Privacy Policy

1. Information We Collect

• Account and contact data, such as email address, account identifiers, and support messages.
• Health and wellness data you provide directly, including nutrition logs, vitals, fasting records, lab results, supplements, and habits.
• Data you authorize from Apple Health/HealthKit and connected services (e.g., heart rate, sleep, workouts, glucose).
• Technical and usage data, such as app version, crash logs, device type, and anonymized interaction analytics.
• Subscription and billing metadata from Apple (we never receive or store your full payment card details).

2. On-Device Data Storage

Human Codex is designed with a privacy-first, on-device architecture. Your personal health data—including nutrition, vitals, fasting, labs, and HealthKit data—is stored locally on your device using Apple's SwiftData framework. This data is not uploaded to external servers unless you explicitly enable a feature that requires cloud processing.

3. AI Processing and Language Models

Human Codex uses artificial intelligence, including large language models (LLMs), to generate personalized health insights, action plans, and recommendations. When AI features are used:

• Relevant data excerpts may be sent to AI service providers for processing in order to generate insights.
• Data sent to AI providers is used solely to fulfill your request and is not retained by those providers for training purposes.
• AI-generated content is informational only and does not constitute medical advice.
• We continuously evaluate AI providers for privacy, security, and data-handling compliance.

4. How We Use Information

• Provide and improve personalized health insights, action plans, and product features.
• Maintain service security, quality, reliability, and fraud prevention.
• Process subscriptions, customer support, and operational communications.
• Comply with legal obligations and enforce our Terms of Service.
• Develop and improve the AI models and algorithms that power the Services (using only anonymized, aggregated data).

5. Health Data and HealthKit Commitments

We treat health-related data as sensitive data. For data obtained through Apple Health/HealthKit, we strictly follow Apple's platform requirements:

• HealthKit data is never used for advertising, ad-targeting, data mining, or data brokerage.
• Health data is never sold to third parties.
• Health data is shared only when strictly necessary to provide a requested feature, or when required by law.
• We do not write false, misleading, or clinically unsafe data into HealthKit.
• You can disable Health integrations from iOS Settings > Privacy > Health and within the app at any time.

6. How We Share Information

We may share information with:

• Service providers acting on our instructions (hosting, analytics, AI processing, customer support, and infrastructure), under contractual data-protection obligations.
• Professional advisors and auditors under confidentiality obligations.
• Authorities where required by law, court order, or legal process.
• Successors in a merger, acquisition, or asset transfer, subject to this Policy and applicable law.

7. Cookies and Website Analytics

Our website may use essential cookies and privacy-respecting analytics to understand traffic and improve the user experience. We do not use cookies for advertising or cross-site tracking.

8. Legal Bases and Consent

Depending on your jurisdiction, we process information based on your consent, performance of a contract (providing the Services), legitimate interests (such as product security and improvement), and compliance with legal obligations. You may withdraw consent at any time.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described above, including legal, tax, security, and dispute-resolution needs. On-device data persists until you delete the app or clear data within the app. Retention periods for any cloud-processed data vary by data type and legal requirements.

10. Security

We use administrative, technical, and organizational safeguards designed to protect personal data, including sensitive health data, against unauthorized access, disclosure, alteration, and destruction. On-device storage benefits from Apple's hardware-level encryption and the iOS security model.

11. U.S. Health Privacy Laws

• HIPAA scope: Unless explicitly stated in a separate agreement, Human Codex does not act as a HIPAA covered entity or business associate. The Services are intended for consumer self-management and wellness purposes.
• Health breach notifications: Where applicable, we follow U.S. breach-notification obligations, including the FTC Health Breach Notification Rule and applicable state breach-notification laws.

12. U.S. State Privacy Rights (Including CCPA)

Depending on your state of residence (including California, Virginia, Colorado, Connecticut, and others with comprehensive privacy laws), you may have the right to:

• Access, correct, or delete your personal data.
• Obtain a portable copy of your data.
• Opt out of the sale or sharing of personal data. We do not sell your personal data.
• Appeal certain privacy decisions.

To exercise your rights, contact us at privacy@humancodex.com. We will respond within the time frame required by applicable law.

13. Children

Our Services are not directed to children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal data from children without legally required parental consent. If you believe a child has provided data to us, please contact us for prompt deletion.

14. International Transfers

If information is transferred across international borders (for example, to AI processing providers), we use contractual and operational safeguards designed to protect data in line with applicable law, including Standard Contractual Clauses where required.

15. Changes to This Policy

We may update this Policy periodically. Material updates will be communicated through the app, website, or other appropriate channels. The "Effective date" at the top will always reflect the latest version.