← Back to Health OS

Privacy Policy

Last updated: March 2026

Health OS handles sensitive personal health data. We are GDPR-compliant from day one and committed to full transparency about how your data is used.
Contents
  1. 1. Overview
  2. 2. Data we collect
  3. 3. How we use your data
  4. 4. AI processing (Anthropic Claude)
  5. 5. Data storage and security
  6. 6. Third-party integrations
  7. 7. Your rights (GDPR)
  8. 8. Data retention
  9. 9. Children's data
  10. 10. Changes to this policy
  11. 11. Contact

1. Overview

Health OS ("we", "our", or "us") is an AI-powered personal health intelligence platform. This Privacy Policy explains how we collect, use, store, and protect your personal and health data when you use our service. We are committed to GDPR compliance from day one. Your health data is sensitive — we treat it accordingly. If you have any questions, contact us at: contact@nutriconnect.app

2. Data we collect

2.1 Account data

When you create an account we collect: • Email address • Name • Time zone and location (country/city level for nutrition localisation) • Dietary preferences and food exclusions • Health goals

2.2 Wearable data (Garmin, Whoop)

Via OAuth 2.0, with your explicit authorisation, we fetch: • Heart rate variability (HRV) • Resting heart rate • Sleep stages and duration • Training load and Body Battery / Strain score • VO2max estimates • Daily step count Data is fetched daily at 5:30am. We store this data in your personal health log. You can revoke access at any time in your account settings or directly in the Garmin / Whoop app.

2.3 Nutrition data (Cronometer)

Via OAuth 2.0, with your explicit authorisation, we fetch: • Daily calorie totals • Macronutrient breakdown (protein, carbohydrate, fat, fibre) • Full micronutrient breakdown We do not store the underlying food diary entries — only the aggregated daily summary needed for agent recommendations.

2.4 Blood test data

You may upload blood test reports as PDF files. We process these as follows: • The PDF is uploaded to temporary storage (AWS S3) • Claude AI (Anthropic) extracts biomarker values using vision processing • You review and confirm or correct the extracted values • The original PDF is deleted from S3 immediately after you confirm extraction • Extracted biomarker values and calculated indices are stored in your health record We never permanently store your blood test PDFs.

2.5 Menstrual cycle and BBT data

You provide: • Period start dates and cycle length • Daily basal body temperature (BBT) — entered via Telegram prompt each morning This data is stored in your health record and used by the Cycle + BBT agent to personalise your daily plan.

2.6 Gmail data

If you connect Gmail, we request read-only, restricted access to detect travel plans. Specifically: • Scope: read-only access to email headers and body for flight and hotel confirmation detection • Purpose: to auto-detect upcoming travel for timezone and nutrition localisation • What we store: detected trip details (destination, dates, timezone) after your confirmation • What we do NOT store: full email content, email body text, sender data, or any non-travel emails Gmail access is scanned daily. You can disconnect Gmail at any time in settings. We will immediately delete all derived travel data on request.

2.7 Location data

We request GPS location from your device at specific moments only (e.g. when you open the app to update nutrition localisation). We do NOT continuously track your location, store precise GPS coordinates, or share location data with third parties. We store only a city or region-level label derived from your location.

2.8 Voice messages

You may send voice messages to the Telegram bot at any time. These are processed as follows: • Audio is sent to OpenAI's Whisper API for transcription • The transcript is stored and analysed by the mental health agent • The original audio file is deleted within 24 hours of receipt We never store your voice audio permanently.

2.9 Telegram interaction data

When you interact with the Health OS Telegram bot, we store: • Messages you send (text and transcribed voice) • Responses and briefings delivered to you • Interactive responses (check-ins, slider values, RPE ratings) This data forms your daily log and is used to personalise future recommendations.

2.10 Mood and subjective data

Via the evening sync, you provide: • Mood, energy, and stress ratings (1–10 sliders) • Training completion and RPE (rate of perceived exertion) • Supplement adherence • Optional free-text or voice notes This data is stored and used to build your longitudinal health model.

3. How we use your data

We use your data exclusively to provide the Health OS service. Specifically: • Generating your morning briefing and evening sync via Telegram • Producing personalised nutrition, training, sleep, and supplement recommendations • Calculating and tracking biomarker indices from your blood test results • Detecting patterns in your health data (Behavioural Intelligence Engine) • Generating your weekly longevity research brief • Producing your biweekly progress report • Personalising recommendations based on your longitudinal health history We do NOT: • Sell your data to any third party • Use your data for advertising • Share your data with health insurers, employers, or government bodies • Use your data to train AI models (see Section 6 on Anthropic)

4. AI processing (Anthropic Claude)

Health OS uses Claude (by Anthropic) as its AI reasoning engine. When we process your data through Claude: • Your data is sent to Anthropic's API under a standard enterprise API agreement • Under Anthropic's standard API terms, your data is NOT used to train their models • Data sent to the API is processed ephemerally for the purpose of generating your recommendations • We do not store Anthropic API responses beyond what is needed to deliver your briefing For the longevity research agent, we use Claude's web search capability to retrieve current research. Search queries are context-derived and do not contain personally identifiable information.

5. Data storage and security

All data is stored in a PostgreSQL database hosted on Railway or Render (EU region by preference). Security measures: • Encryption at rest: AES-256 • Encryption in transit: TLS 1.3 • Access controls: role-based, least-privilege • Blood test PDFs: deleted from S3 immediately after extraction • Voice audio: deleted within 24 hours • No third-party analytics SDKs embedded in the mobile app File storage (AWS S3) is used temporarily for blood test PDF upload only. PDFs are stored with server-side encryption and deleted upon your confirmation of extracted values.

6. Third-party integrations

Integration summary

| Integration | Data accessed | Auth | Stored | |---|---|---|---| | Garmin Connect | HRV, sleep, training load | OAuth 2.0 | Aggregated daily summary | | Whoop | Recovery, HRV, sleep | OAuth 2.0 | Aggregated daily summary | | Cronometer | Calories, macros, micros | OAuth 2.0 | Daily summary only | | Gmail | Flight/hotel confirmations | Google OAuth (read-only) | Confirmed trip details only | | Telegram | Messages, voice | Bot token | Transcripts + responses | | OpenAI Whisper | Voice audio | API key | Transcript only (audio deleted <24h) | | Anthropic Claude | Health context | API key | Not stored by Anthropic | | AWS S3 | Blood test PDFs | IAM credentials | Deleted post-extraction | | DALL-E 3 / Stable Diffusion | Meal descriptions | API key | Generated images only |

7. Your rights (GDPR)

You have the following rights regarding your personal data: • Right of access: Request a complete export of all your data at any time (JSON format available in-app) • Right to rectification: Correct any inaccurate data, including extracted biomarker values • Right to erasure: Delete your account and all associated data at any time • Right to restriction: Restrict processing while you contest accuracy or object to processing • Right to data portability: Receive your data in a structured, machine-readable format • Right to object: Object to processing based on legitimate interests • Right to withdraw consent: Withdraw any consent (e.g. Gmail access, GPS) at any time without affecting prior processing To exercise any of these rights, contact us at contact@nutriconnect.app. We will respond within 30 days.

8. Data retention

We retain your data for as long as your account is active. Specific retention rules: • Blood test PDFs: deleted immediately after you confirm extracted values • Voice audio: deleted within 24 hours of receipt • Daily logs and health data: retained for the duration of your account • Pattern library and longitudinal trends: retained to improve recommendation quality over time • Briefing history: retained to enable biweekly progress tracking and research brief topic continuity On account deletion, all personal data is permanently deleted within 30 days, except where retention is required by law.

9. Children's data

Health OS is not intended for users under the age of 18. We do not knowingly collect data from children. If you believe a minor has created an account, contact us at contact@nutriconnect.app and we will delete the account immediately.

10. Changes to this policy

We will notify you of material changes to this Privacy Policy via Telegram message and email at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

11. Contact

For privacy questions, data requests, or complaints: Email: contact@nutriconnect.app If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority (e.g. ICO in the UK, CNIL in France, BfDI in Germany).
HealthOS · Privacy Policy · March 2026← Back to home