Privacy Policy

Last updated: September 2025

We built PerformanceOS because we believe your health data should be yours alone. This policy explains what we collect, why, and how we protect it.

What We Collect

  • Health data you enter or import (e.g., glucose, nutrition, activity)
  • Email address for account creation and authentication
  • Usage analytics (pages visited, features used) — opt‑out available
  • Payment info processed by Stripe (we don’t store card data)

What We Don’t Collect

  • Location/GPS data
  • Device contacts or photos/media
  • Third‑party app data without your explicit permission

How We Use Your Data

  • Provide and improve the service you signed up for
  • Send important account and security updates
  • Product analytics with aggregated or anonymized data
  • Never for advertising or sale

Security

  • AES‑256 encryption for data at rest
  • TLS 1.3 for data in transit
  • Field‑level encryption for sensitive medical fields
  • Zero‑knowledge architecture for passwords

Your Rights

  • Export all data anytime
  • Delete your account and all associated data
  • Opt out of analytics
  • Request a data access or audit log

Data Retention

Free tier includes 30‑day data retention. Paid plans include unlimited retention while active. Deleted accounts are purged within 90 days from backups.

International Transfers

We may process data in the US and other regions using providers with appropriate safeguards (e.g., SOC 2, ISO 27001).

Contact

privacy@performanceos.com — We respond within 48 hours.