This Privacy Policy explains how Healthspan OS ("Service", "we", "us") collects, uses, stores, and protects your personal information. By using the Service you agree to the practices described here.
Section 01
What Data We Collect
Account & Profile Data
- Phone number — used to identify your account and deliver messages via iMessage
- First name — used to personalize responses
- Timezone and sleep/wake schedule — used to schedule reminders at appropriate times
- Health goals — used to tailor protocol guidance (e.g., skin health, longevity, cognition)
- Consent timestamp — the date and time you agreed to these Terms and this Privacy Policy
Health Protocol Data
- Supplement stack — names, doses, timing, and frequency of supplements you report taking
- Peptide protocols — peptide names, doses, injection schedules, reconstitution details, and cycle information
- Skincare routine — products, steps, and routine timing you report using
Compliance & Activity Logs
- Supplement compliance logs — timestamped records of doses taken or skipped
- Peptide injection logs — scheduled and actual injection times, injection sites, and any reported side effects
- Side effect reports — symptoms and severity as described in your messages
Biomarker Data
- Biomarker readings — values you manually enter (e.g., blood glucose, HRV) or synced via the Apple Health webhook integration
- Source metadata — whether data came from manual entry or Apple Health
Skin Assessment Data (if you use photo check-ins)
- Photo hashes — a cryptographic fingerprint of submitted images (not the image itself)
- AI-generated skin scores — seven-dimension assessments and overall scores
- Skin condition notes — AI analysis results tied to your account
Technical & Usage Data
- Webhook token — a per-user secret used to authenticate Apple Health data pushes (not a platform credential)
- Message timestamps — when commands are received and processed (not message content beyond what you send us)
Section 02
What Data We Do Not Collect
- We do not collect or store your iMessage message history beyond the content you directly send to the Service
- We do not collect payment information
- We do not collect location data
- We do not collect device identifiers beyond what is intrinsic to iMessage delivery
- We do not store uploaded photos — only photo hashes and AI-derived scores
Section 03
How We Use Your Data
| Purpose |
Data Used |
| Send reminders and responses via iMessage |
Phone number, supplement/peptide schedules |
| Generate compliance reports and streaks |
Compliance logs, injection logs |
| AI coaching and protocol guidance |
Goals, stack, biomarkers, compliance history |
| Safety checks (drug/supplement interactions) |
Supplement, peptide, and skincare names |
| Biomarker trend analysis |
Biomarker readings |
| Skin protocol tracking |
Photo hashes, AI scores |
| Leaderboard (opt-in only) |
Display name or "Anonymous", compliance score |
| Data export on request |
All of the above |
We do not use your data for advertising, marketing profiling, or sale to third parties.
Section 04
AI Processing (Anthropic Claude)
Some responses are generated by Claude, a large language model operated by Anthropic, PBC. When your message triggers an AI response, relevant context (your health goals, protocol details, recent compliance data) is sent to Anthropic's API.
- Anthropic's data handling is governed by their Privacy Policy and Usage Policy
- We use prompt caching, which means anonymized prompt fragments may be retained temporarily by Anthropic's infrastructure per their policies
- We do not send identifying information (phone number, full name) in AI prompts — only profile context required to answer your question
Section 05
Apple Health Integration Optional
If you configure the Apple Health webhook:
- Health data synced via webhook is stored in your biomarker log
- Your per-user webhook token (a 64-character hex secret) is the sole authentication credential for this channel
- You can regenerate this token at any time by contacting support; the old token is immediately invalidated
Section 06
Data Retention
| Data type |
Retention period |
| Active account data |
Retained while account is active |
| Soft-deleted account (within grace period) |
30 days after deletion request — full data, account restorable |
| After 30-day grace period |
Phone and name anonymized; compliance/biomarker history retained in anonymized form |
| Conversation session state |
Purged after 30 minutes of inactivity |
After anonymization, retained records contain no personally identifiable information and cannot be linked back to you.
Section 07
Data Sharing
We do not sell your data. We do not share your data with third parties except:
| Recipient |
What is shared |
Why |
| Anthropic (Claude API) |
Health context needed to answer your query |
AI response generation |
| Hosting infrastructure |
Encrypted data at rest |
Service operation |
We may disclose data if required by law, court order, or to protect the safety of users or the public.
Section 08
Data Security
- The database is stored locally on the server and is not publicly accessible
- All HTTP API traffic is encrypted in transit via TLS (terminated by a reverse proxy)
- iMessage communications are end-to-end encrypted by Apple
- Webhook tokens are 256-bit random secrets and are never logged in plaintext
- Access to the API requires a Bearer token
Despite these measures, no system is perfectly secure. We cannot guarantee absolute security of your data.
Section 09
Your Rights
Access
Reply "export" to receive a complete JSON download of all data we hold about you.
Deletion
Reply "stop" or "delete my account" to initiate soft deletion. Your account and PII will be anonymized after the 30-day grace period. During the grace period, reply "restore my account" to cancel.
Correction
Reply "adjust" or contact support to correct inaccurate profile data.
Portability
The "export" command delivers all your data in machine-readable JSON format at any time.
If you are in the European Economic Area, United Kingdom, or California, you may have additional rights under GDPR, UK GDPR, or the CCPA respectively. Contact us at
support@redefinehealth.io to exercise these rights.
Section 10
Children's Privacy
The Service is not directed to children under 18 years of age. We do not knowingly collect data from minors. If you believe a minor's data has been collected, contact us immediately.
Section 11
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via iMessage. Continued use of the Service after notification constitutes acceptance of the updated policy.
Section 12
Contact
Privacy questions, data requests, or concerns: