Privacy Policy

Last Updated: October 31, 2025

1. Introduction

This Privacy Policy describes how Humai Health B.V. ("Humai Health", "Company", "we", "us", or "our") and our health monitoring mobile application ("App") collects, uses, and protects your personal information and health data. We are committed to protecting your privacy and handling your data with care and transparency.

Important: This App collects and processes sensitive health information, including data from continuous glucose monitors (CGM) and WHOOP fitness devices. Please read this policy carefully to understand how your health data is handled.

2. Information We Collect

2.1 Health and Biometric Data

We collect the following types of health data through authorized third-party integrations:

CGM Data: Continuous glucose readings, glucose trends, and related metrics from your Freestyle Libre or other compatible CGM devices
WHOOP Data: Recovery metrics, strain scores, sleep performance, heart rate variability (HRV), resting heart rate, respiratory rate, and other physiological measurements
Activity Data: Exercise activities, workout intensity, calories burned, and activity duration
Sleep Data: Sleep stages, sleep quality metrics, and sleep duration

2.2 Account Information

Email address
Name (if provided)
Profile information
Account preferences and settings

2.3 Technical Information

Device identifiers and information
App usage data and analytics
Error logs and diagnostic information
Network connection information

3. How We Collect Your Information

3.1 Third-Party API Integration

We use Terra API as our data aggregation platform to securely connect to your health devices and services. When you authorize the connection to WHOOP or your CGM device:

You authenticate directly with WHOOP or your CGM provider
Terra API receives an authorization token to access your data
We receive your health data through Terra API's secure infrastructure
Your login credentials for WHOOP or CGM services are never stored or accessed by our App

3.2 Direct Input

You may also provide information directly through the App, such as:

Manual health entries or notes
Account settings and preferences
Feedback and support inquiries

4. How We Use Your Information

We use your health and personal data for the following purposes:

Core Functionality: Display, analyze, and track your glucose levels, recovery metrics, and other health data
Insights and Analytics: Generate personalized health insights and trends based on your data
Data Synchronization: Keep your health data up-to-date across devices
App Improvement: Analyze usage patterns to improve features and performance
Support: Respond to your questions and provide technical assistance
Security: Detect and prevent fraud, abuse, or technical issues

5. Data Storage and Security

5.1 Where Your Data Is Stored

Your health data is stored securely using Supabase, a cloud-based database platform built on PostgreSQL. Supabase provides:

Encryption at rest and in transit
Regular security updates and monitoring
Compliance with industry security standards
Data backup and recovery capabilities

5.2 Security Measures

We implement industry-standard security measures to protect your data:

All data transmissions use HTTPS/TLS encryption
Access controls and authentication requirements
Regular security assessments and updates
Secure API authentication using tokens
Limited employee access to data (only when necessary for support or technical issues)

5.3 Data Retention

We retain your health data for as long as your account is active or as needed to provide services. When you delete your account, we will delete or anonymize your personal data within 90 days, except where we are required by law to retain certain information.

6. Data Sharing and Third Parties

6.1 Third-Party Service Providers

We share your data with the following third-party service providers who help us operate the App:

Terra API: Data aggregation and health device integration platform
Supabase: Cloud database and backend services
WHOOP: When you authorize the connection, WHOOP provides your fitness and recovery data through Terra API
CGM Providers: Your glucose data from Freestyle Libre or other authorized CGM devices

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

6.2 No Sale of Personal Data

We do not sell, rent, or trade your personal health information to third parties for marketing purposes.

6.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to:

Comply with legal obligations
Protect our rights or property
Prevent fraud or abuse
Protect user safety

7. Your Rights and Choices

7.1 Access and Control

You have the following rights regarding your data:

Access: Request a copy of your personal and health data
Correction: Update or correct inaccurate information
Deletion: Request deletion of your account and associated data
Export: Download your health data in a portable format
Disconnect: Revoke access to WHOOP or CGM devices at any time

7.2 Disconnecting Integrations

You can disconnect WHOOP or CGM integrations at any time through:

The App settings menu
Your WHOOP account settings
Your CGM device provider's account settings

After disconnection, we will no longer receive new data from these sources, but previously collected data will remain until you request deletion.

7.3 Communication Preferences

You can control notification settings and email preferences through the App settings.

8. Children's Privacy

Our App is not intended for children under 13 years of age (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

9. International Data Transfers

Your data may be processed and stored in countries outside your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to opt-out of the sale of personal information (note: we do not sell personal information)
Right to non-discrimination for exercising your privacy rights

11. GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Right to data portability
Right to restrict processing
Right to object to processing
Right to lodge a complaint with a supervisory authority

12. HIPAA Notice

This App is not a covered entity under the Health Insurance Portability and Accountability Act (HIPAA). However, we are committed to protecting your health information with the same level of care. Your health data integrations are governed by the privacy policies of WHOOP and your CGM provider, which may be HIPAA-compliant.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy in the App
Sending an email notification to your registered email address
Displaying a prominent notice in the App

Your continued use of the App after such changes constitutes acceptance of the updated policy.

14. Third-Party Links and Services

Our App may contain links to third-party websites or services (such as WHOOP.com). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Company: Humai Health B.V.
Email: mike@humai.health
Response Time: We aim to respond to all inquiries within 48 hours

For data access, deletion, or correction requests, please include "Privacy Request" in the subject line and provide sufficient information to verify your identity.

16. Consent

By using our App and connecting your WHOOP or CGM devices, you consent to the collection, use, and sharing of your information as described in this Privacy Policy. You have the right to withdraw consent at any time by disconnecting integrations or deleting your account.