Privacy Policy
Last Updated: March 2026
HealoGenic.ai ("HealoGenic," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the HealoGenic.ai website and services (the "Service").
This policy is designed to comply with the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), India's Digital Personal Data Protection Act (DPDPA 2023), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and the Australian Privacy Act 1988.
1. Information We Collect
1.1 Information You Provide
- Account information: Email address (required for registration via Amazon Cognito). We do not collect your real name, phone number, or mailing address.
- Dosha profile: Your Ayurvedic constitution assessment results (vata, pitta, kapha scores). This is wellness preference data, not personally identifiable health information.
- Topic preferences: Wellness topics you indicate interest in (e.g., yoga, meditation, nutrition).
- Bookmarks and ratings: Content you save or rate on the platform.
- Payment information: Processed directly by Stripe. We do not store credit card numbers or bank account details on our servers. We receive only your Stripe customer ID and subscription status.
1.2 Information Generated Through Use
- Wellness insights: Structured tags extracted from your Healo Guide conversations (categories, concern tags, dosha relevance). These are aggregated wellness interest signals, not verbatim conversation content.
- Conversation history (Premium, opt-in): If you are a Premium subscriber and choose to enable conversation history, your Healo Guide conversations are encrypted using AWS KMS envelope encryption and stored for the retention period you select (default 90 days). Conversations are encrypted at rest and in transit.
- Search queries: Anonymized and used only to improve search relevance. Not linked to your account.
1.3 Information We Do NOT Collect
- Real names or legal identities
- Physical addresses
- Phone numbers
- Health records, medical histories, or clinical data
- Government-issued identification numbers
- Biometric data
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Personalize your experience (content recommendations based on dosha profile, topic preferences, and wellness insights)
- Process subscription payments through Stripe
- Send transactional emails (account verification, password resets)
- Analyze usage patterns in aggregate to improve the Service (no individual tracking)
- Enforce our Terms of Service and prevent abuse
We do not use your conversation data to train AI models. Healo Guide conversations are processed by Amazon Bedrock (Anthropic Claude) in real time and are not retained by the AI provider for model training. Encrypted conversation history (if enabled) is stored solely for your personal reference and is not used for any other purpose.
3. Third-Party Processors
We share your information with the following third-party service providers, who process it on our behalf under data processing agreements:
| Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services (AWS) | Hosting, compute, database, AI processing | All service data (encrypted at rest) |
| Amazon Cognito | Authentication | Email address only |
| Stripe | Payment processing | Email, payment method, subscription status |
| Google AdSense | Advertising (free tier only) | Anonymized browsing data via cookies (see Cookie Policy) |
| Beehiiv | Newsletter delivery | Email address (if subscribed) |
| PostHog | Product analytics | Anonymized usage events |
4. Cookies
We use cookies and similar technologies for essential functionality, analytics, and advertising. For full details on the cookies we use and how to manage them, see our Cookie Policy.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Dosha profile & preferences | Until account deletion |
| Wellness insights | 90 days from creation |
| Conversation history (Premium) | User-selected period (default 90 days, max 365 days) |
| Bookmarks & ratings | Until account deletion |
| Payment records | 7 years (tax/legal compliance) |
| Server logs | 30 days |
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your personal data ("right to be forgotten")
- Export / Portability: Receive your data in a structured, machine-readable format
- Restriction: Request that we limit processing of your data
- Objection: Object to processing based on legitimate interests
- Withdrawal of Consent: Where processing is based on consent, withdraw that consent at any time
To exercise any of these rights, contact us at privacy@healogenic.ai. We will respond within 30 days (or the shorter timeframe required by your local law). Premium subscribers can also export their conversation history directly from their account settings.
7. Do Not Sell My Personal Information (CCPA)
If you are a California resident, you have the right under the California Consumer Privacy Act to opt out of the "sale" of your personal information.
HealoGenic does not sell your personal information. We do not share your data with third parties for monetary consideration. Advertising on the free tier is served by Google AdSense using cookies; you can opt out of personalized ads through our Cookie Policy or by visiting Google Ads Settings.
8. International Transfers
Our Service is hosted on Amazon Web Services infrastructure primarily in the United States (us-east-1). If you are accessing the Service from outside the United States, your data will be transferred to and processed in the United States. We rely on AWS's compliance with appropriate transfer mechanisms including EU Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework where applicable.
9. Children's Privacy
The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we have collected information from a child under 16, please contact us at privacy@healogenic.ai.
10. Data Protection Contacts
EU/UK Data Protection Officer
If you are located in the EU or UK and have questions or concerns about our data practices, you may contact our Data Protection Officer at:
- Email: dpo@healogenic.ai
You also have the right to lodge a complaint with your local data protection authority.
India Grievance Officer (DPDPA)
If you are located in India, in accordance with the Digital Personal Data Protection Act 2023, you may contact our Grievance Officer at:
- Email: grievance@healogenic.ai
- Response time: Within 30 days of receipt
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised policy on the Service and updating the "Last Updated" date. For material changes affecting your rights, we will also provide notice via email at least 30 days before the changes take effect.
12. Contact Us
For general privacy inquiries, contact us at privacy@healogenic.ai.