Here's the short version of what you need to know about your data:

    We Protect Your Data

    All your health information is encrypted using AES-256 encryption, both in transit and at rest.

    We Never Sell Your Data

    Your personal and health information is never sold to third parties. Period.

    You're In Control

    Access, download, or delete your data anytime. It's your information.

    We Follow The Rules

    We comply with GDPR, HIPAA, and other privacy regulations to keep you protected.

    Information We Collect

    We collect information you provide directly and data from connected services to power your personalized wellness experience.

    Personal Information

    • Name, email address, and contact details
    • Date of birth and demographic information
    • Account credentials (passwords are always encrypted)
    • Profile photo and preferences

    Health Information

    To provide personalized insights, we collect health data including:

    Sleep Data
    Recovery & HRV
    Activity & Workouts
    Nutrition
    Supplements
    Lab Results
    Wearable Data
    Clinical Notes

    Connected Services

    When you connect third-party services, we receive data from:

    • WHOOP - Sleep, recovery, strain, and heart rate data
    • Oura Ring - Sleep, readiness, and activity data
    • Apple Health - Workouts, sleep, and health metrics
    • Stripe - Payment processing (tokenized, we never see your full card number)

    Technical Information

    • Log data (IP address, browser type, pages visited)
    • Device information and identifiers
    • How you interact with our platform features
    • Performance and error data to improve the service

    How We Use Your Data

    We use your information to provide, personalize, and improve your wellness experience:

    Powering Your Experience

    • Display your health metrics and generate personalized insights
    • Sync data from your wearables and connected devices
    • Enable AI-powered health recommendations through Lyv
    • Process appointments and facilitate communication with practitioners

    Keeping You Informed

    • Send appointment reminders and health notifications
    • Deliver weekly health summaries and insights
    • Alert you to important account and security updates

    Improving Our Service

    • Analyze aggregated, anonymized data to improve AI algorithms
    • Enhance correlation detection and health predictions
    • Develop new features based on usage patterns

    What This Means For You

    Your data powers the personalized recommendations and insights you see in your dashboard. The more data we have, the more accurate and helpful our AI coaching becomes.

    Data Sharing

    We Never Sell Your Data

    Let's be clear: we will never sell, rent, or lease your personal health information to third parties for marketing purposes.

    We only share your data in these specific circumstances:

    With Your Consent

    • When you authorize sharing data with your healthcare practitioners
    • When you connect third-party services (WHOOP, Oura, Apple Health)
    • When you request data export in PDF, CSV, or JSON format

    Service Providers

    We work with trusted partners who help us operate the platform:

    • Vercel & AWS - Cloud hosting and storage
    • Neon - Encrypted database hosting
    • Stripe - Payment processing
    • Anthropic - AI services for health insights
    • SendGrid - Transactional emails

    All service providers operate under strict agreements and use data only for authorized purposes.

    Legal Requirements

    We may disclose information when required by law, court order, or to protect health and safety in emergencies.

    How We Protect Your Data

    We implement industry-leading security measures to keep your health information safe:

    Encryption

    AES-256 encryption at rest and TLS 1.3 in transit protects all your data.

    Access Controls

    Role-based permissions and multi-factor authentication keep access secure.

    Audit Logging

    All data access is logged with timestamps, providing a complete audit trail.

    Regular Testing

    Quarterly security audits and penetration testing ensure ongoing protection.

    Security Best Practices

    Enable two-factor authentication in your account settings for an extra layer of protection.

    Your Rights

    You have full control over your personal data. Here's what you can do:

    Access Your Data

    Request a complete copy of all personal data we hold about you.

    Correct Your Data

    Fix any inaccuracies in your personal information.

    Delete Your Data

    Request deletion of your account and associated data.

    Export Your Data

    Download your data in machine-readable formats (JSON, CSV, PDF).

    Restrict Processing

    Limit how we use your data while we address your concerns.

    Object to Processing

    Opt out of certain data uses including marketing.

    Withdraw Consent

    Change your mind about data processing at any time.

    How To Exercise Your Rights

    Email privacy@optimal-os.co or use the Settings > Privacy > Data Management section in the app. We'll respond to requests within 30 days.

    Data Retention

    We keep your data only as long as necessary to provide our services:

    While Your Account Is Active

    We retain all your health data to power your personalized experience.

    30-Day Grace Period

    After account deletion, data is retained for 30 days in case you change your mind.

    Permanent Deletion

    After 30 days, all personal data is permanently deleted. Encrypted backups are purged within 90 days.

    Audit Logs

    Anonymized audit logs are retained for 6 years for HIPAA compliance.

    International Data Transfers

    Your data is primarily stored and processed in the United States through our cloud infrastructure providers (Vercel, AWS).

    For EU/UK Users

    Data transfers from the European Economic Area or United Kingdom are protected by Standard Contractual Clauses (SCCs) approved by the European Commission. Your GDPR rights remain fully enforceable.

    Cookies & Tracking

    We use cookies and similar technologies to keep you logged in and understand how you use our platform.

    Essential Cookies

    Required for the platform to function. These maintain your login session and security.

    Functional Cookies

    Remember your preferences like theme settings and language. You can disable these.

    Analytics Cookies

    Help us understand how you use the platform so we can improve. No health data is included. Opt-out available.

    You can manage your cookie preferences through your browser settings or our cookie banner. See our Cookie Policy for full details.

    Contact Us

    Questions about this Privacy Policy or your data? We're here to help.

    Data Protection Officer

    privacy@optimal-os.co

    General Support

    support@optimal-os.co

    Postal Address

    Optimal Health Ltd.
    Privacy Office
    London, UK

    File a Complaint

    If you believe your privacy rights have been violated, you can file a complaint with us at privacy@optimal-os.co or with your local data protection authority. You will not face retaliation for filing a complaint.

    Updates To This Policy

    We may update this Privacy Policy from time to time. When we make material changes, we'll notify you via email and with a prominent notice in the app. Your continued use after changes become effective constitutes acceptance of the updated policy.

    Was this page helpful?

    Terms of ServiceCookie PolicyAccessibilityBack to Login
    Contents0/10