Privacy Policy

1. Introduction

This Privacy Policy explains how Gifted Mind, LLC ("Gifted Mind," "we," "us," or "our") collects, uses, stores, shares, and protects your information when you use the Othletic mobile application and related services (the "App" or "Service").

Othletic is a nutrition recommendation app. It uses signals from your connected wearable devices and the information you provide to suggest meals from nearby restaurants that fit your body's current state and your goals. Othletic is a wellness and fitness product. It is not a medical device and is not intended to diagnose, treat, cure, monitor, or prevent any disease or health condition.

By creating an account or using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.

If you have questions, contact us at hello@othletic.com.

2. A note on our privacy approach

Othletic is built as a meal recommender that uses health signals to suggest food — not a health tracker that permanently stores every sensor reading. Two design choices reflect this:

• Your location is never stored. We resolve your approximate location on your device only at the moment you request recommendations, use it to find nearby restaurants, and then discard it. It is never written to our servers or shared with any analytics provider.
• Apple Health data is used in-session and not persisted. When you use Apple Health as your data source, we read the data on demand from your device, use it in memory to generate your recommendations, and discard it. We do not store your Apple Health readings on our servers (with one limited, consent-based exception described below).

The remainder of this policy explains, in detail, what we do collect and why.

3. Information we collect

3.1 Information you provide

Account information. When you create an account, we collect your email address and password. Authentication is handled through our infrastructure provider, Supabase.

Profile and preferences. During onboarding and in settings, you may provide:

• Demographic details: weight, height, age, sex, and body fat percentage
• Activity level, primary goal, and number of meals per day
• Dietary restrictions and allergies
• Liked and disliked foods, cuisine preferences, spice tolerance, and budget range
• Notification preferences

Meal photos (optional). If you log a meal using a photo, that image is uploaded to and stored in our secure storage (Supabase Storage).

Communications. If you submit a bug report or contact us, we collect the contents of your message, your contact email, and basic technical details such as app version and device platform.

3.2 Health and biometric information from connected devices

With your permission, Othletic connects to wearable and health data sources to read the signals that power your recommendations. The data we access and whether we store it depends on the source:

WHOOP (connected via your authorization). When you connect WHOOP, we store a digested set of your recent biometric data in our database to generate and refresh your recommendations. This cached data (refreshed on demand, on a short cycle) may include: recovery score, heart rate variability (HRV), resting heart rate, skin temperature, blood oxygen (SpO2), sleep stages (REM, slow-wave, light, awake, time in bed), strain, energy expenditure, your most recent workout summary, and body measurements. We also store the authorization tokens needed to access WHOOP on your behalf.

Apple Health (HealthKit). When you use Apple Health, we read your data on demand from your device and use it in memory only — we do not store your Apple Health readings on our servers. The one exception: during onboarding, with your confirmation, we read your weight, height, sex, and age a single time to pre-fill your profile, and save those values to your profile. Apple Health permissions are granted per-metric, so you may see several individual permission prompts; any metric you decline simply returns no data and is not used.

3.3 Information generated through your use of the App

Recommendation and meal history. We store the meals you log and your recommendation activity, including meals you accept ("thumbs up") and reject ("thumbs down"). After you have logged a number of meals, this history is used to personalize future recommendations.

Limited operational data. To manage costs and protect the Service, we keep internal records such as API usage and rate-limit counts associated with your account. These are deleted when you delete your account.

3.4 Information we do not collect or store

• We do not store your GPS location.
• We do not store your Apple Health readings (other than the one-time onboarding profile pre-fill described above).
• We do not store your payment card details. All payment information is handled by Apple, Google, and our subscription manager (RevenueCat).

4. How we use your information

We use the information we collect to:

• Create and manage your account
• Generate personalized meal recommendations based on your body state, goals, dietary needs, and preferences
• Connect you to nearby restaurants and hand you off to a delivery provider to place an order
• Personalize and improve recommendations over time based on your feedback
• Process and manage your subscription and free trial
• Send notifications you have enabled
• Respond to your support requests and fix bugs
• Monitor, secure, and improve the Service
• Comply with legal obligations

We do not sell your personal information.

5. How we share your information

We share information only as described below. We do not sell personal data, and we do not share your data for third-party advertising.

5.1 Service providers

We work with a limited number of trusted third-party service providers who process information on our behalf so that we can operate the Service. They are permitted to use your information only to provide their services to us, and not for their own purposes. These providers fall into the following categories:

• Infrastructure and hosting — for our database, authentication, and secure file storage.
• Subscription management and payments — to manage your subscription and process payments. We do not receive or store your payment-card details; payments are handled by the applicable app store.
• Wearable data sources — to retrieve, with your authorization, the health and biometric data that powers your recommendations.
• AI recommendation processing — to generate the reasoning behind a recommendation, our server sends a limited set of information (such as your goal, age, weight, allergies, food preferences, current body-state classification, and the candidate meals with their nutrition information) to an AI processing provider. This request does not include your name, email, account identifier, location, raw biometric samples, or any medical-condition information.
• Analytics — to understand how the Service is used. Analytics events are anonymized, contain no profile data, and session replay is disabled.
• Error and performance monitoring — to detect and fix crashes and bugs. Reports are tagged with an identifier only and do not include your email or location.
• Operational email — to send internal alerts to our team (for example, when a bug report is filed). This is not used to send you marketing.

When you choose to place an order, we connect you to a third-party delivery service by opening a link to the relevant restaurant. We do not share your personal information in this hand-off.

We do not sell your personal information, and we do not share it for third-party advertising.

5.2 Legal and safety

We may disclose information if required by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety or the safety of others, or to investigate fraud or security issues.

5.3 Business transfers

If Gifted Mind, LLC is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your information.

6. Data retention and account deletion

We keep your information for as long as your account is active or as needed to provide the Service.

When you delete your account, we permanently remove: your profile, your WHOOP authorization tokens and stored WHOOP data, your meal and recommendation history, and your internal usage and rate-limit records.

What survives account deletion (in de-identified form): To maintain our records and improve the Service, two categories of data are retained after deletion but are disassociated from you (your user identifier is removed):

• Bug reports you submitted — the report contents and basic diagnostic details are kept, with your account link removed.
• Restaurant/chain suggestions you submitted — the requested restaurant name and city are kept, with your account link removed.

These retained items no longer identify you. If you would like to request deletion of these residual records as well, contact hello@othletic.com and we will address your request as required by applicable law.

7. Your rights and choices

Depending on where you live, you may have rights regarding your personal information, including the right to access, correct, delete, or port your data, and to object to or restrict certain processing.

• Access and correction: You can view and edit most of your profile information directly in the App.
• Deletion: You can delete your account from within the App, which triggers the deletion described in Section 6.
• Wearable disconnection: You can disconnect WHOOP or revoke Apple Health permissions at any time, through the App or your device settings.
• Notifications: You can manage notification preferences in the App or your device settings.

To exercise any right, contact hello@othletic.com. We will respond as required by applicable law. We will not discriminate against you for exercising your privacy rights.

California residents (CCPA/CPRA) and residents of the EU/EEA and UK (GDPR) have specific rights, including those described above. For EU/EEA/UK users, our legal bases for processing include performing our contract with you (providing the Service), your consent (for connecting health data sources), and our legitimate interests (securing and improving the Service). You may have the right to lodge a complaint with your local data protection authority.

8. Biometric and health data

Health and biometric signals (such as HRV, heart rate, sleep, and recovery data) are sensitive. We:

• Collect and use them only to provide the recommendation features you request
• Access them only after you grant permission, and only from the sources you connect
• Do not sell them and do not use them for advertising
• Allow you to disconnect a data source or delete your account at any time

If you are located in a jurisdiction with specific biometric privacy laws, you may have additional rights and protections regarding this data. Connecting a wearable or granting health-data access is voluntary and based on your consent, which you may withdraw at any time.

9. Data security

We use technical and organizational measures to protect your information, including encrypted connections, access controls, and authentication safeguards provided through our infrastructure providers. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

10. Children's privacy

Othletic is not directed to children, and you must be at least 18 years old (or the age of majority in your jurisdiction) to use it. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact hello@othletic.com and we will delete it.

11. International users and data transfers

Othletic is operated from and primarily intended for users in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate, which may have different data-protection laws than your country.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and, where appropriate, notify you in the App or by email. Your continued use of the Service after an update means you accept the revised policy.

13. Contact us

If you have questions or requests regarding this Privacy Policy or your information, contact:

Gifted Mind, LLC
Email: hello@othletic.com