Embyr Privacy Policy

Effective Date: [To be set at publication] Last Updated: April 3, 2026

Embyr (“Embyr,” “we,” “us,” or “our”) provides a personalized health and fitness coaching application for iOS (the “App”). This Privacy Policy describes how we collect, use, share, and protect your personal information when you use the App and our related services (collectively, the “Service”).

This policy applies to all users of the Service, including users in the European Economic Area (“EEA”), United Kingdom (“UK”), California, and all other jurisdictions.

Please read this Privacy Policy carefully before using the Service. By creating an account, you acknowledge that you have read and understood this policy. If you do not agree with our practices, do not use the Service.

Information We Collect
How We Use Your Information
How We Share Your Information
Data from Connected Fitness Platforms
Apple HealthKit
Artificial Intelligence and Automated Processing
Data Retention
Data Security
Your Rights and Choices
Additional Disclosures for California Residents (CCPA/CPRA)
Additional Disclosures for EEA and UK Residents (GDPR)
Children’s Privacy
Changes to This Privacy Policy
Contact Us

1. Information We Collect

We collect information in the following categories. We only collect information that is necessary to provide the Service.

1.1 Account and Profile Information

When you create an account, we collect:

Data Field	Purpose
Email address	Account identification, communication
Name	Personalization, coaching display
Date of birth	Age-based physiological modeling (e.g., heart rate zone estimation, recovery thresholds)
Biological sex	Physiological modeling (e.g., TRIMP weighting, metabolic rate estimation). You may select “Undisclosed,” which triggers a neutral midpoint model.
Height and weight	Fueling and training load calculations
Profile photo	Optional, for your account display only
Timezone	Scheduling coaching notifications at appropriate local times
Unit preference	Displaying distances and measurements in imperial or metric
Coaching tone preference	Adjusting the voice and style of coaching messages (supportive, direct, or minimal)

1.2 Health and Fitness Data

With your explicit permission, we access health and fitness data from the following sources. Each source requires a separate authorization, and you control which sources to connect.

From Apple HealthKit (with your permission):

Workout data: type, duration, distance, elevation gain
Heart rate: average, maximum, resting heart rate
Heart rate variability (HRV RMSSD)
Active energy burned
Cadence and power metrics (when available from your devices)

We access HealthKit data in read-only mode. We do not write data to HealthKit. See Section 5 for additional HealthKit-specific disclosures.

From Strava (with your OAuth authorization):

Activities: sport type, distance, duration, pace, heart rate, power, elevation gain, GPS routes
Activity metadata and deep-link URLs

From WHOOP (with your OAuth authorization):

Recovery scores
Sleep data: duration, efficiency, sleep debt
Heart rate variability (HRV) and resting heart rate
Workout strain scores

From Oura (with your OAuth authorization):

Daily readiness scores
Sleep metrics (duration, stages, efficiency)
Heart rate variability (HRV)

From Garmin (with your OAuth authorization):

Multi-sport workout data

1.3 Meal and Nutrition Data

When you use the meal capture feature:

Meal photos you take within the App. Photos are stored securely on our servers with access-controlled URLs. EXIF metadata (including location data) is stripped from photos before storage.
AI-estimated nutrition data derived from your photos: estimated protein, carbohydrates, fat, portion size, and meal type.
Your corrections to AI estimates, which help improve the accuracy of future suggestions for you.
Barcode scan queries sent to USDA and Open Food Facts databases for nutrition lookup.

1.4 Life Context and Calendar Data

Life constraints you provide: category (social dining, work, travel, family), label, frequency, and impact tags (e.g., “limits morning training,” “reduces sleep”). These are provided during onboarding or through settings.
Google Calendar data (with your OAuth authorization and your selection of specific calendars): event titles and times from calendars you choose to share. This data is used to detect scheduling conflicts that may affect your training. Calendar events detected as potential life constraints require your confirmation before being used.

1.5 Training Goals

Goal type (marathon, half-marathon, 10K, cycling goals)
Target date and performance targets
Current training phase

1.6 Subscription Information

Subscription status (trialing, active, canceled, expired)
Plan type (annual or monthly)
Trial and billing period dates
Apple original transaction ID and product ID (received from Apple’s StoreKit)

We do not collect or store your payment method, credit card number, or billing address. All payment processing is handled by Apple through the App Store. See Apple’s privacy policy at https://www.apple.com/legal/privacy/ for details on how Apple handles payment data.

1.7 Device and Technical Information

App version and build number
Device model and iOS version
APNs device token and device name (for push notification delivery)
Coarse IP address (used only for timezone detection during initial setup; not stored in our application database. IP addresses may appear in short-lived infrastructure access logs maintained by our hosting providers for security and abuse prevention purposes.)
Crash and error telemetry

1.8 Usage Analytics

We collect in-app analytics events to improve the Service and coaching quality. These events include:

Event name (e.g., “onboarding_completed,” “workout_synced”) and timestamp
App version and platform identifier
Session ID (a random identifier for grouping events within a single app session; not linked to your identity across sessions)
Data stage (a measure of how established your coaching profile is)
Day number since signup

Analytics events are batched on your device and sent to our servers periodically. If you are offline, events are stored locally on your device (up to 1,000 events) and sent when connectivity is restored.

We do not use analytics events for advertising, profiling, or sale to third parties. Analytics data is used solely to improve the reliability and quality of the coaching Service.

2. How We Use Your Information

We use the information we collect for the following purposes:

Purpose	Data Used
Provide personalized coaching	Health/fitness data, goals, life constraints, recovery signals, meal data
Generate training plans	Workout history, goal details, athlete profile, constraint data
Deliver fueling guidance	Meal captures, workout data, training phase, recovery state
Assess recovery readiness	Sleep data, HRV, resting heart rate, recovery scores from connected platforms
Adapt training recommendations	All coaching-relevant data combined with heuristic analysis
Send coaching notifications	Device token, timezone, coaching state, scheduled session data
Process meal photos	Meal photos (sent to AI processor for analysis without user identifiers)
Generate coaching narratives	Contextual coaching data (sent to AI processor without direct identifiers)
Detect scheduling conflicts	Calendar event titles/times, life constraints
Manage your subscription	Subscription status, Apple transaction data
Improve service quality	Aggregated and de-identified usage analytics
Communicate with you	Email address (service-related communications only)
Comply with legal obligations	Account data as required by applicable law

We do not use your data for:

Advertising or ad targeting
Sale to data brokers or third parties
Building user profiles for purposes unrelated to coaching
Training machine learning models on your fitness platform data (see Section 4 for platform-specific restrictions)

We do not sell your personal information. We do not share your personal information for advertising purposes. We share your information only in the following limited circumstances:

3.1 AI Processing Providers

We use third-party AI services to power specific features of the App:

Provider	Purpose	What Is Sent	What Is NOT Sent
Google Gemini	Meal photo analysis (estimating nutrition from food photos)	The photo image only	No user ID, name, email, or account information
Anthropic Claude	Coaching narrative generation (composing personalized coaching messages)	Contextual coaching data (training state, recovery state, goals)	No direct identifiers (name, email, user ID)
USDA FoodData Central	Nutrition database lookup for barcode scans	Search query text or barcode number	No user information
Open Food Facts	Nutrition database lookup for barcode scans	Search query text or barcode number	No user information

For AI processing, we apply data minimization: we send only the minimum data required for the specific task. We do not send your name, email, user ID, or other direct identifiers to AI providers alongside your health or meal data.

3.2 Infrastructure and Service Providers

We use the following infrastructure providers to operate the Service:

Cloud hosting provider for application servers and database (PostgreSQL)
Object storage provider for meal photo storage (access-controlled, not publicly accessible)
Apple Push Notification service (APNs) for delivering push notifications to your device
Redis for task queue management (transient processing data only)

These providers process data on our behalf under data processing agreements and are prohibited from using your data for their own purposes.

3.3 Connected Fitness Platforms

When you connect a fitness platform (Strava, WHOOP, Oura, Garmin, or Apple HealthKit), data flows from that platform to Embyr per your authorization. We do not send your Embyr account data, coaching outputs, or meal data back to these platforms. Each platform connection is independent, and data from one platform is not shared with another platform.

3.4 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to protect the rights, safety, or property of Embyr, our users, or the public.

3.5 Business Transfers

If Embyr is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice in the App before your information is subject to a different privacy policy.

4. Data from Connected Fitness Platforms

Each fitness platform integration is governed by that platform’s API terms and developer agreement, in addition to this Privacy Policy. This section describes how we handle data from each platform.

4.1 Strava

What we access: Activities, workout metrics, and GPS route data for your authenticated account via the Strava API (OAuth scope: activity:read_all).
How we use it: To display your workout data within Embyr, compute heuristic training load analysis (e.g., TRIMP, HR zone distribution), and inform coaching recommendations for you.
Who sees it: Only you. Your Strava data is displayed only to your authenticated account. We do not display your Strava data to other users.
AI/ML restriction: We do not use Strava data to train machine learning or artificial intelligence models. Our coaching analysis uses science-backed heuristic algorithms (Banister impulse-response model, Foster session-RPE), not machine learning.
Caching: Strava activity data is cached for a maximum of 7 days per the Strava API Agreement. Raw payloads are refreshed on sync.
Linking: Where applicable, Strava-sourced activities in Embyr link back to the original activity on Strava.
Athlete privacy: We respect your Strava privacy settings. If your Strava privacy zones or activity visibility settings restrict data, we do not receive or display restricted data.
Disconnection: When you disconnect Strava in Embyr Settings, we immediately revoke and delete your Strava OAuth tokens. Cached Strava raw data is deleted within 24 hours. Coaching outputs that were derived from previously synced Strava data may persist as part of your coaching history, but no new Strava data is accessed.
Deletion on request: If you request deletion of your Strava data separately from full account deletion, we will delete cached raw data within 48 hours.

Embyr’s use of the Strava API is subject to the Strava API Agreement. Strava is a registered trademark of Strava, Inc.

4.2 WHOOP

What we access: Recovery scores, sleep data (duration, efficiency, sleep debt), HRV, resting heart rate, and workout strain scores via the WHOOP API.
How we use it: To assess your daily recovery state and inform training adaptation and fueling recommendations.
Data security: WHOOP data is encrypted in transit using TLS 1.2 or higher and encrypted at rest. OAuth tokens are encrypted using Fernet symmetric encryption before storage.
No sharing: We do not share your WHOOP data with third parties beyond the AI processing providers described in Section 3.1, and only to the extent WHOOP-sourced metrics are part of contextual coaching data sent without direct identifiers.
Disconnection: When you disconnect WHOOP, OAuth tokens are immediately revoked and deleted. Cached WHOOP data is deleted within 24 hours.

WHOOP is a registered trademark of WHOOP, Inc.

4.3 Oura

What we access: Daily readiness scores, sleep metrics, and HRV via the Oura API.
How we use it: To assess your recovery state and sleep quality as inputs to coaching recommendations.
Cache limit: Per the Oura API terms, cached Oura data is retained for a maximum of 60 days and is then deleted.
No sale: We do not sell Oura data under any circumstances, including with user consent.
Disconnection: When you disconnect Oura, OAuth tokens are immediately revoked and deleted. Cached Oura data is deleted within 24 hours.

Oura is a registered trademark of Oura Health Oy.

4.4 Garmin

What we access: Multi-sport workout data via the Garmin Health API.
How we use it: To supplement your workout history and training load analysis.
Retention: Garmin workout data is retained for a maximum of 7 days per the Garmin Health API terms.
Disconnection: When you disconnect Garmin, OAuth tokens are immediately revoked and deleted. Cached Garmin data is deleted within 24 hours.

Garmin is a registered trademark of Garmin Ltd.

4.5 Google Calendar

What we access: Event titles and times from calendars you specifically select. You choose which of your calendars to share; we do not access calendars you have not selected.
How we use it: To detect potential scheduling conflicts (e.g., a late dinner that may affect sleep) and suggest life constraint placements. Calendar-detected events require your confirmation before they influence coaching.
What we do not access: Event descriptions, attendees, locations, or attachments. We access only event titles and times.
Disconnection: When you disconnect Google Calendar, OAuth tokens are immediately revoked and deleted, and calendar selection data is removed.

5. Apple HealthKit

This section provides disclosures required by Apple’s App Store Review Guidelines (Section 5.1.3) for apps that use HealthKit.

Access model: Embyr requests read-only access to specific HealthKit data types that you individually authorize through the iOS Health permissions dialog. You may grant or deny access to each data type independently. Embyr does not request access to HealthKit data types that it does not actively use.

Data types accessed (when authorized by you):

HealthKit Data Type	Embyr Feature
Workouts (HKWorkout)	Training history, load calculation
Heart rate (HKQuantityTypeIdentifierHeartRate)	Training intensity analysis, recovery assessment
Resting heart rate (HKQuantityTypeIdentifierRestingHeartRate)	Recovery baseline tracking
Heart rate variability (HKQuantityTypeIdentifierHeartRateVariabilitySDNN)	Recovery and readiness assessment
Active energy burned (HKQuantityTypeIdentifierActiveEnergyBurned)	Training load estimation
Distance (walking, running, cycling)	Workout distance tracking
Elevation gain	Workout difficulty assessment
Sleep analysis (HKCategoryTypeIdentifierSleepAnalysis)	Sleep duration and quality for recovery assessment
Flights climbed (HKQuantityTypeIdentifierFlightsClimbed)	Workout elevation effort estimation
Cycling power (HKQuantityTypeIdentifierCyclingPower)	Cycling training load and FTP analysis

Background sync: With your permission, Embyr may sync HealthKit data in the background to keep your coaching current. Background sync is limited to the specific data types listed above and runs at intervals managed by iOS.

What we do NOT do with HealthKit data:

We do not use HealthKit data for advertising or marketing. HealthKit data is never used to target, personalize, or deliver advertisements of any kind.
We do not sell HealthKit data. Under no circumstances do we sell, license, or otherwise make HealthKit data available to third parties for advertising, data brokerage, or any non-coaching purpose.
We do not store HealthKit data in iCloud. HealthKit data synced to Embyr is stored on our encrypted servers, not in Apple’s iCloud service.
We do not use HealthKit data for data mining or profiling beyond providing the coaching Service directly to you.
We do not share HealthKit data with third parties except as described in Section 3.1 (AI processing), where only contextual coaching metrics are shared without direct user identifiers, and only to the extent necessary to generate coaching recommendations for you.

6. Artificial Intelligence and Automated Processing

Embyr uses AI and automated processing in two specific features:

6.1 Meal Photo Analysis

When you capture a meal photo, the image is sent to Google’s Gemini AI service for nutritional estimation. No user identifiers are attached to the photo during this process. The AI service receives only the image and returns estimated nutritional information. The AI provider does not receive your name, email, user ID, or any information linking the photo to your account.

6.2 Coaching Narrative Generation

Coaching messages (morning briefings, post-workout nudges, weekly reviews) are generated using Anthropic’s Claude AI service. The AI service receives contextual coaching data, which may include your current training state, recovery metrics, goal progress, and recent patterns. No direct identifiers (name, email, user ID) are included in the data sent to the AI provider.

6.3 Heuristic Analysis (Not AI/ML)

Much of Embyr’s coaching logic uses science-backed heuristic algorithms, not machine learning or AI. These include:

Training load calculation (Banister impulse-response model, Foster session-RPE)
Heart rate zone estimation
Recovery state assessment (multi-signal scoring algorithm)
Training plan adaptation (rule-based engine)

These algorithms run on our servers using your data and do not involve third-party AI providers.

6.4 Engine Trace Logging

For quality assurance and debugging, Embyr logs the inputs and outputs of its coaching engines. LLM prompts and responses are NOT logged by default. LLM content logging is an opt-in setting that defaults to off. When LLM content logging is disabled, only the model name and token count (aggregate usage statistics with no user content) are recorded.

7. Data Retention

We retain your data according to the following schedule. When a retention period expires, data is deleted or de-identified within 30 days unless a legal obligation requires longer retention.

Data Category	Retention Period	Notes
Account and profile	Duration of account + 30 days after deletion request	Deleted within 30 days of verified deletion request
HealthKit data	Duration of account	Deleted on account deletion
Strava raw data	7-day rolling cache	Per Strava API Agreement; refreshed on each sync
WHOOP data	Duration of account	Deleted on disconnect or account deletion
Oura data	60-day rolling cache	Per Oura API terms; older data automatically purged
Garmin data	7-day rolling cache	Per Garmin Health API terms
Google Calendar events	Not persisted beyond constraint detection	Event data used transiently; confirmed constraints stored separately
Meal photos	90 days from capture	Automatically deleted after 90 days; derived nutrition data persists
Derived nutrition data	Duration of account	Estimated macros, meal types, coach notes
Life constraints	Duration of account	Deleted on account deletion
Training plans and coaching outputs	Duration of account	Deleted on account deletion
Analytics events	1 year	Archived or purged after 1 year
Engine traces	30 days	Debugging data automatically purged
OAuth tokens	Until disconnect or account deletion	Immediately revoked and deleted on disconnect
Push notification tokens	Until device is deregistered or account deleted
Subscription data	Duration of account + required legal retention	Apple transaction IDs retained per tax/financial reporting obligations

7.1 What Happens When You Disconnect an Integration

When you disconnect a fitness platform in Embyr Settings:

Immediately: OAuth access and refresh tokens are revoked and permanently deleted from our servers.
Within 24 hours: Cached raw data from that platform is deleted.
Persists: Coaching outputs (recommendations, insights, narratives) that were generated using previously synced data may remain as part of your coaching history. These outputs are coaching content, not raw platform data.
No new data: No further data is accessed from the disconnected platform.

7.2 What Happens When You Delete Your Account

When you request account deletion:

Your account is marked for deletion immediately.
All personal data, health data, coaching outputs, meal photos, analytics events, and OAuth tokens are permanently deleted within 30 days. Data may persist in encrypted backups for up to an additional 30 days, after which backups are purged through the normal rotation cycle.
All connected platform tokens are revoked and deleted.
De-identified aggregate statistics (e.g., total number of users, average coaching engagement rates) that cannot be linked back to you may be retained.
Data required for legal, tax, or financial reporting obligations may be retained for the minimum period required by law, after which it is deleted.

8. Data Security

We implement the following security measures to protect your data:

Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
Encryption at rest: OAuth tokens are encrypted at rest using Fernet symmetric encryption before database storage. Database storage uses encrypted volumes.
Access-controlled photo storage: Meal photos are stored with access-controlled (presigned) URLs that expire. Photos are never publicly accessible. EXIF metadata (including GPS location) is stripped from photos before permanent storage.
Token security: OAuth integration tokens (for connected fitness platforms) are encrypted at rest using authenticated encryption (Fernet). Session refresh tokens are stored as cryptographic hashes. Access tokens have short expiration periods.
Rate limiting: API endpoints are rate-limited to prevent abuse.
Secret validation: Cryptographic keys are validated on application startup to prevent misconfiguration.
Audit logging: Administrative access to user data is logged with the action performed, the reason, and the administrator identity.
Minimal access: Application architecture follows the principle of least privilege. Coaching engines receive only the data necessary for their specific function.

While we take these measures seriously, no method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at privacy@embyrapp.com.

8.1 Breach Notification

In the event of a data breach involving your personal information:

Users in the EEA/UK: We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR, and will notify affected users without undue delay when the breach is likely to result in a high risk to your rights and freedoms.
Users in California: We will notify affected users as required by the California Civil Code Section 1798.82.
All users: We will comply with the FTC Health Breach Notification Rule (16 CFR Part 318) to the extent it applies to health data maintained by non-HIPAA-covered entities.
Partner platforms: We will notify affected integration partners per their developer agreement requirements (e.g., Oura requires 24-hour breach notification).

9. Your Rights and Choices

Regardless of where you are located, you have the following rights:

9.1 Integration Controls

Connect and disconnect platforms independently. Each integration (Strava, WHOOP, Oura, Garmin, Apple HealthKit, Google Calendar) can be connected or disconnected at any time in Embyr Settings. Disconnecting one platform does not affect others.
Revoke HealthKit permissions. You can revoke access to specific HealthKit data types at any time through iOS Settings > Health > Embyr.

9.2 Data Access

You can request a copy of the personal data we hold about you by contacting us at privacy@embyrapp.com. We will provide your data in a structured, commonly used, machine-readable format within 30 days.

9.3 Data Correction

You can update your profile information (name, date of birth, biological sex, height, weight, coaching tone, unit preference) at any time in the App.
For corrections to other data, contact privacy@embyrapp.com.

9.4 Data Deletion

You can request deletion of your account and all associated data by contacting privacy@embyrapp.com. Deletion will be completed within 30 days.
You can disconnect individual integrations at any time, which triggers deletion of cached data from that platform (see Section 7.1).

9.5 Push Notification Preferences

You can enable or disable push notifications through iOS Settings at any time. Disabling notifications does not affect your coaching data or recommendations; they will still be available when you open the App.

9.6 Subscription Management

You can manage or cancel your subscription through iOS Settings > [Your Name]

Subscriptions. Embyr does not process payments or cancellations directly. See Apple’s subscription support at https://support.apple.com/en-us/HT202039.

10. Additional Disclosures for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”). This section supplements the rest of this Privacy Policy.

10.1 Categories of Personal Information Collected

The following table maps our data collection to CCPA categories, as required by California Civil Code Section 1798.100.

CCPA Category	Specific Data Elements	Business Purpose
A. Identifiers	Email address, name, device identifiers (APNs token), account ID	Account management, notifications
B. Personal information per Cal. Civ. Code 1798.80(e)	Name, date of birth, physical characteristics (height, weight, biological sex)	Personalized coaching
F. Internet or electronic network activity	App usage analytics events, session IDs, app version, device model, OS version	Service improvement, debugging
G. Geolocation data	Coarse IP address (timezone detection only, not stored in application database); GPS routes from Strava (activity data)	Timezone detection; workout mapping
K. Inferences	Training readiness state, recovery scores, coaching recommendations, AI-estimated meal nutrition	Personalized coaching delivery
Sensitive Personal Information: Health data	Heart rate, HRV, sleep data, recovery scores, workout metrics, resting heart rate, active energy, physiological modeling inputs	Core coaching functionality

We do not sell your personal information. We have not sold personal information in the preceding 12 months.

We do not share your personal information for cross-context behavioral advertising. We have not shared personal information for advertising purposes in the preceding 12 months.

10.3 Your California Rights

As a California resident, you have the right to:

Know what personal information we collect, use, and disclose about you.
Delete your personal information, subject to certain exceptions.
Correct inaccurate personal information we hold about you.
Opt out of sale or sharing of personal information. Because we do not sell or share your information for advertising, there is no opt-out mechanism needed; however, you may contact us at privacy@embyrapp.com for confirmation.
Limit use of sensitive personal information to purposes necessary for the Service. We use sensitive personal information (health data) only to provide the coaching Service, which is a use permitted under CCPA Section 1798.121(a).
Non-discrimination. We will not discriminate against you for exercising any of these rights.

10.4 Exercising Your Rights

To exercise your California privacy rights, contact us at privacy@embyrapp.com. We will verify your identity using information associated with your account before processing your request. We will respond within 45 days (subject to a 45-day extension if necessary and with notice to you).

10.5 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require the agent to provide proof of authorization and may verify your identity directly.

10.6 Financial Incentives

We do not offer financial incentives related to the collection of personal information.

If you are located in the European Economic Area or the United Kingdom, the General Data Protection Regulation (“GDPR”) and the UK GDPR apply to our processing of your personal data. This section provides the additional information required by those regulations.

11.1 Data Controller

Embyr is the data controller for your personal data. Contact details are provided in Section 14.

11.2 Lawful Basis for Processing

Processing Activity	Lawful Basis	Explanation
Account creation and management	Contract (Art. 6(1)(b))	Necessary to provide the Service you have requested
Processing health and fitness data	Explicit consent (Art. 9(2)(a))	Health data is “special category” data; we obtain your explicit consent before accessing it
Processing HealthKit data	Explicit consent (Art. 9(2)(a))	Separate consent obtained through iOS Health permissions dialog
Processing connected platform data	Explicit consent (Art. 9(2)(a))	Separate consent obtained through each platform’s OAuth authorization
Sending coaching notifications	Contract (Art. 6(1)(b))	Notifications are a core part of the coaching Service
Analytics and service improvement	Legitimate interest (Art. 6(1)(f))	We have a legitimate interest in improving our Service; balanced against your rights through data minimization and pseudonymization
Compliance with legal obligations	Legal obligation (Art. 6(1)(c))	Tax, financial reporting, and data breach notification requirements

In addition to the rights described in Section 9, EEA and UK residents have the following rights:

Right to withdraw consent. You can withdraw your consent to health data processing at any time by disconnecting integrations in App Settings or contacting us. Withdrawal does not affect the lawfulness of processing performed before withdrawal.
Right to data portability. You can request a copy of your personal data in a structured, commonly used, machine-readable format (JSON or CSV).
Right to restriction of processing. You can request that we restrict the processing of your personal data in certain circumstances (e.g., while we verify the accuracy of contested data).
Right to object. You can object to processing based on legitimate interest (analytics). We will cease processing unless we demonstrate compelling legitimate grounds.
Right to lodge a complaint. You have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

11.4 International Data Transfers

Embyr’s servers are located in the United States. When you use the Service from the EEA or UK, your personal data is transferred to the United States. We rely on the following transfer mechanisms to ensure your data is protected:

Standard Contractual Clauses (SCCs): We use the European Commission’s Standard Contractual Clauses for transfers from the EEA to the US, as approved by the European Commission’s Implementing Decision (EU) 2021/914.
UK International Data Transfer Agreement / Addendum: For transfers from the UK, we use the UK Information Commissioner’s Office-approved addendum to the SCCs.
Data protection safeguards: Regardless of where your data is stored, we apply the same security measures described in Section 8.

11.5 Data Protection Impact Assessment

Given that Embyr processes health data at scale, we conduct Data Protection Impact Assessments (DPIAs) for new processing activities involving health data, as required by Article 35 of the GDPR.

11.6 Automated Decision-Making

Embyr uses automated processing to generate coaching recommendations (training plan adaptations, recovery guidance, fueling suggestions). These recommendations are informational guidance, not decisions that produce legal or similarly significant effects on you. You are free to follow or disregard any coaching recommendation. If you have concerns about automated processing, you may contact us at privacy@embyrapp.com.

12. Children’s Privacy

Embyr is not directed to children. You must be at least 16 years old to create an account and use the Service. We chose this age threshold to align with the GDPR’s provisions for digital consent by minors (Article 8) and the age at which most health and fitness platforms permit account creation.

We do not knowingly collect personal information from anyone under 16. If we learn that we have collected personal information from a child under 16, we will delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@embyrapp.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

When we make material changes:

We will update the “Last Updated” date at the top of this policy.
We will notify you via email or through a prominent notice in the App at least 14 days before the changes take effect.
For changes that affect how we process health data, we will request your renewed consent where required by law.

Previous versions of this Privacy Policy are archived and available upon request.

Your continued use of the Service after the updated Privacy Policy takes effect constitutes your acceptance of the changes. If you do not agree with the updated policy, you may delete your account.

14. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how we handle your data, you can reach us at:

Privacy inquiries: Email: privacy@embyrapp.com

General support: Email: support@embyrapp.com

Mailing address: Embyr [Address to be added upon entity formation]

We aim to respond to all privacy-related inquiries within 30 days. For requests made under the CCPA or GDPR, we will respond within the timeframes required by applicable law (45 days for CCPA, 30 days for GDPR, each subject to permitted extensions with notice).

Supplemental Notices

Health and Wellness Disclaimer

Embyr provides general health and fitness coaching guidance based on your data. Embyr is not a medical device and does not provide medical advice, diagnosis, or treatment. Coaching recommendations are informational and should not replace the advice of a qualified healthcare provider, registered dietitian, or licensed mental health professional. If you have a medical condition, history of disordered eating, or concerns about Relative Energy Deficiency in Sport (RED-S), please consult a healthcare professional before relying on Embyr’s guidance.

Wearable data accuracy: Coaching quality depends on the accuracy of data from your connected devices. Wearable sensors vary in precision across device types and manufacturers, particularly for metrics such as heart rate variability, sleep staging, and resting heart rate. Embyr’s coaching algorithms account for known device-level differences where possible, but we cannot guarantee the accuracy of data provided by third-party hardware.

Crisis resources: If you or someone you know is struggling with an eating disorder, the following resources are available:

988 Suicide and Crisis Lifeline: Call or text 988
ANAD Helpline: 1-888-375-7767 (National Association of Anorexia Nervosa and Associated Disorders)
Crisis Text Line: Text “HELLO” to 741741
NEDA: www.nationaleatingdisorders.org

Regulatory Framework

Embyr is a wellness application, not a covered entity under the Health Insurance Portability and Accountability Act (HIPAA). Nevertheless, we design our data handling practices to meet or exceed the standards expected of apps handling sensitive health information, including compliance with the FTC Health Breach Notification Rule (16 CFR Part 318) applicable to non-HIPAA personal health record vendors.

Policy Archives

Previous versions of this Privacy Policy and our Terms of Service are archived and available upon request at privacy@embyrapp.com.

This Privacy Policy is available at https://embyrapp.com/privacy and within the Embyr App under Settings > Privacy Policy.