LAFYA Wellness+

Privacy & Data Consent

v1.0 · Required to continue

LAFYA

Privacy & Data Consent Agreement

Plain-language disclosure of what we collect, why we collect it, and what you control.

Version 1.0 · Effective date: [DATE] · Last updated: [DATE]

1. What You're Agreeing To — Plain English First

Before the legal language, here's exactly what LAFYA does with your information in plain terms:

✅ What we DO

  • Scan food labels to flag harmful additives
  • Track which nutrients you're getting enough of
  • Measure your HRV and stress via optional face scan
  • Use all of the above to give you personalized coaching
  • Send your data to our AI (Claude by Anthropic) to generate coaching messages

❌ What we DON'T do

  • Sell your health data to third parties
  • Share your data with insurers or employers
  • Use your data for advertising
  • Store face scan images — only the biometric output (HRV number) is saved
  • Make medical diagnoses or replace your doctor

2. What Data We Collect

LAFYA collects the following categories of information to operate the service:

Data typeExamplesWhy we collect it
Biometric dataHeart rate variability (HRV), stress index, respiratory rate from optional face scanTo generate your daily readiness score and personalized coaching
Self-reported healthEnergy, sleep quality, mental clarity, digestion, soreness (rated 1–5 in daily check-in)To track how you feel over time and identify patterns
Food & nutritionScanned food products, nutrient intake percentages, inflammatory exposure, seed oil exposureTo identify dietary gaps and flag harmful ingredients
Supplement logSupplement names, start dates, self-reported adherenceTo measure whether supplements are producing results over time
Derived insightsCorrelations between food behaviors and biometric or check-in outcomesTo generate hyper-personalized coaching messages
Account dataEmail address, display name, account preferencesTo operate your account and communicate with you
Usage dataApp screens visited, features used, session durationTo improve the app experience (never linked to health data for advertising)

3. How We Use AI — What This Means for Your Data

LAFYA Coach, the personalized coaching feature, is powered by Claude, an AI model made by Anthropic. Here is exactly what happens when LAFYA Coach generates a message for you:

  1. Your data is assembled into a context package. This includes your recent food log, nutrient gaps, check-in scores, and any biometric scan results from the past 7–30 days.
  2. That package is sent to Anthropic's API. It is transmitted securely over HTTPS. Anthropic processes it to generate your coaching message.
  3. Anthropic does not store your data for training. LAFYA uses Anthropic's API under a zero-data-retention agreement, meaning your health data is processed and discarded — not used to train AI models.
  4. The coaching message is returned and displayed to you. LAFYA stores the generated message in your account history so your coach can reference prior conversations.
  5. Your raw health data stays on LAFYA's servers. Only a structured summary is sent to Anthropic per session — never your full account history in a single request.

Important: LAFYA Coach is not a medical provider

LAFYA Coach identifies patterns in your personal data and makes nutritional suggestions. It does not diagnose conditions, prescribe medications, or replace the advice of a licensed healthcare provider. If you experience symptoms that concern you, please consult a doctor.

4. The Face Scan — Special Disclosure

The optional face scan feature uses your phone's front camera and remote photoplethysmography (rPPG) technology to estimate biometric signals. Because this involves your camera, we want to be especially clear:

  • The face scan is always optional. You can use LAFYA fully without ever scanning. The scan appears as an invitation, never a requirement.
  • No images are stored. The camera feed is processed in real time on your device to extract a biometric reading (HRV, stress index, respiratory rate). The video itself is discarded immediately and never leaves your device.
  • Only the numerical output is saved — for example, "HRV: 58ms" — not any image or video data.
  • The rPPG technology is provided by [SDK PARTNER NAME]. Their privacy policy governs the on-device processing component and is available at [PARTNER PRIVACY URL].
  • Scan results are stored in your LAFYA account and used only to generate your readiness score and coaching messages.
  • You can delete all scan history at any time from Settings → Data & Privacy → Delete biometric data.

5. Who We Share Your Data With

LAFYA does not sell your data. We share data with the following service providers only to the extent necessary to operate the app:

PartyWhat they receiveWhy
Anthropic (Claude API)Structured health data summary per coaching sessionTo generate personalized coaching messages. Zero-data-retention agreement in place.
[rPPG SDK Partner]On-device camera feed only (not transmitted)To compute biometric signals from face scan. Processed on-device only.
[Cloud hosting provider]Encrypted account and health dataSecure storage of your LAFYA account data.
Analytics (optional)Anonymized usage events only — never health dataTo understand how features are used and improve the app.

6. Your Rights & Controls

You have the following rights over your data at any time:

  • View — Access your data

    Download a full export of everything LAFYA holds about you from Settings → Data & Privacy → Export my data.

  • Edit — Correct your data

    Update or correct any manually entered information at any time within the app.

  • Delete — Delete specific data

    Remove individual food logs, check-ins, or scan results from your history at any time. Delete all biometric data: Settings → Data & Privacy → Delete biometric data.

  • Full deletion — Delete your account

    Permanently delete your account and all associated data: Settings → Account → Delete account. Deletion is permanent and irreversible. We will confirm deletion within 30 days.

  • Opt out — Opt out of AI coaching

    You can disable LAFYA Coach entirely from Settings → Coach. When disabled, no data is sent to Anthropic's API. Core food scanning and nutrient tracking features continue to work.

  • Opt out — Opt out of face scanning

    You can disable the face scan feature entirely from Settings → Biometrics → Disable face scan. Your phone's camera will not be accessed.

7. How Long We Keep Your Data

Data typeRetention periodReason
Biometric scan results90 days rollingCoach needs 90-day history for accurate pattern detection
Food log & nutrient dataAccount lifetime or until deletedLong-term pattern detection and supplement efficacy tracking
Daily check-in dataAccount lifetime or until deletedTrend tracking and coaching personalization
Coach conversation history90 days rollingEnables coach to reference recent sessions
Account dataUntil account deletionRequired to operate your account

8. Regulatory Disclosures

HIPAA

LAFYA is a direct-to-consumer wellness application and is not a HIPAA-covered entity. We are not a healthcare provider, health plan, or healthcare clearinghouse, and we do not have business associate relationships with covered entities. As a result, HIPAA does not govern this agreement. However, we apply equivalent standards of care to the handling of your health data.

California Residents (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of sale or sharing. LAFYA does not sell personal information. To exercise your California rights, contact us at privacy@lafya.health.

EU / UK Residents (GDPR / UK GDPR)

Health data is a "special category" under GDPR requiring explicit consent. By tapping "I agree" below, you provide that explicit consent. Your legal basis for processing is Article 9(2)(a) — explicit consent. You may withdraw consent at any time by deleting your account. Withdrawing consent does not affect the lawfulness of processing prior to withdrawal. For data subject requests, contact privacy@lafya.health.

FTC Health Breach Notification

In the event of a data breach involving your health information, LAFYA will notify affected users within 60 days, consistent with the FTC's Health Breach Notification Rule.

9. Your Consent

By tapping "I agree" during LAFYA onboarding, you confirm that:

  • You are 18 years of age or older.
  • You have read and understood this agreement.
  • You consent to LAFYA collecting and processing the health data described in Section 2.
  • You consent to your data being sent to Anthropic's API (under zero-data-retention terms) to generate coaching messages, as described in Section 3.
  • You consent to the optional face scan feature accessing your device camera as described in Section 4, if you choose to use it.
  • You understand that LAFYA Coach is not a medical service and does not replace professional healthcare advice.

You can withdraw consent at any time

Disabling LAFYA Coach (Settings → Coach) stops all data from being sent to Anthropic immediately. Deleting your account (Settings → Account → Delete account) permanently removes all your data within 30 days. Neither action affects your right to use the food scanning and nutrient tracking features independently.

10. Contact & Updates

For any privacy questions, data requests, or concerns:

Email: privacy@lafya.health
Response time: within 5 business days

If we make material changes to this agreement, we will notify you via in-app notice and email at least 14 days before the changes take effect. Continued use of LAFYA after that date constitutes acceptance of the updated agreement. If you do not accept the changes, you may delete your account before they take effect.

LAFYA Health · [Company legal name] · [Registered address] · privacy@lafya.health · lafya.health/privacy