Who This Policy Covers

This Privacy Policy applies to Health Atlas website and app experiences, including account sign-in, nutrition tracking, meal planning, workout planning, Apple Health sync, AI features, subscriptions, notifications, and support.

Information We Collect

We collect information you provide directly, information created through your use of the service, and optional data from integrations or providers you choose to use.

Account, authentication, and profile information

  • Name and email address.
  • Password hashes, session records, authentication tokens, and account identifiers.
  • Profile and preference details such as age, height, weight, target weight, weeks to goal, goal type, and notification settings.
  • Basic account details returned by Google or Apple when you use social sign-in.

Nutrition, workout, and planning information

  • Meals, foods, custom ingredients, recipes, pantry items, daily logs, tomorrow plans, and saved meal templates you create in the app.
  • Workout plans, workout sessions, exercise history, training preferences, fitness onboarding selections, and related context you add in the product.
  • Goal-setting inputs and generated health or calorie targets used to personalize your plan.

Health and fitness integration data

  • If you connect Apple Health, we process only the data made available by your granted permissions.
  • Apple Health data remains on your device unless you explicitly run a sync action in the app.
  • Synced data can include steps, calories, distance, sleep, heart rate, resting heart rate, heart-rate variability, respiratory rate, oxygen saturation, weight, workouts, and derived daily snapshots or trends.
  • We do not sell Apple Health data or other personal health information.
  • You can disconnect integrations at any time in the app settings.

AI, chat, and media inputs

  • Text prompts, chat conversations, and generated responses when you use AI chat or planning features.
  • Nutrition label photos and related hints when you ask the app to extract nutrition details from an image.
  • Voice-chat audio sent for transcription and response generation, plus the resulting stored text transcripts.
  • Image-generation prompts and outputs when you use AI image features.

Feedback and support information

  • Feedback category, support message content, screenshots or photos you attach, user agent details, and any related admin notes used to manage the request.

Subscription and billing information

  • Subscription plan, entitlement, provider, product identifier, renewal period, status, and event history.
  • Transaction metadata returned by billing providers, app stores, or subscription platforms.
  • We do not store full payment card numbers in our application database. Payment method handling is performed by the relevant app store, checkout provider, or subscription platform.

Notifications and communications

  • Email and push notification preferences.
  • Push device records such as device token, platform, device identifier, app version, and last seen time.
  • Delivery, failure, and engagement events related to email, push, and in-app notifications.

Usage, diagnostics, and technical data

  • Device, browser, app version, and operating environment details.
  • Product usage analytics, feature events, local date or timezone snapshots, and API activity used to understand adoption and reliability.
  • Crash and diagnostic data used to troubleshoot and improve the service.
  • Security, fraud-prevention, and abuse-monitoring logs.

Website consent, cookies, and attribution

  • On our website, optional analytics and attribution technologies are enabled only after consent.
  • When consent is granted, we may store marketing attribution fields such as UTM source, medium, campaign, term, content, referrer, landing path, and first/last seen timestamps.
  • You can accept, reject, or reset your choice from the website cookie controls.
  • The native app does not rely on website cookie banners for in-app feature use.

How We Use Information

We use information to:

  • Create and maintain your account.
  • Authenticate users, support password recovery, and secure sessions.
  • Deliver product functionality such as nutrition tracking, workout planning, progress tracking, Apple Health sync, and personalized insights.
  • Process subscription state, entitlements, renewals, billing issues, upgrades, downgrades, and restore flows.
  • Send transactional emails, push notifications, and in-app messages, and send promotional communications when your settings allow it.
  • Power AI features such as chat responses, nutrition-label extraction, voice interactions, plan generation, and Health Trends insights.
  • Operate, secure, monitor, debug, and improve the service.
  • Respond to feedback, bug reports, support requests, and trust-and-safety issues.
  • Measure campaign and product performance when optional website analytics consent is granted.

Legal Bases (Where Applicable)

Depending on your location, our processing may rely on:

  • Contract performance (providing the requested service).
  • Legitimate interests (security, reliability, and service improvement).
  • Consent (for optional website analytics or attribution technologies, optional integrations, and permissions-based device data such as Apple Health).
  • Legal obligations (compliance and recordkeeping).

How We Share Information

We do not sell personal information.

We may share information with:

  • Service providers who support hosting, storage, analytics, communications, subscriptions, AI processing, customer support, and operations.
  • Authentication providers when you use Google or Apple sign-in.
  • AI providers when you submit prompts, voice audio, or images for AI-powered features.
  • Subscription and billing providers to manage entitlements, web billing, and app-store purchases.
  • Email and push delivery providers to send messages you ask us to send or have enabled in your settings.
  • Diagnostics and security providers to monitor service health and investigate incidents.
  • Professional advisors or authorities when required by law or to protect rights and safety.

Examples of providers used in the product may include Google, Apple, OpenAI, RevenueCat, Resend, Firebase Cloud Messaging, and Sentry. Providers can change over time as the product evolves.

We do not use your health, nutrition, chat, or support content for third-party advertising.

What We Store vs. What We Process Transiently

  • We store account records, app content you save, notification preferences, subscription state, analytics events, support tickets, and chat transcripts.
  • Apple Health data is synced only when you choose to sync it.
  • Raw voice audio used for voice chat is processed to create the experience, while the stored account record is the resulting text conversation history rather than the raw audio stream.
  • Nutrition label images are processed to extract structured nutrition data. The extracted result may be saved if you turn it into an ingredient or food entry, but the raw label image is not stored in your normal account records as part of the standard scan flow.
  • Support screenshots or photos are stored with the related feedback request.

Your Choices

  • Manage cookie consent from website controls.
  • Update push and email notification settings in the app.
  • Request access, correction, export, or deletion through support.
  • Disconnect optional integrations and revoke Apple Health permissions from your device settings.
  • Delete conversations or content in the app where those controls are available.
  • Close your account from in-app deletion controls or by contacting support.

Data Retention

We keep information for as long as needed to provide the service and meet legal, security, support, billing, and operational obligations. Retention periods vary by data type.

Examples:

  • Account, nutrition, workout, conversation, analytics, notification, and synced health records are generally retained while your account is active.
  • Support and feedback records may be retained longer if needed to resolve disputes, investigate abuse, improve product quality, or comply with legal obligations.
  • Subscription and payment-event records may be retained for finance, fraud-prevention, tax, and audit purposes.

If you request account deletion, we soft-delete your account immediately and schedule hard deletion of core account data within 30 days by default, unless a longer retention window is required by law, security, fraud prevention, or other legitimate operational needs.

Security

We use technical and organizational safeguards designed to protect personal data. No system is perfectly secure, but we continuously monitor and improve our controls.

Children

The service is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

Policy Updates

We may update this policy periodically. The "Updated" date at the top of this page reflects the latest version.

Contact

For privacy requests: