Privacy Policy

Your privacy is important to us. Learn how we collect, use, and protect your data.

Last Updated: June 2026 · Version 2.2

360HealthWise ("we," "our," or "us") is operated by MTech & IT, a sole proprietor doing business as 360HealthWise ("Operator"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications, web application at app.360healthwise.com, and related services (collectively, the "Service").

Please read this Privacy Policy carefully. If you do not agree with its terms, do not access or use the Service.

By using 360HealthWise, you consent to the data practices described in this policy, subject to your in-app consent choices for optional features (including AI features).

Websites: https://360healthwise.com | https://app.360healthwise.com Contact: privacy@healthwise360.com

Data Controller

Health and Sensitive Data (GDPR Article 9)

Some data we process may qualify as "special category" personal data under Article 9 GDPR (for example data concerning health, and optional fields such as allergies, medical conditions, medications, vitals, and activity derived from health platforms).

1. WHAT WE PROCESS - Workout, nutrition, sleep, mood, habits, body measurements, and related wellness metrics you choose to log or sync - Optional sensitive profile and health-info fields you enter or import - AI prompts and outputs when you use optional AI features

2. LEGAL BASES (SUMMARY — NOT LEGAL ADVICE) - Explicit consent (Art. 9(2)(a)): Optional sensitive health fields used for AI analysis; each optional AI feature when enabled in-app (Goals AI, Workout Analysis AI, HealthWise AI, Habits AI, Meal Plan AI, Training Plan AI, Time Analysis AI, Food Analysis AI, Research AI); health platform sync where required by platform rules and your choices - Contract (Art. 6(1)(b)): Providing core Service features you request (account, logging, sync, subscriptions) where consent is not the sole basis - Legitimate interests (Art. 6(1)(f)): Security, fraud prevention, and service improvement, balanced against your rights and with safeguards

3. YOUR CHOICES - You may decline optional AI features or withdraw in-app consent toggles - You may avoid entering optional sensitive health fields - You may disconnect HealthKit / Health Connect integrations

4. COUNSEL REVIEW - A formal DPIA, processor agreements, and Art. 9 wording should be validated by qualified counsel. See gdpr_counsel_review_packet.md in our legal documentation set for counsel handoff topics.

WHAT WE PROCESS: wellness metrics you choose to log or sync Workout, nutrition, sleep, mood, habits, body measurements, and related Optional sensitive profile and health-info fields you enter or import AI prompts and outputs when you use optional AI features

LEGAL BASES (SUMMARY — NOT LEGAL ADVICE): for AI analysis; each optional AI feature when enabled in-app (Goals AI, Workout Analysis AI, HealthWise AI, Habits AI, Meal Plan AI, Training Plan AI, Time Analysis AI, Food Analysis AI, Research AI); health platform sync where required by platform rules and your choices (account, logging, sync, subscriptions) where consent is not the sole basis service improvement, balanced against your rights and with safeguards Explicit consent (Art. 9(2)(a)): Optional sensitive health fields used Contract (Art. 6(1)(b)): Providing core Service features you request Legitimate interests (Art. 6(1)(f)): Security, fraud prevention, and

YOUR CHOICES: You may decline optional AI features or withdraw in-app consent toggles You may avoid entering optional sensitive health fields You may disconnect HealthKit / Health Connect integrations

COUNSEL REVIEW: by qualified counsel. See gdpr_counsel_review_packet.md in our legal documentation set for counsel handoff topics. A formal DPIA, processor agreements, and Art. 9 wording should be validated

Information We Collect

ACCOUNT AND PROFILE INFORMATION

• Name, email address, and authentication credentials (stored securely via
• Sign-in via email/password, Google Sign-In, or Sign in with Apple
• Profile information (age, date of birth, gender, height, weight, units)
• Profile photos (optional)
• Language, timezone, and app preferences

USAGE, DIAGNOSTICS, AND ACTIVITY DATA

• App usage statistics, feature interactions, and screen-time summaries
• Firebase Analytics events (where enabled), including app interaction
• On Android, collection of the advertising identifier (GAID) is disabled
• Firebase Crashlytics crash reports (stack traces, device/OS info)
• Application error logs (error type, message, platform, truncated stack
• Push notification device tokens (Firebase Cloud Messaging)
• Last login and daily activity summaries

AI & Automated Processing

• Prompts, chat messages, and AI conversation history (HealthWise AI, Goals AI, Workout Analysis AI, Habits AI, Meal Plan AI, and related features)
• AI job metadata and generated outputs stored in your account
• AI token usage and cost tracking (for subscription and usage limits)
• Optional user-provided API keys for third-party AI providers (encrypted at rest)

KNOWLEDGE BASE, RESEARCH, AND EXTERNAL CONTENT

• Personal notes, uploaded documents, and saved items in My Knowledge Base
• Saved research publications, saved AI responses, and saved RSS articles
• Research publication metadata (title, authors, abstract, DOI, PMID,
• Research AI chat sessions and literature-discovery queries

Location Data

• GPS coordinates and route polylines for cardio workouts and shared routes
• Location associated with tasks, shopping lists, and map features
• General location derived from IP address (not precise tracking for advertising)
• Background location only where you grant permission for specific features (e.g., location-based reminders)

DEVICE SENSORS AND MEDIA

• Camera: food photos, barcode scanning for nutrition logging
• Microphone: voice input and speech-to-text (with permission)
• On-device processing: pose detection for certain fitness features (e.g.,
• Device model, operating system, app version, and platform identifiers

Connected Apps & Integrations

• OAuth tokens and connection status (stored encrypted)
• Health and activity data you authorize from third-party apps and devices
• Raw sync payloads from connected integrations (as needed to provide sync)
• Supported integrations include: Apple Health/HealthKit, Google Health Connect, Strava, Fitbit, Garmin, Samsung Health (Spike SDK), Wahoo, Polar, MyFitnessPal, Huawei Health, Zepp, Mi Fitness, Nova Ring, HealthFit, and similar services

Social & Community

• Posts, comments, likes, followers, and following lists
• Forum and group membership, conversations, and shared content
• Shared workouts, routes, recipes, and workout plans (via share links)
• Feature votes and community interactions
• Social visibility and notification preferences

Personal Trainer

• Trainer or client profile links and consent-scoped data sharing settings
• Encrypted trainer–client chat messages
• Contact information you provide for trainer relationships (may be encrypted)

Calendar & Planning

• In-app calendar events, auto-planner settings, and scheduling preferences
• External calendar import via iCal URL (when you configure it)
• Webcal export: if enabled, events may be accessible via a public URL — keep export URLs private and treat them like passwords

Payment & Subscription

• Subscription status, product identifiers, and purchase tokens (Apple App Store, Google Play)
• Stripe customer and subscription identifiers for web/desktop billing
• We do not store full payment card numbers; payment processing is handled by Apple, Google, or Stripe

Usage, Diagnostics & Activity

• App usage statistics, feature interactions, and screen-time summaries
• Firebase Analytics events (where enabled)
• Firebase Crashlytics crash reports (stack traces, device/OS info)
• Application error logs (error type, message, platform, truncated stack trace)
• Push notification device tokens (Firebase Cloud Messaging)

COMMUNICATIONS

• Support inquiries and email correspondence
• Account deletion requests and verification communications
• Optional user-configured SMTP settings if you send mail through the app

How We Use Your Information

PROVIDE AND OPERATE THE SERVICE

• Create and manage your account
• Sync and display health, fitness, nutrition, and planning data
• Deliver connected-app integrations you authorize
• Process subscriptions and premium features
• Send service-related notifications (with your permission)

PERSONAL TRAINER AND COMMUNITY FEATURES

• Facilitate trainer–client connections according to your consent choices
• Display community posts, forums, groups, and shared content
• Moderate abuse and enforce our Terms of Service

KNOWLEDGE BASE, RESEARCH, AND RSS

• Store and display your saved notes, documents, and publications
• Import publication metadata from Crossref, PubMed, and (when enabled)
• Sync external RSS health and science feeds for display in the app
• Support admin-curated research content and science blog posts

Personal Trainer & Community

• Facilitate trainer–client connections according to your consent choices
• Display community posts, forums, groups, and shared content
• Moderate abuse and enforce our Terms of Service

IMPROVE SECURITY, RELIABILITY, AND PRODUCT QUALITY

• Monitor crashes, errors, and performance
• Analyze aggregated or pseudonymized usage patterns
• Fix bugs and develop new features
• Measure app installs and key conversions from marketing campaigns we run

LEGAL AND SAFETY

• Comply with legal obligations
• Protect rights, safety, and integrity of users and the Service
• Enforce our Terms of Service and respond to lawful requests

AI and Automated Processing

AI PROVIDERS (AS CONFIGURED)

• We may use one or more of: OpenAI, Anthropic, Google Gemini / Google AI,
• OpenRouter, DeepSeek, Mistral, Replicate, ElevenLabs, LLM Gateway, and
• other providers available in app or server configuration.
• When you provide your own API key ("bring your own key" / BYOK), requests
• are sent using your key under your account with that provider. You are
• responsible for that provider's terms, billing, and privacy practices.

AI Providers

• We may use one or more of: OpenAI, Anthropic, Google Gemini / Google AI, OpenRouter, DeepSeek, Mistral, Replicate, ElevenLabs, LLM Gateway, and other providers available in app or server configuration.
• When you provide your own API key ("bring your own key" / BYOK), requests are sent using your key under your account with that provider. You are responsible for that provider's terms, billing, and privacy practices.

INTERNATIONAL TRANSFERS

• AI providers may process data in countries other than your own, including
• the United States. We use contractual and technical safeguards appropriate
• to the processing.

Important Disclaimers

• Not Medical Advice: AI outputs are for informational and educational purposes only and have not been reviewed by licensed healthcare professionals.
• No Training on Your Data for Ads: We do not sell personal or health data to AI providers for advertising purposes.

Research & External Content

RESEARCH PUBLICATIONS

• We and authorized administrators may curate bibliographic records
• Metadata may be fetched from Crossref, PubMed (NCBI), and Semantic
• We display metadata and links; full text remains with publishers

RSS AND EXTERNAL FEEDS

• Our servers periodically fetch public RSS feeds from third-party health
• We store article titles, summaries, links, and publication dates
• Content remains subject to each publisher's terms and copyright

Third-Party Data Sources

• Exercise database content may be sourced from licensed or open providers
• Nutrition data (calories, macros) may use external food databases
• We strive to ensure data accuracy but cannot guarantee third-party source reliability

Data Storage & Security

DATA RETENTION

• Active accounts: data retained while your account is active
• Deleted accounts: deletion requested via app settings or email; processing
• Some data may be retained longer where required by law or for legitimate

SECURITY MEASURES

• Secure authentication and access controls
• Firestore security rules and server-side validation
• Regular dependency updates and monitoring
• Responsible disclosure channel: security@healthwise360.com

Breach Notification

• In the event of a data breach affecting your personal data, we will notify you as required by applicable law
• Notifications will be sent to your registered email address
• Report suspected security issues to security@healthwise360.com

Data Sharing & Disclosure

Third-Party Integrations

HEALTH AND FITNESS

• Apple Health / HealthKit, Google Health Connect, Strava, Fitbit, Garmin,
• Samsung Health (Spike SDK), Wahoo, Polar, MyFitnessPal, Huawei Health,
• Zepp, Mi Fitness, Nova Ring, HealthFit, and similar integrations.

NUTRITION AND FOOD DATABASES

• OpenFoodFacts, USDA FoodData Central, Edamam, Nutritionix, Spoonacular,
• TheMealDB, OpenNutrition.

MAPS AND LOCATION

• Google Maps, Geocoding API, Geolocator.

PAYMENTS

• Apple App Store, Google Play, Stripe (web/desktop subscriptions).

AUTHENTICATION

• Google Sign-In, Sign in with Apple, Firebase Authentication.
• We only access integration data you explicitly authorize. You can disconnect
• integrations in app settings where available.

Your Rights & Choices

Access Your Data

• Export or view your data through in-app settings
• Request a copy of your personal data by contacting privacy@healthwise360.com

ACCOUNT DELETION

• Submit deletion in app settings or email privacy@healthwise360.com.
• Deletion is subject to legal retention requirements and may take up to
• 30 days to complete.

Correction and Update

• Update most profile information directly in the app
• Contact support@healthwise360.com to correct information you cannot update yourself

Opt-Out of Optional Features

• Disable optional AI features in app settings
• Disconnect third-party integrations at any time
• Revoke trainer data access from your account settings

Communications

• Manage push notification preferences in app settings
• Opt out of marketing emails via unsubscribe link or by contacting privacy@healthwise360.com
• Service-critical notifications (security alerts) cannot be disabled

Data Portability

• Where required by law, you may request your data in a machine-readable format
• Contact privacy@healthwise360.com to submit a portability request

AI Features

• AI features require separate opt-in consent
• You can withdraw AI feature consent at any time from app settings
• Disabling AI features does not affect your core app data

Children's Privacy

In the European Economic Area, United Kingdom, and Switzerland, you must be at least 16 years old to use the Service. In other regions, the minimum age is 13 unless local law requires a higher age. We do not knowingly collect personal information from anyone below the applicable minimum age. If you believe a child has provided data in violation of these limits, contact privacy@healthwise360.com and we will delete it promptly.

Users under 18 should use the Service with parental or guardian supervision where required, especially when entering health-related information or using AI features. We may ask you to confirm your age at registration.

International Data Transfers

The data controller is established in the Netherlands. Your information may be transferred to, stored in, and processed in countries where we or our service providers operate, including the United States (for example, Google Firebase, AI providers, and certain integrations). Those countries may have different data protection laws than your country. Where personal data is transferred outside the EEA/UK, we implement appropriate safeguards, including the European Commission's standard contractual clauses where applicable, to protect your data in accordance with this Privacy Policy.

California Privacy Rights (CCPA)

European Privacy Rights (GDPR)

Cookies And Tracking Technologies

Our web application may use cookies, local storage, and similar technologies to: - Maintain your session and preferences - Measure app and web usage (where enabled) - Improve performance and security

Mobile apps may use device or app instance identifiers and analytics SDKs (Firebase Analytics). On Android, advertising identifier (GAID) collection is disabled in our app configuration. You can limit analytics through Personal Settings → Analytics, or through device settings where available; certain features may require essential processing to function.

On the web application, we may use Google Analytics 4 (gtag) with consent defaults that deny analytics storage until you enable Analytics in Personal Settings; consent is then updated to match your choice.

Changes To This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by: - Updating the "Last Updated" date - In-app notice for significant changes - Email to registered users where appropriate

Continued use after changes constitutes acceptance of the updated policy.

Contact Us

Privacy Inquiries

• Privacy: privacy@healthwise360.com
• Support: support@healthwise360.com

Security & Legal

• Security issues: security@healthwise360.com
• Legal / mailing address: legal@healthwise360.com

• Operator: MTech & IT (sole proprietor), doing business as 360HealthWise — United States
• For GDPR-related inquiries in the EEA, contact privacy@healthwise360.com.

Additional Information