Privacy Policy

Effective Date: Sept. 10, 2025

At Uara.ai, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our longevity coaching platform and services.

Information We Collect

Personal Information

Account Information: Name, email address, date of birth, and contact details
Profile Data: Health goals, lifestyle preferences, and demographic information
Payment Information: Billing details and subscription information (processed securely through Stripe)

Health and Fitness Data

Wearable Device Data: Heart rate variability (HRV), sleep patterns, activity levels, and recovery metrics from connected devices (WHOOP, Oura Ring, Apple Health, etc.)
Lab Results: Blood biomarkers, genetic test results, and other health assessments you choose to upload
Lifestyle Data: Nutrition logs, exercise routines, stress levels, and supplement intake

Usage Information

Platform Activity: Features used, time spent on platform, and interaction patterns
Technical Data: IP address, browser type, device information, and log files
Communications: Messages with our AI coach and support team

How We Use Your Information

We use your information to:

Provide Personalized Coaching: Generate AI-powered insights and recommendations based on your health data
Track Progress: Monitor your biological age, healthspan metrics, and wellness trends
Improve Our Services: Enhance our AI algorithms and platform functionality
Communicate: Send you updates, notifications, and educational content
Ensure Security: Protect against fraud and unauthorized access
Comply with Legal Obligations: Meet regulatory requirements and respond to legal requests

Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in these limited circumstances:

Service Providers

We work with trusted third-party service providers who help us operate our platform:

Cloud Infrastructure: Secure data storage and processing (Supabase, AWS)
Payment Processing: Stripe for subscription and billing management
Analytics: Anonymized usage analytics to improve our services
AI Services: OpenAI and other AI providers for generating personalized insights

Legal Requirements

We may disclose your information if required by law, court order, or to protect our legal rights and safety.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

Data Security

We implement industry-standard security measures to protect your information:

Encryption: All data is encrypted in transit and at rest
Access Controls: Strict authentication and authorization protocols
Regular Audits: Security assessments and vulnerability testing
Data Minimization: We collect only the information necessary to provide our services
Anonymization: Personal identifiers are removed from research and analytics data

Your Rights and Choices

You have the following rights regarding your personal information:

Access and Control

View Your Data: Access all personal information we have about you
Update Information: Modify your profile and preferences at any time
Download Data: Export your health data and insights in a portable format
Delete Account: Permanently remove your account and associated data

Privacy Controls

Data Sharing Preferences: Choose which types of data to share with our AI coach
Marketing Communications: Opt out of promotional emails and notifications
Cookie Settings: Manage tracking preferences through your browser

Geographic Rights

If you are located in the European Union, California, or other jurisdictions with specific privacy laws, you may have additional rights including:

Right to rectification and erasure
Right to data portability
Right to object to processing
Right to lodge complaints with supervisory authorities

Health Data Protections

Given the sensitive nature of health information, we provide additional protections:

HIPAA Compliance: We follow healthcare privacy standards where applicable
Consent-Based Sharing: Explicit consent required for sharing health data with third parties
Retention Limits: Health data is retained only as long as necessary for providing services
Research Anonymization: Any research use of health data is completely anonymized

Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

International Data Transfers

Your information may be processed and stored in countries other than your own. We ensure that international data transfers comply with applicable privacy laws and include appropriate safeguards.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the updated policy on our website
Sending you an email notification
Providing in-app notifications

Your continued use of our services after changes become effective constitutes acceptance of the revised policy.

Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: fed@uara.ai
Response Time: We will respond to privacy requests within 30 days

Compliance and Certifications

Uara.ai is committed to meeting the highest standards of data protection and privacy compliance. We regularly review our practices to ensure alignment with:

General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
Health Insurance Portability and Accountability Act (HIPAA)
SOC 2 Type II compliance standards

This Privacy Policy is designed to be transparent and comprehensive. We believe that understanding how your data is used is essential for making informed decisions about your health and privacy.