Privacy Policy

Effective 2026-04-20.

Promiae ("we", "us", or "Promiae") operates an adaptive health + habit application that helps users execute personalised health protocols. This policy describes what data we collect, why, and how we safeguard it.

1. Data we collect

• – Account data: name, email, password hash, timezone.
• – Health inputs you provide: weight, height, age, biological sex, body goals, meals, hydration, biomarker results (e.g. fasting glucose, LDL, ApoB), cycle events, voice journal entries, completed protocol actions.
• – Wearable + calendar data (optional, you opt in): sleep, HRV, resting heart rate, activity, workouts, and calendar events from Oura, Whoop, Apple Health, and Google Calendar — imported only after you connect the provider.
• – Usage data: basic app interactions (which screens you open, completions, chat messages to your coach) to improve the product and prevent abuse.

2. How we use it

• – Compute your personalised daily plan, macro targets, and adaptive nudges.
• – Generate coaching narratives and weekly reviews via a large language model provider (DeepSeek). No data is used to train third-party models.
• – Provide longitudinal trends (HRV chart, adherence streaks, week-over-week).
• – Notify you of protocol reminders and weekly reviews.

3. Sharing

We do not sell your data. We share the minimum necessary with our infrastructure providers (Hostinger — hosting; DeepSeek — AI inference on prompt payloads; wearable providers — only to read your data with your consent). We never share your identifiable health data with advertisers or data brokers.

4. Storage + security

Data is stored in PostgreSQL on encrypted volumes in the EU. OAuth access + refresh tokens are encrypted at rest using Laravel's AES-256-CBC application key. All traffic is served over TLS 1.2+.

5. Your controls

• – Disconnect any wearable or calendar at any time from the You → Integrations screen — this revokes our access and stops syncs immediately.
• – Delete account by emailing support@promiae.com. All personal data is purged within 7 days.
• – Export your data on request — we return it as JSON.

6. Children

Promiae is not intended for users under 16. We do not knowingly collect data from children.

7. Changes

We update this policy when our practices change. The "Effective" date above always reflects the most recent version.

8. Contact

Promiae — support@promiae.com