Legal

Privacy Policy

Last updated: December 4, 2024

Your privacy matters to us. This policy explains how we collect, use, and protect your personal and health information in plain language.

GDPR Compliant
HIPAA Compliant
Encrypted Storage

At A Glance

Here's the short version of what you need to know about your data:

We Protect Your Data

All your health information is encrypted using AES-256 encryption, both in transit and at rest.

We Never Sell Your Data

Your personal and health information is never sold to third parties. Period.

You're In Control

Access, download, or delete your data anytime. It's your information.

We Follow The Rules

We comply with GDPR, HIPAA, and other privacy regulations to keep you protected.

Information We Collect

We collect information you provide directly and data from connected services to power your personalized wellness experience.

Personal Information

  • Name, email address, and contact details
  • Date of birth and demographic information
  • Account credentials (passwords are always encrypted)
  • Profile photo and preferences

Health Information

To provide personalized insights, we collect health data including:

Sleep Data
Recovery & HRV
Activity & Workouts
Nutrition
Supplements
Lab Results
Wearable Data
Clinical Notes

Connected Services

When you connect third-party services, we receive data from:

  • WHOOP - Sleep, recovery, strain, and heart rate data
  • Oura Ring - Sleep, readiness, and activity data
  • Apple Health - Workouts, sleep, and health metrics
  • Stripe - Payment processing (tokenized, we never see your full card number)

Technical Information

  • Log data (IP address, browser type, pages visited)
  • Device information and identifiers
  • How you interact with our platform features
  • Performance and error data to improve the service

How We Use Your Data

We use your information to provide, personalize, and improve your wellness experience:

Powering Your Experience

  • Display your health metrics and generate personalized insights
  • Sync data from your wearables and connected devices
  • Enable AI-powered health recommendations through Lyv
  • Process appointments and facilitate communication with practitioners

Keeping You Informed

  • Send appointment reminders and health notifications
  • Deliver weekly health summaries and insights
  • Alert you to important account and security updates

Improving Our Service

  • Analyze aggregated, anonymized data to improve AI algorithms
  • Enhance correlation detection and health predictions
  • Develop new features based on usage patterns

What This Means For You

Your data powers the personalized recommendations and insights you see in your dashboard. The more data we have, the more accurate and helpful our AI coaching becomes.

Data Sharing

We Never Sell Your Data

Let's be clear: we will never sell, rent, or lease your personal health information to third parties for marketing purposes.

We only share your data in these specific circumstances:

With Your Consent

  • When you authorize sharing data with your healthcare practitioners
  • When you connect third-party services (WHOOP, Oura, Apple Health)
  • When you request data export in PDF, CSV, or JSON format

Service Providers

We work with trusted partners who help us operate the platform:

  • Vercel & AWS - Cloud hosting and storage
  • Neon - Encrypted database hosting
  • Stripe - Payment processing
  • Anthropic - AI services for health insights
  • SendGrid - Transactional emails

All service providers operate under strict agreements and use data only for authorized purposes.

Legal Requirements

We may disclose information when required by law, court order, or to protect health and safety in emergencies.

How We Protect Your Data

We implement industry-leading security measures to keep your health information safe:

Encryption

AES-256 encryption at rest and TLS 1.3 in transit protects all your data.

Access Controls

Role-based permissions and multi-factor authentication keep access secure.

Audit Logging

All data access is logged with timestamps, providing a complete audit trail.

Regular Testing

Quarterly security audits and penetration testing ensure ongoing protection.

Security Best Practices

Enable two-factor authentication in your account settings for an extra layer of protection.

Your Rights

You have full control over your personal data. Here's what you can do:

Access Your Data

Request a complete copy of all personal data we hold about you.

Correct Your Data

Fix any inaccuracies in your personal information.

Delete Your Data

Request deletion of your account and associated data.

Export Your Data

Download your data in machine-readable formats (JSON, CSV, PDF).

Restrict Processing

Limit how we use your data while we address your concerns.

Object to Processing

Opt out of certain data uses including marketing.

Withdraw Consent

Change your mind about data processing at any time.

How To Exercise Your Rights

Email privacy@optimal-os.co or use the Settings > Privacy > Data Management section in the app. We'll respond to requests within 30 days.

Data Retention

We keep your data only as long as necessary to provide our services:

While Your Account Is Active

We retain all your health data to power your personalized experience.

30-Day Grace Period

After account deletion, data is retained for 30 days in case you change your mind.

Permanent Deletion

After 30 days, all personal data is permanently deleted. Encrypted backups are purged within 90 days.

Audit Logs

Anonymized audit logs are retained for 6 years for HIPAA compliance.

International Data Transfers

Your data is primarily stored and processed in the United States through our cloud infrastructure providers (Vercel, AWS).

For EU/UK Users

Data transfers from the European Economic Area or United Kingdom are protected by Standard Contractual Clauses (SCCs) approved by the European Commission. Your GDPR rights remain fully enforceable.

Cookies & Tracking

We use cookies and similar technologies to keep you logged in and understand how you use our platform.

Essential Cookies

Required for the platform to function. These maintain your login session and security.

Functional Cookies

Remember your preferences like theme settings and language. You can disable these.

Analytics Cookies

Help us understand how you use the platform so we can improve. No health data is included. Opt-out available.

You can manage your cookie preferences through your browser settings or our cookie banner. See our Cookie Policy for full details.

Contact Us

Questions about this Privacy Policy or your data? We're here to help.

Data Protection Officer

privacy@optimal-os.co

General Support

support@optimal-os.co

Postal Address

Optimal Health Ltd.
Privacy Office
London, UK

File a Complaint

If you believe your privacy rights have been violated, you can file a complaint with us at privacy@optimal-os.co or with your local data protection authority. You will not face retaliation for filing a complaint.

Updates To This Policy

We may update this Privacy Policy from time to time. When we make material changes, we'll notify you via email and with a prominent notice in the app. Your continued use after changes become effective constitutes acceptance of the updated policy.

Was this page helpful?

Terms of ServiceCookie PolicyAccessibilityBack to Login