Privacy Policy
Last updated: February 6, 2026
1. Introduction
Welcome to Health AI ("we", "our", or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
Health AI is operated from Finland and complies with the EU General Data Protection Regulation (GDPR).
2. Data Controller
The data controller responsible for your personal data is:
Health AI
Email: info@personalaicoach.ai
3. Data We Collect
We collect the following types of personal data:
3.1 Account Information
- Email address (from Google/Apple Sign-In)
- Display name
- Profile picture (if provided by OAuth provider)
3.2 Health & Fitness Data
- Garmin activity data (workouts, steps, heart rate)
- Sleep metrics (duration, quality, stages)
- Stress levels and Body Battery scores
- Heart rate variability (HRV)
- User-entered physiological data (age, weight, height)
- Training goals and plans
3.3 Analytics Data
- Page views and navigation patterns
- Button clicks and feature usage
- Device type and browser information
- Approximate geographic location (country/region level)
3.4 Waitlist Data
- Email address (when joining the waitlist)
- Signup timestamp
4. How We Use Your Data
We use your personal data for the following purposes:
- Service Delivery: To provide personalized AI coaching, training recommendations, and recovery analysis
- Machine Learning: To train and improve our XGBoost prediction models for readiness estimation
- AI Recommendations: To generate personalized insights using Google Gemini AI
- Analytics: To understand how users interact with our service and improve user experience
- Communication: To send important service updates and respond to support requests
- Waitlist: To notify you when new features become available
5. Legal Basis for Processing
We process your personal data based on:
- Consent: For analytics cookies and marketing communications
- Contract: To provide the services you've requested
- Legitimate Interest: To improve our service and prevent abuse
6. Data Storage & Security
Your data is stored securely using:
- Firebase/Google Cloud: EU-based data centers (europe-north1, Finland)
- Encryption: AES-256 encryption for sensitive data (Garmin credentials)
- Access Control: Role-based access with Firebase Authentication
- Data Isolation: Per-user data segregation with Firestore Security Rules
7. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Data Processed |
|---|---|---|
| Firebase Authentication | User login | Email, OAuth tokens |
| Firebase Analytics | Usage analytics | Events, device info |
| Firestore | Data storage | All user data |
| Google Gemini AI | AI coaching | Anonymized metrics |
| Garmin Connect | Data sync | Fitness data |
| Cloudflare | CDN & security | IP address, requests |
8. Cookies
We use cookies and similar tracking technologies:
- Essential Cookies: Required for authentication and security
- Analytics Cookies: Firebase Analytics (requires consent)
You can manage cookie preferences through the cookie banner or your browser settings.
9. Your Rights (GDPR)
Under GDPR, you have the following rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate personal data
- Right to Erasure: Delete your account and all associated data
- Right to Data Portability: Export your data in JSON format
- Right to Withdraw Consent: Opt out of analytics at any time
- Right to Lodge a Complaint: Contact your local data protection authority
To exercise these rights, visit the Settings page in the app or contact us at info@personalaicoach.ai.
10. Data Retention
We retain your personal data for as long as your account is active. Upon account deletion:
- All personal data is deleted within 30 days
- Anonymized analytics data may be retained for statistical purposes
- Backup copies are purged within 90 days
11. Children's Privacy
Health AI is not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the app. Your continued use of the service after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us:
Email: info@personalaicoach.ai