Privacy Policy for Supplement AI Inc.

1. Introduction

Supplement AI Inc. ("Supplement AI," "we," "us," or "our") respects your privacy and is committed to protecting the personal data we collect from you. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our website and services (collectively, the "Service").

2. Information We Collect

We collect the following categories of personal data:

• Identification Information: Name and email.
• Transactional Information: Account details and purchase history.
• User Activity Information: Device information, IP addresses, usage analytics.
• Supplement and Health Data: Non-HIPAA-covered health-related information voluntarily provided by users.

We do not process or store health data subject to HIPAA.

3. How We Use Your Data

We process your personal data to:

• Provide personalized supplement recommendations based on AI and scientific research.
• Operate interactive chatbot guidance.
• Facilitate user onboarding and dashboard functionalities.
• Conduct research search and analysis related to supplements.
• Track user interactions, progress, and feedback.
• Process transactions and manage billing.
• Improve our Service through analytics and error tracking.
• Protect data and ensure Service security.

Your data is strictly used for educational and informational purposes. Personally identifiable information (PII) is always encrypted, both in transit and at rest.

4. Sharing of Data

Supplement AI engages trusted subprocessors to deliver the Service:

• MongoDB: Data storage.
• Statsig: Analytics services.
• Firebase: User authentication and identity management.
• Google Cloud Platform: Cloud computing services.
• Cloudflare: CDN and security services.
• Vercel: Hosting, deployment, analytics, performance monitoring.
• Google (Ad Manager): Conversion tracking.
• Stripe: Payment processing services.

We do not sell or share your personal data for marketing purposes.

5. Data Security

We use commercially reasonable technical and organizational security measures including:

• Pseudonymization and encryption of personal and health data.
• Regular security assessments and testing.
• Controlled user identification and access management.
• Event logging and secure systems configuration.
• Data minimization, quality assurance, and limited data retention.

All subprocessors maintain SOC 2 and/or ISO 27001 certifications.

6. Data Transfers

Supplement AI operates primarily in the United States. Your data may be transferred internationally subject to safeguards compliant with GDPR, UK GDPR, and applicable laws.

7. Your Data Rights

You have rights regarding your personal data, including:

• Access to your data.
• Correction or update of your data.
• Request deletion of your data.
• Withdraw consent at any time where applicable.

To exercise your rights, contact us at [email protected].

8. Retention of Data

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance user experience, analyze traffic, and track usage.

10. Compliance with Laws

We comply with all applicable data protection and privacy laws, including GDPR and CCPA. Supplement AI is classified as a "service provider" under CCPA.

11. Changes to This Privacy Policy

We may update this policy occasionally. Any changes will be posted on this page, with the "Effective Date" updated accordingly.

12. Contact Information

If you have questions or concerns about this Privacy Policy, please contact:

By using Supplement AI, you acknowledge and agree to the practices described in this Privacy Policy.