Privacy Policy

2. Information We Collect

2.1 Contact and Account Information

• • Name, email, phone number (if provided)
• • Date of birth, demographic info
• • Profile settings and subscription status
• • Billing info (through Apple in-app purchase)

2.2 Health and Medical Information

Self-Reported Data:

• • Symptoms, conditions, health experiences
• • Medications and reminders
• • Medical/family history
• • Health goals, mood, sleep, diet, exercise

Connected Health Data:

• • Apple Health data (with permission)
• • Wearable device data
• • Clinical records and lab results (uploaded)
• • Biometrics (heart rate, BP, etc.)

2.3 AI Interaction Data

• • Chat messages with AI companion
• • Voice recordings (kept up to 30 days)
• • Generated PDF reports
• • AI interaction patterns

2.4 Location (Coarse)

• • City or region (not GPS)
• • Used for pollen/weather alerts

2.5 Uploaded Content for AI Processing

• • Documents (medical records, lab reports, prescriptions)
• • Images (photos of medications, skin conditions, etc.)
• • Video content related to health conditions
• • All uploaded content is processed off-device by our AI subprocessors
• • Content may be linked to your user account to deliver personalized features. When technically feasible, we de-identify data before AI processing by removing direct personal identifiers.

2.6 Technical & Usage Data

• • Device identifiers, OS
• • App usage patterns (for app functionality)
• • Analytics data (aggregated and de-identified)
• • Push notification tokens
• • Error logs (no PII)

2.7 How We Collect Information

We collect information in the following ways:

• • Account creation: When you sign up, we collect your name, email, and profile information
• • Apple Health integration: When you grant permission, we read health data from Apple Health
• • Manual entry: When you log symptoms, medications, mood, or other health data in the app
• • Document uploads: When you upload medical records, lab reports, prescriptions, images, or videos
• • AI interactions: When you use AI chat or voice features, we collect your messages and responses
• • Automatic collection: We automatically collect device information, usage patterns, and technical data when you use the app
• • Third-party sources: We may receive data from connected wearable devices you authorize

2.8 How We Obtain Your Consent

Before we collect, process, or transmit your health data, we obtain your explicit consent:

• • Initial Consent: When you first use the app, we present a clear consent screen explaining what data will be collected, how it will be used, and that it will be transmitted to our servers for AI processing.
• • Opt-In Required: You must provide explicit consent (opt-in) before any health data is uploaded to our servers. We do not collect health data without your affirmative action.
• • Granular Permissions: For specific data types (e.g., Apple Health categories, location), you control which permissions to grant through iOS system prompts and app settings.
• • Right to Decline: You may decline consent. However, because CONY is fundamentally an AI-powered app, declining consent means you cannot use the app's core features.
• • Ongoing Control: You may modify or revoke your consent at any time through the app's Privacy Settings (see Section 7).

3. How We Use Your Information

Summary of Data Uses

We use your collected data for the following purposes:

1. Core app functionality — Health tracking, reminders, data organization, personalized features
2. AI-powered insights — Generating health summaries, answering questions, analyzing documents and images
3. Personalization — Tailoring recommendations, alerts, and content to your health profile
4. Account services — Managing your subscription, authentication, and preferences
5. Customer support — Responding to your questions and resolving issues
6. Security and safety — Preventing fraud, enforcing terms, protecting users
7. Service improvement — Analyzing aggregated usage patterns to improve app performance
8. Legal compliance — Meeting regulatory requirements when legally obligated

We do NOT use your data for advertising, marketing to third parties, or selling to any party.

3.1 Core Service Delivery

• • Health tracking, reminders, data organization
• • AI companion personalization
• • Health insights and PDF reports
• • Medication/symptom/location alerts

3.2 AI Processing and Subprocessors

We use third-party AI service providers to power our intelligent health features. All AI processing occurs off-device on secure servers operated by our subprocessors:

• • OpenAI: Powers conversational AI, health insights, and document analysis
• • Google Gemini: Provides advanced multimodal AI capabilities for image and video analysis
• • Data Protection: When technically feasible, we de-identify data before AI processing by removing direct personal identifiers. Health data may be linked to your account within our secure systems to provide personalized features.
• • Business Associate Agreements (BAAs): We maintain a BAA with OpenAI. Other subprocessors are bound by data processing agreements with security and confidentiality obligations at least as protective as this policy.
• • No Training on Your Data: Your personal health data is NOT used to train AI models without your explicit opt-in consent
• • Data Not Sold: We do not sell, rent, or trade your data to any third parties, including our AI providers

3.3 Service Improvement and Analytics

We collect and analyze usage data solely for app functionality and analytics purposes:

• • App Functionality: Understanding feature usage to improve performance and user experience
• • Analytics: Aggregated, de-identified usage patterns to guide product development
• • Feature development and bug fixes
• • Analytics via privacy-focused providers (PostHog)
• • No data used for advertising or marketing to third parties

3.4 Communication & Support

• • Notifications, updates, billing
• • Customer support
• • Security and safety notices

4. AI Data Processing Disclosure

This section provides comprehensive information about how we use artificial intelligence to process your data, as required by Apple App Store guidelines.

4.1 What Data AI Processes

When you use AI-powered features, the following data may be processed by our AI subprocessors:

User Inputs:

• • Messages and text you submit to the AI chat (Cony)
• • Voice recordings you choose to submit (retained up to 30 days)
• • Questions and prompts you ask

Uploaded Content:

• • Medical documents (lab reports, prescriptions, clinical records)
• • Images (photos of medications, skin conditions, medical documents)
• • Video content related to health conditions

Health Information:

• • Health records you upload or enter manually
• • Data from Apple Health (if you grant permission)
• • Data from connected wearables and devices (if you authorize)
• • Symptoms, conditions, medications, and other health information you provide

4.2 How AI Processing Works

Off-Device Processing:

All AI analysis occurs on secure cloud servers operated by our subprocessors—NOT on your device. When you use AI features:

1. Your data is encrypted and transmitted to our servers
2. Our servers send relevant data to AI subprocessors (OpenAI or Google Gemini)
3. AI subprocessors analyze the data and return insights
4. Results are displayed to you in the app

Data Handling:

• • When technically feasible, we de-identify data before AI processing by removing direct personal identifiers
• • Health data may be linked to your account in our secure database to provide personalized insights
• • AI subprocessors are contractually prohibited from using your data to train their models

4.3 AI Service Providers (Subprocessors)

We use the following AI service providers:

4.4 Your AI Data Choices and Controls

Before Using the App:

• • We present a clear consent screen explaining that CONY is an AI-powered app and how your data will be processed
• • You must explicitly opt-in before any data is sent to AI subprocessors
• • You may decline consent, but this means you cannot use the app as it is fundamentally AI-powered

While Using the App:

• • Control What You Share: You choose what information to input, upload, or connect (e.g., Apple Health data)
• • Revoke Third-Party Access: You can disconnect Apple Health or location services at any time via iOS Settings
• • Request Specific Deletions: You can request deletion of specific data (AI conversations, uploaded documents) by contacting us

To Fully Revoke AI Consent:

• • Because CONY is an AI-powered app, fully revoking AI consent requires deleting your account
• • Go to Health Profile → Settings → Account Management → Delete Account
• • This permanently deletes all your data from our systems and our AI subprocessors
• • See Section 7.3 for complete details

4.5 AI Data Retention

• • AI Conversations: Stored for up to 2 years, deletable anytime via app settings
• • Voice Recordings: Retained for up to 30 days, then automatically deleted
• • Uploaded Documents: Retained for account life, deletable anytime
• • AI-Generated Insights: Retained for account life, deleted with account

4.6 AI Limitations and Disclaimers

5. Information Sharing and Disclosure

5.1 Our Commitments

• • No Selling: We do not sell, rent, or trade your health information to anyone
• • No Advertising: Your data is not used for targeted advertising or shared with advertisers
• • No Training: Your personal health data is not used to train AI models without explicit opt-in consent

5.2 Service Providers and Subprocessors

We share data with the following vetted service providers. Each provider is contractually required to protect your data with the same or greater protections as described in this Privacy Policy.

AI Processing:

• • OpenAI: AI-powered conversational assistant and health insights (operates under Business Associate Agreement)
• • Google Gemini: Advanced multimodal AI for image and video analysis (operates under data processing agreement with equivalent protections)

Infrastructure & Storage:

• • Google Firebase: Authentication, database, and cloud storage (operates under data processing agreement)

Analytics & Monitoring:

• • PostHog: Privacy-focused analytics, de-identified usage data only (operates under data processing agreement)
• • Sentry: Error logging and crash reporting to improve app stability (operates under data processing agreement)

Subscription Management:

• • Superwall: Paywall and subscription management (operates under data processing agreement)

Data Minimization: Providers only receive the minimum data necessary for their specific service function. We do not share more data than required.

5.3 Third-Party Data Protection Guarantee

We confirm that any third party with whom we share user data will provide the same or equal protection of user data as stated in this Privacy Policy.

To ensure this protection:

• • We enter into Business Associate Agreements (BAAs) or equivalent data processing agreements with all service providers
• • We review each provider's security standards and practices before sharing any user data
• • Providers are contractually prohibited from using your data for their own purposes (including AI model training)
• • Providers must delete your data upon our request
• • We regularly audit provider compliance with our data protection requirements

If a provider cannot meet our data protection standards, we will not share your data with them.

5.4 Caregivers & Dependents

• • Users must be 16+ years of age
• • Caregivers may manage dependent accounts with proper consent
• • All caregiver access is logged and auditable
• • Data remains separated by account

5.5 Legal Disclosures

• • We may disclose information only when required by law
• • Court orders, subpoenas, or legal process
• • To protect rights, property, or safety of our users or others

6. Data Security and Protection

Technical Safeguards

• • End-to-end encryption (TLS 1.3), AES-256 at rest
• • MFA for admin access, regular audits
• • SOC 2 Type II cloud providers

Administrative Safeguards

• • Employee privacy training
• • Role-based access controls
• • Background checks
• • Incident response procedures

Physical Safeguards

• • Secure data centers with restricted access
• • Environmental controls and monitoring
• • Secure hardware destruction

Breach Response

• • Immediate investigation and containment
• • User notification within 72 hours (if required)

7. Your Privacy Rights and Controls

You have the following rights regarding your personal data:

• • Access: View all data we have collected about you
• • Download: Export your health data in a portable format
• • Correct: Update or correct inaccurate information
• • Delete: Request deletion of specific data or your entire account
• • Restrict: Limit how we process certain data types
• • Withdraw Consent: Revoke consent for specific processing activities

7.1 How to Exercise Your Rights

In-App Controls:

• • Privacy Settings: Health Profile → Settings → Privacy Settings
• • Data Export: Health Profile → Settings → Export My Data
• • Manage Permissions: Health Profile → Settings → Data Permissions

Contact Us:

• • Email: danielhcarranza@enduranthealthspan.com
• • Response Time: Within 30 days of receiving your request

7.2 Revoke Consent and Delete Your Data

Revoke Third-Party Data Access (Without Deleting Account):

You can revoke access to data sources connected to the app without deleting your account:

• • Revoke Apple Health Access: Go to iOS Settings → Privacy & Security → Health → CONY and disable specific health categories or all access.
• • Revoke Location Access: Go to iOS Settings → Privacy & Security → Location Services → CONY and change to "Never."

Delete Specific Data (Without Deleting Account):

You can request deletion of specific data while keeping your account:

• • AI Conversation History: Contact us to delete past AI conversations
• • Uploaded Documents: Request deletion of specific uploaded files
• • Health Records: Request deletion of specific health data entries

To request specific data deletion, email danielhcarranza@enduranthealthspan.com.

7.3 Fully Revoke Consent and Delete All Data

To fully revoke consent for AI data processing and delete all your data:

What happens when you delete your account:

• • All personal data is permanently deleted within 30 days
• • All AI conversation history is deleted
• • All uploaded documents and health records are deleted
• • All data held by our AI subprocessors is deleted
• • Backup copies are purged within 90 days
• • De-identified, aggregated data that cannot identify you may be retained

7.4 California Privacy Rights (CCPA/CPRA)

California residents have additional rights:

• • Right to know what personal information is collected
• • Right to delete personal information
• • Right to correct inaccurate personal information
• • Right to limit use and disclosure of sensitive personal information
• • Right to opt-out of sale/sharing (we do not sell your data)
• • Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at danielhcarranza@enduranthealthspan.com or use the in-app privacy controls.

8. Data Retention and Deletion

Retention Periods:

• • Health Data: account life + 7 years
• • AI Conversations: 2 years (deletable anytime)
• • Account Info: account life + 3 years
• • Technical Data: 2 years
• • Voice: up to 30 days
• • Backups: up to 90 days
• • De-identified data may be kept indefinitely

How to Delete Your Data

• • In-app deletion: Go to Health Profile → Settings → Account Management → Delete Account to permanently delete your account and all associated data
• • Email request: Contact danielhcarranza@enduranthealthspan.com to request data deletion
• • Processing time: Deletion requests are processed within 30 days unless legal or security obligations require longer retention
• • What remains: After account deletion, de-identified and aggregated data that cannot identify you may be retained. Backup copies are purged within 90 days.

9. Third-Party Integrations

• • Apple Health & Wearables: You control categories, can revoke anytime.
• • Healthcare Providers (Future): Will require consent, BAAs, and additional safeguards.

10. International Data Transfers

Data stored/processed in the U.S. If accessed abroad, your data is transferred to the U.S.

11. Children's Privacy

16+ years of age. Caregivers may create managed accounts.

12. HIPAA Protections

We implement HIPAA-level protections for all health data:

• • Business Associate Agreements (BAAs): We maintain a BAA with OpenAI. Other service providers (Google Gemini, Firebase, PostHog, Sentry, Superwall) operate under data processing agreements with security and confidentiality obligations at least as protective as this policy.
• • Data Minimization: Providers only receive data necessary for their specific function
• • Permitted Uses: Health information used only for:
  • • Core app functionality (tracking, reminders, organization)
  • • AI insights and analysis
  • • Service improvement (aggregated analytics only)
  • • Legal compliance when required
• • Health Data Linkage: Health data collected is linked to your user account for personalized features
• • Off-Device AI Processing: All AI analysis occurs on secure servers
• • No Selling or Marketing: Health data is never sold or used for advertising purposes

13. Cookies and Tracking

• • Essential: Functionality and security.
• • Analytics: De-identified via PostHog.
• • Functional: Preferences and settings.
• • No Ads: No targeted ads, IDFA disabled, no cross-app tracking.

14. Policy Updates

• • Updates reflect service/legal changes.
• • 30-day notice for material changes.
• • May require explicit consent for major changes.

15. Contact Information

16. App Store Privacy Disclosures

In compliance with Apple App Store Guidelines (5.1.1 and 5.1.2), we provide the following disclosures about data collection, usage, and user consent.

16.1 Data Types Collected

Health & Fitness Data (Linked to Identity):

• • Symptoms, conditions, medications, medical history
• • Vitals and biometrics (heart rate, blood pressure, etc.)
• • Apple Health data (with your permission)
• • Lab results and clinical records you upload

Uploaded Content (Processed by AI):

• • Medical documents (lab reports, prescriptions, records)
• • Images (medications, skin conditions, medical documents)
• • Video content related to health conditions

Usage Data:

• • App interaction data for functionality and analytics
• • Device information and technical data
• • Error logs (no personally identifiable information)

For complete details, see Section 2 (Information We Collect).

16.2 How Data is Collected

• • Direct Input: Information you enter or upload in the app
• • Integrations: Data from Apple Health and wearables (with your permission)
• • Automatic: Device and usage information collected when you use the app

Consent: We obtain your explicit consent before collecting health data. See Section 2.8 (How We Obtain Your Consent).

16.3 Data Usage Purposes

• • App Functionality: Health tracking, AI insights, reminders, personalized recommendations
• • Analytics: Aggregated, de-identified data to improve the app
• • NOT for Advertising: Your data is never used for advertising or marketing

For complete details, see Section 3 (How We Use Your Information).

16.4 AI Processing and Server Upload Disclosure

For complete details, see Section 4 (AI Data Processing Disclosure).

16.5 Third-Party Data Protection

All third parties with whom we share data are contractually required to provide the same or equal protection of your data as stated in this Privacy Policy.

For complete details, see Section 5.3 (Third-Party Data Protection Guarantee).

16.6 Data Retention and Deletion

• • Retention Periods: Vary by data type (see Section 8)
• • User Control: You can delete specific data or your entire account at any time
• • How to Delete: In-app settings or email request (see Section 7.3)

16.7 Consent Revocation

You can revoke consent for data processing at any time:

• • Revoke third-party access: Disconnect Apple Health or location services via iOS Settings (without deleting account)
• • Delete specific data: Request deletion of AI conversations or uploaded documents (without deleting account)
• • Fully revoke AI consent: Delete your account via Health Profile → Settings → Account Management → Delete Account

For complete details, see Section 7.2 and 7.3.

17. Effective Date & Jurisdiction

Effective August 20, 2025. Governed by Maryland law and applicable federal laws.