Purpose

This page explains how Health Atlas handles user data across its lifecycle: collection, processing, storage, retention, sharing, and request-based actions such as export or deletion.

Data Categories

  • Account and authentication data (name, email, password hash, sessions, tokens, account identifiers, social sign-in claims).
  • Profile and preference data (goal setup, body metrics, onboarding selections, notification preferences).
  • App content data (nutrition logs, ingredients, foods, recipes, plans, workouts, exercise history, health insights, and saved content).
  • Optional integration data (for example Apple Health, if connected by the user).
  • AI interaction data (chat prompts and responses, nutrition-label scan inputs, voice-chat transcripts, image-generation prompts and outputs).
  • Support data (feedback messages, attachments, user agent details, admin notes).
  • Subscription data (plan, entitlement, provider metadata, billing-period data, payment-event records).
  • Notification data (email and push preferences, device tokens, delivery logs, automation events).
  • Operational, analytics, attribution, and diagnostic data (service reliability logs, analytics events, crash data, and website attribution only after consent).

Collection and Processing

We process data to:

  • Provide core app features.
  • Authenticate users and protect account security.
  • Sync, summarize, and personalize health and fitness data.
  • Operate subscription billing, entitlement access, and payment-event workflows.
  • Deliver transactional, promotional, and support communications within user preference limits.
  • Run AI-powered features such as chat, nutrition-label extraction, plan generation, Health Trends insights, and voice chat.
  • Maintain service reliability, prevent abuse, and investigate incidents.
  • Improve product quality and support user requests.
  • Measure campaign performance when optional website consent is granted.

Apple Health data is processed only for the features you enable and only leaves the device when you choose to sync. We do not sell health data.

On-Device vs. Server Processing

  • Apple Health permissions are granted on-device by you through Apple Health and iOS permission prompts.
  • Synced Apple Health data is then stored on our servers so it can power trends, summaries, and related app features.
  • Raw voice-chat audio is processed to produce the conversation experience, while the persistent account record is the resulting text transcript stored in conversation history.
  • Nutrition label images are processed to return structured nutrition results. We do not write the raw label image into your normal account database records as part of the standard scan flow.
  • Support screenshots or photos are stored with the related feedback ticket.

Storage and Access Controls

  • Data is stored in managed infrastructure environments.
  • Access is limited to authorized systems and personnel with role-based controls.
  • Internal admin tools are used to review support tickets, delivery logs, subscription status, and operational metrics.
  • Security controls are reviewed and updated as part of standard operations.
  • Data in transit is protected with HTTPS in production environments.

Processors and Service Providers

We use service providers to support parts of the product. Depending on the feature, this can include providers for:

  • authentication and identity,
  • subscriptions and billing,
  • email and push delivery,
  • crash reporting and diagnostics,
  • AI and model inference,
  • hosting, storage, and infrastructure.

Examples of providers used in the product may include Google, Apple, OpenAI, RevenueCat, Resend, Firebase Cloud Messaging, and Sentry.

Retention

We retain data while accounts are active and as needed for:

  • Service continuity and troubleshooting.
  • Security monitoring and fraud prevention.
  • Subscription, finance, and audit recordkeeping.
  • Support history and incident follow-up.
  • Legal and compliance obligations.

Retention periods may differ by data type.

Typical handling patterns include:

  • Core account, nutrition, workout, chat, synced health, and preference data: retained while the account remains active.
  • Notification delivery and analytics events: retained while needed for communications history, rate limiting, product analytics, and troubleshooting.
  • Feedback and support records: may be retained longer than account content when needed for support, abuse prevention, dispute handling, or product quality review.
  • Billing and subscription-event records: may be retained for finance, tax, fraud-prevention, and audit purposes.

Consent and Attribution Controls

  • Optional website analytics and attribution are enabled only after explicit consent.
  • Consent can be accepted, rejected, or reset from website controls.
  • Attribution fields may be attached to signup or signin events when website consent is enabled.
  • The native app does not rely on website cookie banners for core product use.

Export and Deletion Requests

You can request data export or deletion through support.

  • Requests require identity verification to protect account privacy.
  • We process requests according to applicable law and operational requirements.
  • If full deletion cannot be completed immediately (for legal or security reasons), restricted retention controls are applied.

Deletion workflow defaults:

  • Soft deletion is applied immediately when an account deletion request is confirmed.
  • Hard deletion of core account data is scheduled within 30 days by default.
  • Some limited records may be retained longer when needed for security, fraud prevention, billing, tax, legal compliance, or support history.

Incident Response

We monitor for security incidents and follow internal response procedures that include investigation, containment, remediation, and required notifications.

Regional Rights

Where applicable, users may exercise rights such as access, correction, deletion, portability, restriction, or objection through support workflows.

Practical Controls Available in the Product

  • Update notification preferences in the app.
  • Delete conversations or content in the app where those controls are available.
  • Disconnect Apple Health and revoke health permissions from device settings.
  • Use account-deletion controls in the product or contact support for manual help.
  • Reset or reject website analytics and attribution consent from the website consent controls.

Contact and Requests