Privacy Policy

Our Commitment to Your Privacy

We understand that health and wellness data is deeply personal. Our commitment is to be transparent about our data practices, protect your information with industry-leading security, and give you control over your data. We never sell your personal data, and we maintain strict protocols for data protection in compliance with GDPR requirements.

Cookie Usage

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small text files stored on your device that help us understand how you use our services and improve your experience.

Types of Cookies We Use

• Essential Cookies: Required for the website to function properly, including cookie consent preferences and form submission functionality. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website through services like Google Analytics and Google Tag Manager. These require your consent.
• Marketing Cookies: Used for video content delivery (YouTube embeds) and may track your preferences. These require your consent.

You can manage your cookie preferences at any time through our Cookie Policy page or by clicking "Cookie Settings" in the website footer. For detailed information about the specific cookies we use, please visit our dedicated Cookie Policy page.

Data We Collect

Health and Fitness Information

Through our mobile application, we collect health and fitness data through our app, Apple HealthKit, and Google Fit integrations. This includes, but is not limited to:

• Heart rate and heart rate variability
• Sleep patterns and quality metrics
• Physical activity and exercise data
• Blood glucose levels
• Blood pressure measurements
• Respiratory rate
• Body temperature
• Menstrual cycle data
• Meditation minutes
• Step counts and distance traveled
• Calories burned

Through our wellness assessments, we gather information about your mood, stress levels, and nutritional habits.

Calendar and Scheduling Information

Our app integrates with Google Calendar, Apple iCloud Calendar, and other calendar services to optimize your wellness journey. We access your calendar events, appointments, and scheduling preferences to help you maintain your wellness routine. This includes time zone settings, activity planning data, and reminder preferences. We process calendar data solely for scheduling optimization and do not read or store the content of your personal events.

Personal Information

To provide our services, we collect basic personal information including your name, email address, age, and gender. We also maintain your account preferences, time zone settings, language preferences, and emergency contact information when provided.

Waitlist and Form Submissions

When you sign up for our waitlist or submit forms on our website, we use Fillout.com as our data processor. Fillout collects and stores your email address and any other information you provide through our signup forms. This data is used solely for the purpose of contacting you about early access to Lifetrails and related product updates. Fillout.com is GDPR-compliant and acts as a data processor on our behalf, maintaining appropriate security measures to protect your information. You can learn more about Fillout's privacy practices at fillout.com/privacy.

Technical Information

We automatically collect certain technical data necessary for our service operation. This includes:

• Device information such as device type, operating system version, and unique device identifiers
• IP addresses for security and regional service optimization
• App and website usage patterns, including how you interact with our services
• Login information and performance data
• Browser type and version information (for website visitors)

Analytics and User Experience Monitoring

To improve our services and understand how users interact with our platforms, we use industry-standard analytics tools. These tools help us understand how our services are being used, identify technical issues, and make improvements to better serve our users.

The analytics data we collect includes general usage patterns, interaction with features, and basic device information. This data is anonymized, stored securely, and used solely to improve our services and user experience. We ensure all analytics tools we use employ appropriate privacy and security measures to protect your information.

For error monitoring and quality assurance, we collect technical information when issues occur, including error reports and related device information. This helps us maintain the reliability and stability of our services.

How We Use Your Data

Core Services

We process your data to provide personalized health insights, track your wellness progress, generate recommendations, and help you maintain your schedule. This processing is essential for delivering our service and includes synchronizing with your health devices and sending relevant reminders.

Service Improvement and Machine Learning

Analytics and Performance Monitoring

The data collected through our analytics and monitoring tools helps us understand how our services are used, identify technical issues, improve performance, and make informed decisions about feature improvements. All analytics data is processed in accordance with our data protection standards and stored securely with appropriate access controls. This data is never combined with your health or personal information and is used solely for service improvement purposes.

Data Protection

We implement comprehensive security measures to protect your data:

• All information is encrypted during transmission and storage using industry-standard protocols
• We maintain our infrastructure in compliance with both GDPR and HIPAA requirements
• Secure EU-based servers with regular security audits
• Continuous monitoring and threat detection

Your Privacy Rights Under GDPR

Under the General Data Protection Regulation (GDPR) and other applicable privacy laws, you have significant rights regarding your personal data. We are committed to honoring these rights and making them easy to exercise.

Right to Access (Article 15)

You have the right to access your personal data at any time. You can request a copy of all personal information we hold about you, including health data, calendar information, and technical logs. To request your data, contact us at privacy@lifetrails.ai. We will provide your data within 30 days in a commonly used electronic format.

Right to Rectification (Article 16)

You may correct any inaccurate or incomplete personal data we hold about you. You can update most information directly through your account settings, or contact our support team for assistance.

Right to Erasure / "Right to be Forgotten" (Article 17)

You can request complete deletion of your personal data from our systems. When you delete your account, we will:

• Permanently delete all personal and health data within 30 days
• Remove your information from all active systems and backups
• Notify third-party processors (like Fillout.com) to delete your data
• Provide confirmation once deletion is complete

Note that we may retain certain anonymized data for statistical and machine learning purposes, which cannot be traced back to you.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (JSON or CSV). You can also request that we transmit your data directly to another service provider where technically feasible. This includes all health data, wellness assessments, and calendar integrations. To request data portability, email privacy@lifetrails.ai.

Right to Restrict Processing (Article 18)

You can request limitations on how we process your data in certain circumstances, such as while we verify data accuracy or assess whether you have legitimate grounds to object to processing.

Right to Object (Article 21)

You may object to certain types of data processing, including:

• Processing for direct marketing purposes (we will immediately stop)
• Processing based on legitimate interests
• Processing for research or statistical purposes

Right to Withdraw Consent (Article 7)

You can withdraw your consent for data processing at any time through your account settings or by contacting us. This includes:

• Health data collection from HealthKit/Google Fit (disable in app settings)
• Calendar integrations (revoke access in app settings)
• Marketing communications (unsubscribe link in emails)
• Analytics cookies (manage through Cookie Settings in website footer)

Note that withdrawing consent may affect our ability to provide certain services.

Right to Lodge a Complaint

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with your local data protection authority. In Finland, this is the Office of the Data Protection Ombudsman (tietosuoja.fi).

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: privacy@lifetrails.ai
• Data Protection Officer: dpo@lifetrails.ai

We will respond to all requests within 30 days and may request verification of your identity to protect your privacy.

Third-Party Integrations

We integrate with several third-party services to enhance your experience:

Apple HealthKit

Our integration with Apple HealthKit follows strict Apple privacy guidelines, accessing only authorized data with separate encryption.

Google Fit

We use OAuth 2.0 authentication and follow Google's API policies for all Google Fit integrations.

Calendar Integrations

Calendar integrations are limited to scheduling functions and operate under strict access controls that you can revoke at any time.

Fillout Forms

We use Fillout.com to process waitlist signups and form submissions on our website. Fillout acts as a data processor under GDPR and maintains appropriate security measures. When you submit a form through Fillout, your data is encrypted in transit and stored on secure servers. Fillout's privacy policy can be found at fillout.com/privacy.

Cookie and Analytics Services

We use Google Analytics and Google Tag Manager for website analytics, which only activate after you provide explicit consent through our cookie banner. These services process anonymized data about your website usage. For more information, see our Cookie Policy.

Data Retention

We retain your data only as long as necessary to provide our services and comply with legal requirements:

• Active Accounts: We maintain data throughout your usage period
• Account Deletion: After account deletion, we retain data for a maximum of 30 days to allow for recovery if needed
• Technical Logs: We keep technical logs and analytics data for 13 months to maintain service quality
• Anonymized Data: We may retain anonymized data indefinitely for research and machine learning purposes

Updates to This Policy

We will notify you of any significant changes to this privacy policy through app notifications, email, or in-app alerts at least 30 days before the changes take effect. Your continued use of our services after such notifications constitutes acceptance of the updated policy.