Privacy Policy

Last updated: June 30, 2025

We take your privacy seriously. This policy explains how we collect, use, and protect your personal and health information.

Important: AI Processing Notice

Your health data is processed using artificial intelligence (AI) services, including OpenAI's models, to generate personalized wellness insights. This processing is pseudonymized to protect your identity, but you should be aware that your data is sent to third-party AI providers for analysis.

Table of Contents

1. Information We Collect

Personal Information
  • Account Data: Email address, password, username
  • Profile Data: Name, date of birth, gender, height, nationality, ethnicity
  • Contact Information: Email address for communications
Health Information
  • Health Measurements: Blood pressure, heart rate, glucose levels, body composition, and other biomarkers you provide
  • Medical History: Family history, pre-existing conditions, current medications, supplements
  • Lifestyle Data: Sleep patterns, exercise habits, nutrition information, stress levels, mental wellness indicators
  • Uploaded Documents: Health reports, lab results, medical documents you choose to upload
  • Wellness Goals: Your health objectives and wellness focus areas
Technical Information
  • Usage Data: Pages visited, features used, time spent on platform
  • Device Information: Browser type, operating system, IP address
  • Cookies: Authentication tokens, session data, preferences

1.5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform. You can control cookie settings through your browser preferences and our cookie consent banner.

Essential Cookies (Always Active)

These cookies are necessary for the website to function properly and cannot be disabled:

  • Authentication Cookies: Keep you logged in and secure your session
  • CSRF Protection: Prevent cross-site request forgery attacks
  • Session Management: Maintain your preferences and settings during your visit
  • Security Cookies: Protect against fraud and ensure secure data transmission
Analytics Cookies (Optional)

These cookies help us understand how visitors use our website and improve our services:

  • Google Analytics: Track website usage, page views, and user behavior to improve our service
  • Performance Monitoring: Identify and fix technical issues
  • User Experience: Understand how users navigate our platform
Managing Your Cookie Preferences

You can manage your cookie preferences at any time:

  • Use our cookie consent banner to change your preferences
  • Clear your browser's cookie cache
  • Use browser settings to block specific types of cookies
  • Contact us at privacy@somahealth.life for assistance

2. How We Use Your Information

We process your personal data for the following purposes:

Service Provision
  • Account management and authentication
  • Health data analysis and tracking
  • Generating personalized wellness insights
  • Creating charts and visualizations
AI-Powered Analysis
  • Extracting biomarkers from uploaded documents
  • Generating wellness considerations
  • Providing personalized health recommendations
  • Matching measurements to health targets
Communication
  • Account notifications and updates
  • Health insights and recommendations
  • Technical support and customer service
  • Important service announcements
Legal Compliance
  • Meeting regulatory requirements
  • Protecting against fraud and abuse
  • Ensuring data security and integrity
  • Responding to legal requests

3. AI Processing & Third-Party Services

Important Disclosure

Your health data is processed using artificial intelligence services provided by third parties, including OpenAI. While we pseudonymize your data before sending it to AI services, you should understand that your health information is processed outside our direct control.

AI Services We Use
  • OpenAI GPT Models: For analyzing health documents, extracting biomarkers, and generating personalized wellness recommendations
  • Text Processing: To extract meaningful health data from uploaded documents
  • Pattern Recognition: To identify health trends and provide insights
Data Protection in AI Processing
  • We remove direct identifiers (name, email, address) before sending data to AI services
  • Only relevant health information is shared for analysis
  • AI providers are contractually bound to protect your data
  • We regularly audit AI processing for compliance and security
Your Control Over AI Processing

You can:

  • Opt out of AI-powered wellness recommendations (this will limit service functionality)
  • Request details about how your data is processed by AI services
  • Delete your data to stop future AI processing

4. Data Sharing & Disclosure

We do not sell your personal information. We may share your data in these limited circumstances:

  • AI Service Providers: Pseudonymized health data for analysis and recommendations
  • Technical Service Providers: Cloud hosting, data storage, and platform maintenance
  • Legal Requirements: When required by law, regulation, or legal process
  • Safety and Security: To protect against fraud, abuse, or security threats
  • Business Transfers: In case of merger, acquisition, or sale of assets (with notice)

All third parties are contractually bound to protect your data and use it only for specified purposes.

5. Your Rights Under GDPR

If you are in the European Union, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Correct any inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

Right to Restrict Processing

Limit how we process your personal data

Right to Data Portability

Receive your data in a machine-readable format

Right to Object

Object to processing based on legitimate interests

To exercise your rights: Contact us at privacy@soma.health. We will respond within 30 days.

6. Data Security

We implement comprehensive security measures to protect your data:

  • Encryption: All data is encrypted in transit and at rest
  • Access Controls: Strict authentication and authorization requirements
  • Regular Audits: Security assessments and penetration testing
  • Staff Training: All personnel trained on data protection practices
  • Incident Response: Procedures for detecting and responding to security breaches
  • Third-Party Security: All vendors undergo security assessments

Data Breach Notification: In case of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by GDPR.

7. Data Retention

We retain your data for the following periods:

  • Account Data: Until you delete your account, plus 30 days for processing
  • Health Data: For as long as you maintain an active account for continuity of care
  • AI Processing Logs: 90 days for quality assurance and debugging
  • Technical Logs: 12 months for security and system maintenance
  • Communication Records: 3 years for customer service purposes

You can request earlier deletion of your data by contacting us. Some data may be retained longer if required by law.

8. International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including:

  • United States: For AI processing services (OpenAI) and cloud hosting
  • Other Countries: As required for service provision and support

For transfers outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other appropriate safeguards as required by GDPR

9. Contact Information

Data Controller

Soma Wellness

Email: privacy@soma.health

Phone: +1 (555) 123-4567

Data Protection Officer

Email: dpo@soma.health

For all privacy-related questions and GDPR rights requests

Supervisory Authority: If you have concerns about our data handling that we cannot resolve, you have the right to lodge a complaint with your local data protection authority.

Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending you an email notification if the changes significantly affect your rights
  • Requesting your consent if required by applicable law
Back to Top