Last updated: March 5, 2026
Health Data (On-Device): Hormonal protocol details, blood work results, biometric data (heart rate, HRV, sleep, SpO2, respiratory rate), supplement logs, mood and energy logs, menstrual cycle data, and medication dosing history. This data is stored locally on your iOS device using Apple's standard data persistence mechanisms and is not transmitted to our servers.
Wearable Data: When you connect third-party wearable devices (such as Oura Ring, WHOOP, Garmin, Dexcom CGM, Polar, or Fitbit), we access data from those services through their official APIs using your explicit authorization. This includes sleep metrics, recovery scores, activity data, heart rate, and device-specific proprietary metrics. Data obtained from third-party wearable platforms is used solely to provide functionality within the WellnessEcho application, such as health analytics, recovery scoring, and biometric visualization. This data is never sold, used for advertising, or shared with third parties except as required to operate the service.
Apple HealthKit Data: With your permission, WellnessEcho reads and writes health data through Apple HealthKit. HealthKit data is handled in strict accordance with Apple's HealthKit guidelines. HealthKit data is not used for advertising or marketing purposes and will not be sold to or shared with third parties, including advertising platforms, data brokers, or information resellers.
Continuous Glucose Monitoring (CGM) Data: CGM data accessed through Dexcom integrations is used solely for personal visualization and analytics within the WellnessEcho app and is not used for medical decision-making or clinical purposes.
Account Information: If you create an account, we collect your email address and basic profile information (name, age, biological sex) to personalize your experience.
Website Data: Our website (wellnessecho.app) collects email addresses submitted through the waitlist signup form for the sole purpose of notifying you about product launches and early access opportunities. We do not use cookies, tracking pixels, or third-party analytics on our website. No behavioral data is collected from website visitors.
Your data is used exclusively to provide app functionality: generating pharmacokinetic models, computing recovery scores, delivering predictive health insights, tracking supplement regimens, and personalizing protocol recommendations. We do not use your health data for advertising, data mining, or any purpose unrelated to your wellness experience within the app.
Health data is stored locally on your iOS device and is not transmitted to or stored on external servers. When you connect third-party wearables, authentication tokens are encrypted and stored on secure servers (CloudFlare Durable Objects with AES-256 encryption at rest). We use industry-standard encryption (TLS 1.3 for data in transit) for all server communications. WellnessEcho servers do not store user health metrics. Only authentication tokens and minimal operational metadata required for integrations are stored securely.
WellnessEcho integrates with third-party wearable platforms using their official OAuth 2.0 APIs. When you connect a device, you authorize WellnessEcho to access specific data categories through that provider's consent screen. You can disconnect any device at any time, which immediately revokes our access and deletes stored authentication tokens.
Users may revoke access to any connected wearable service at any time either within the WellnessEcho app settings or through the wearable provider's account permissions page. Upon disconnection, all stored authentication credentials for that provider are permanently deleted from our servers.
Each third-party provider has their own privacy policy governing how they collect and use your data independently of WellnessEcho.
We do not sell, rent, trade, or share your personal health information with third parties for marketing, advertising, or data brokerage. We may share anonymized, aggregated data for research purposes only with your explicit opt-in consent. We will disclose information if required by law or to protect safety.
You have the right to access, export, correct, or delete your data at any time. Within the app, you can disconnect wearable integrations (which immediately deletes server-side tokens), revoke HealthKit permissions, and export your data in standard formats (PDF, CSV).
Users may request deletion of all server-side data associated with their account by navigating to Profile > Privacy & Security > Delete My Data within the app, or by contacting privacy@wellnessecho.app. Upon request, authentication tokens and account metadata are deleted immediately. Any cached or queued data is purged within 30 days. On-device data can be deleted by removing the app from your device.
California (CCPA/CPRA): California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. WellnessEcho does not sell personal information. To exercise your rights, contact privacy@wellnessecho.app.
EEA/UK (GDPR): If you are located in the European Economic Area or United Kingdom, you have additional rights including data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority. Our legal basis for processing is your explicit consent (provided when you grant HealthKit or wearable permissions) and legitimate interest (providing the service you requested).
WellnessEcho is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.
We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or via email. Continued use of WellnessEcho after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or your data, contact us at privacy@wellnessecho.app.
SentinelGRCSolutions, LLC