Priority Number One

This separate and distinct Consumer Health Data Privacy Policy supplements our main Privacy Policy. It applies specifically to consumers residing in the State of Washington, or whose consumer health data is collected within Washington, pursuant to the Washington My Health My Data Act (MHMDA).

Because our artificial intelligence (AI) algorithms estimate caloric and nutritional intake based on user-generated food logs, the algorithmic outputs may constitute inferences regarding dietary habits, restrictions, and nutritional intake. Under Washington law, these inferences are classified as regulated "Consumer Health Data."

We absolutely do not sell Consumer Health Data. We will never sell your biometric data, your food logs, or the health inferences generated by our AI to any data brokers, advertising networks, or third parties under any circumstances.

We do not rely on a single, generalized checkbox (such as "I agree to the Terms and Privacy Policy") to obtain your consent in Washington.

• Consent to Collect: You will be asked for an affirmative, opt-in consent specifically before we collect your consumer health data.
• Consent to Share: Because we securely transmit data to third-party AI processors (like OpenAI or Google Gemini) and cloud hosts to provide our core features, you must provide a separate and distinct opt-in consent to allow us to "share" that data with our processors.

These consent requests are never bundled together, hidden in broader agreements, or presented via pre-checked boxes.

You possess a fundamental right to access and control your data. Our application settings and this website provide an easy, conspicuously available process for you to exercise your rights. You may:

• Request access to your Consumer Health Data.
• Request permanent deletion of your data.
• Easily withdraw your consent for data collection and sharing.

To initiate a request, please use the in-app account management tools or email us directly at [email protected]. We are legally required to respond to these requests within forty-five (45) days.

If we deny a data rights request (for instance, if we cannot verify your identity or locate your account), we will provide you with a method to appeal our decision. We have forty-five (45) days to respond to an appeal in writing. If we deny the appeal, we are legally obligated to provide you with a method and link to contact the Washington State Attorney General to file a formal complaint.

We ensure that all contracts with our third-party processors (such as our cloud hosting providers and AI partners like OpenAI or Google Gemini) explicitly and contractually bind them to process your health data *only* in ways that are consistent with our privacy policies. These processors act solely on our behalf and are strictly prohibited from utilizing your data for their own independent purposes, such as training public AI models.

We have established and maintain administrative, technical, and physical security practices that satisfy a "reasonable standard of care" within the digital health industry. This includes robust encryption protocols (e.g., TLS for data in transit) to protect the confidentiality and integrity of your health data. Operationally, internal access to this health data is strictly restricted solely to the personnel who absolutely require access to maintain and operate the application's services.

Our application never utilizes location tracking or GPS technology to establish a virtual boundary (a "geofence") around any in-person healthcare facilities, clinics, or hospitals. We are strictly prohibited from identifying consumers, collecting data, or sending targeted notifications or advertisements based on proximity to medical locations.