Privacy Policy

Last Updated: June 11, 2026  |  Effective: June 11, 2026

Health and Beauty AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (the "App"). This policy applies globally and addresses the requirements of applicable privacy laws including the EU/UK GDPR, US state privacy laws (CCPA/CPRA, Virginia CDPA, Colorado CPA, and others), Brazil's LGPD, Canada's PIPEDA, Australia's Privacy Act, Japan's APPI, South Korea's PIPA, and other international data protection regulations.

This App is not a HIPAA-covered entity. However, as a health and wellness application, we are subject to the FTC Health Breach Notification Rule and treat all health-related data with the highest standard of care.

1. Data Controller & Privacy Officer

Data Controller: Health and Beauty AI is the data controller responsible for your personal data.

Privacy Officer / Data Protection Contact:

Email: privacy@healthbeauty.app

Website: healthbeauty.app

For EU/EEA/UK residents, you may also contact your local data protection supervisory authority. For Brazil residents, you may contact the Autoridade Nacional de Proteção de Dados (ANPD).

2. Information We Collect

2.1 Information You Provide Directly

2.2 Information Collected Automatically

2.3 Photo Data & Metadata

When you submit photos for AI analysis (food, supplements, progress photos):

2.4 Information from Device Permissions

The App requests the following permissions only when needed:

You may revoke any permission at any time through your device settings. Revoking permissions may limit certain features but will not affect your account or previously collected data.

3. Apple HealthKit Data

When you grant the App permission to read Apple HealthKit data, the following information may be synced: step counts, sleep analysis, and body weight measurements. This data is used exclusively to populate your health logs, personalize AI coaching responses, and display your progress within the App.

Apple HealthKit data is never used for advertising or marketing purposes, and is never sold or shared with data brokers or third-party advertisers. When HealthKit-derived data is included in an AI coaching or analysis request, it is forwarded to OpenAI or Google Gemini as described in Section 5 below, solely to generate your personalized response. Both providers are prohibited from using this data for any purpose other than fulfilling the request.

You can revoke HealthKit access at any time in iOS Settings > Health > Data Access & Devices > Health & Beauty AI.

4. Legal Basis for Processing

We process your personal data under the following legal bases (relevant to GDPR, UK GDPR, LGPD, and similar frameworks):

We have conducted a Data Protection Impact Assessment (DPIA) for our processing of health data at scale with AI providers, as required under GDPR Article 35. A summary is available upon request to our Privacy Officer.

5. AI Processing & How We Use Your Information

We use the information we collect for the following specific purposes:

5.1 AI Provider Safeguards

5.2 Automated Decisions

None of the automated outputs produced by our AI features produce legal effects or similarly significant effects on you. All AI-generated content is informational and advisory. The App does not make decisions about healthcare, insurance, employment, credit, or any other domain with legal significance. You may contest or disregard any AI recommendation, and you may request human review of any AI output by contacting our Privacy Officer.

6. Information Sharing & Disclosure

We do not sell, rent, lease, or trade your personal information. We do not share your data for third-party advertising or cross-context behavioral advertising.

6.1 Service Providers (Data Processors)

We share information with the following service providers, all bound by Data Processing Agreements:

6.2 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or other governmental request. We will notify you of such requests where legally permitted.

6.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice in the App before your data is transferred and becomes subject to a different privacy policy.

6.4 With Your Consent

We may share your information for purposes not described here only with your explicit, informed consent.

7. International Data Transfers

Your data is processed primarily in the United States. If you are located outside the United States, your data will be transferred internationally. We implement the following safeguards:

You may request details about the specific safeguards applied to your data transfers by contacting our Privacy Officer.

8. Data Retention

We retain your data for specific periods based on the type and purpose:

After account deletion, all personal data is permanently and irreversibly removed within 30 days, except where retention is required by law. We also instruct our processors to delete your data from their systems.

9. Your Rights and Choices

Depending on your location, you have some or all of the following rights. To exercise any right, contact privacy@healthbeauty.app. We will respond within the timeframe required by applicable law (typically 30–45 days).

9.1 Rights for All Users

9.2 EU/EEA & UK Residents (GDPR / UK GDPR)

In addition to the rights above, you have:

9.3 United States Residents (CCPA/CPRA and State Privacy Laws)

Depending on your state, you may have additional rights under state privacy laws including the CCPA/CPRA (California), CDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), TDPSA (Texas), and others.

9.4 Brazil Residents (LGPD)

Under the Lei Geral de Proteção de Dados, you have the right to access, correct, anonymize, block, delete, obtain data portability, and revoke consent. We process your sensitive health data exclusively based on your explicit consent (LGPD Article 11(I)). You may file a complaint with the ANPD at gov.br/anpd.

9.5 Canada Residents (PIPEDA)

You have the right to access your personal information, request corrections, and withdraw consent. You may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

10. Data Storage & Security

No method of electronic transmission or storage is 100% secure. While we implement commercially reasonable security measures, we cannot guarantee absolute security. In the event of a data breach involving your personal information, we will notify you and relevant authorities as required by applicable law, including within the timeframes mandated by the FTC Health Breach Notification Rule (60 days), GDPR (72 hours to supervisory authority), and applicable US state breach notification laws.

11. Account Deletion

To delete your account and all associated data:

  1. In-App: Go to Settings and tap "Delete Account"
  2. By Email: Send a message to privacy@healthbeauty.app with the subject "Account Deletion Request"

Deletion is permanent and irreversible. All health logs, food data, progress photos, chat history, supplement data, goals, and profile information are removed from our servers and all processor systems within 30 days.

12. Children's Privacy

The App is not intended for children under the age of 13 (16 in most EU member states under GDPR). We do not knowingly collect personal information from children below the applicable age. If you believe a child has provided us with personal information, please contact us immediately at privacy@healthbeauty.app. We will delete such information promptly.

13. Do Not Track & Global Privacy Control

The App does not track you across third-party websites. We honor Global Privacy Control (GPC) signals and similar universal opt-out mechanisms. When we detect a GPC signal, we treat it as a valid opt-out of any sale or sharing of personal information, as required by applicable US state laws.

14. Third-Party Services

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date, notify you through the App, and (for material changes affecting how we process health data) obtain your renewed consent where required by applicable law.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Officer Email: privacy@healthbeauty.app

Website: healthbeauty.app

Response Time: We aim to respond to all privacy inquiries within 30 days, or sooner as required by applicable law.

See also: Terms of Service

This Privacy Policy is provided in English. If there is a conflict between this English version and any translated version, the English version shall prevail to the extent permitted by applicable law.

Theme