Privacy Policy

Last updated: January 1, 2026

1. Introduction

Welcome to Aurum Health ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

  • Account information (email address, name, profile picture)
  • Authentication credentials
  • Device information and identifiers
  • Usage data and analytics

2.2 Health Information

With your explicit consent, we collect health data from:

  • Apple HealthKit (heart rate, HRV, sleep, steps)
  • Google Health Connect (equivalent Android data)
  • Connected wearables (Oura Ring, Whoop, Garmin)
  • Manual entries you provide

2.3 AI Coach Conversations

When you use our AI Health Coach, we process your questions and health context to provide personalized responses. Conversations may be stored to improve the service.

3. How We Use Your Information

  • Calculate your Aurum Score and health insights
  • Provide personalized recommendations via AI Coach
  • Display trend analysis and progress tracking
  • Send notifications and reminders (with your consent)
  • Improve our Service through anonymized analytics
  • Provide customer support
  • Comply with legal obligations

4. Data Sharing and Disclosure

We do NOT sell your personal or health information. We may share data with:

  • Service Providers: Cloud hosting (Supabase), AI processing (Anthropic) - under strict data protection agreements
  • Legal Requirements: When required by law or to protect rights
  • Business Transfers: In the event of a merger or acquisition
  • With Your Consent: For any other purpose you explicitly approve

5. Data Security

We implement industry-standard security measures to protect your data:

  • End-to-end encryption for data in transit (TLS 1.3)
  • AES-256 encryption for data at rest
  • Secure authentication via Supabase Auth
  • Regular security audits and penetration testing
  • SOC 2 Type II compliant infrastructure

6. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in a standard format
  • Opt-out: Disable data collection at any time

To exercise these rights, email us at [email protected]

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we remove your personal data within 30 days, except where required by law. Anonymized, aggregated data may be retained indefinitely for analytics.

8. Children's Privacy

Our Service is not intended for children under 13 (or 16 in the EEA). We do not knowingly collect data from children. If you believe a child has provided us data, please contact us immediately.

9. International Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards (Standard Contractual Clauses) are in place for international transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us:

  • Email: [email protected]
  • Address: Aurum Health Inc., 123 Health Way, San Francisco, CA 94102