Effective Date: March 20, 2026 | Last Updated: March 29, 2026
integratedHER ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use the integratedHER mobile application ("the App").
1. Consent & Affirmative Opt-In
We collect your health data only after you provide affirmative consent during the onboarding process. Before any health data is collected or processed, you must:
Acknowledge that you have read and agree to this Privacy Policy
Consent to the collection and processing of your health data for wellness pattern analysis
Acknowledge that integratedHER provides wellness observations, not medical advice
You may withdraw your consent at any time through your profile settings. Withdrawing consent will stop future data collection and AI analysis. You may also request deletion of all previously collected data at any time.
2. What We Collect
We collect the following categories of information that you voluntarily provide:
Category
Examples
Purpose
Account Information
Email address, display name
Authentication, communication
Health Profile
Age, cycle status, medications, supplements, known conditions, allergies, diet type, activity level, skin type, Fitzpatrick tone
Personalized wellness observations
Daily Check-In Data
Mood, energy level, sleep quality, digestion, symptoms, lifestyle tags, cycle day, period flow, skin/hair/nail observations, facial puffiness
What we do NOT collect: We do not collect location data, contacts, photos, browsing history, device identifiers for advertising, or any data beyond what you voluntarily enter in the App.
3. How We Use Your Data
Pattern Analysis: Your daily check-in data is analyzed locally and via our AI service to identify wellness patterns and trends.
AI-Powered Insights: Your health profile and check-in data are sent to our AI provider (Anthropic/Claude) to generate personalized wellness observations. Your name, email, and account identifiers are never included in AI analysis requests.
Baseline Comparison: Your aesthetic baseline data is compared against recent tracking data to detect changes over time.
Education: We use your detected patterns to surface relevant pre-written educational health articles.
4. What We Do NOT Do
We do not diagnose, treat, cure, or prevent any disease
We do not sell, rent, or trade your personal data to anyone
We do not share your health data with advertisers or data brokers
We do not use your data for targeted advertising
We do not provide medical advice — all AI-generated insights are wellness observations
We do not use your data to train AI models — our AI provider (Anthropic) does not use API inputs for model training
5. Third-Party Processing
We share data with the following service providers, strictly for the purposes described:
Service
Purpose
Data Shared
Data Retention by Provider
Supabase
Database, authentication, cloud functions
All app data (encrypted at rest and in transit)
Until you delete your account
Anthropic (Claude AI)
Wellness pattern analysis
Health profile and check-in data only (no name, email, or account ID)
Not retained — processed and discarded per Anthropic's API data policy
We do not share your data with any other third parties. If this changes, we will update this policy and notify you before sharing begins.
6. Data Storage & Security
Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.2+)
Row-Level Security: Database-level enforcement ensures no user can access another user's data
Authentication: Secure JWT-based authentication via Supabase Auth
Access Controls: Only essential personnel have access to production infrastructure. No employee can view individual user health data without a documented support request.
7. Your Rights
You have the following rights regarding your data:
Access: You can view all your data within the App at any time
Deletion: You can permanently delete your account and all associated data at any time from your profile settings. Deletion is immediate and irreversible — we perform a hard delete of all your records, including daily logs, patterns, assessments, health insights, and profile data.
Consent Withdrawal: You can revoke AI analysis consent at any time in your profile settings. This immediately stops future AI analysis.
Data Portability: You have the right to receive your data in a portable format. Contact us for export requests.
Non-Discrimination: We will not discriminate against you for exercising any of these rights.
8. Data Retention
We retain your data for as long as your account is active.
When you delete your account, all personal data is permanently and irreversibly deleted immediately. We do not retain any health data after account deletion.
We retain anonymized, aggregated usage statistics (e.g., total user count) that cannot be linked back to any individual.
Consent records and deletion audit logs may be retained for up to 3 years to comply with legal obligations.
9. Breach Notification
In the event of unauthorized access to your health data:
We will notify affected users within 60 days of discovering the breach, in compliance with the FTC Health Breach Notification Rule (16 CFR Part 318).
We will notify the Federal Trade Commission as required by law.
Notification will include the nature of the breach, the types of data affected, and steps you can take to protect yourself.
10. Children's Privacy
integratedHER is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors. If we learn that we have collected data from a user under 18, we will delete it promptly.
11. Washington State Residents
Under the Washington My Health My Data Act (RCW 19.373), Washington residents have the following specific rights:
Affirmative consent: We will not collect or share your health data without your prior, affirmative opt-in consent
Right to know: You have the right to know what health data we collect, how it is used, and who it is shared with (detailed in Sections 2, 3, and 5 above)
Right to withdraw consent: You may withdraw consent for health data collection at any time
Right to deletion: You may request and receive deletion of your health data. We process deletion requests immediately.
Non-discrimination: We will not discriminate against you for exercising any of these rights
Geofencing prohibition: We do not use geofencing around healthcare facilities
No sale of health data: We do not sell or offer to sell your health data
To exercise your rights under this Act, you may use the in-app deletion feature, revoke consent in your profile settings, or contact us at the email below.
12. California Residents
Under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA):
Health data is treated as sensitive personal information
You have the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale
We do not sell personal information
You may exercise your rights by using the in-app features or contacting us at the email below
13. International Users
integratedHER is operated from the United States. If you are accessing the App from outside the US, your data will be transferred to and processed in the United States. By using the App and providing consent, you agree to this transfer.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the App or via email at least 30 days before the changes take effect. Your continued use of the App after changes constitutes acceptance of the updated policy. If you do not agree with any changes, you may delete your account.
Contact Us
If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about your data, contact us at:
