Consumer Health Data Privacy Policy

This Consumer Health Data Privacy Policy explains how Zeit Capital Ltda ("Phaze," "we," "us," or "our") collects, uses, shares, and protects "consumer health data" of users of the Phaze mobile application, the Apple Watch companion, and the phaze.fit website (the "Service").

This Policy is provided in addition to our Privacy Policy and Terms of Service, and is intended to satisfy the requirements of the Washington My Health My Data Act (RCW 19.373), the Nevada Consumer Health Data Privacy Law (SB 370), the Connecticut Data Privacy Act as amended for consumer health data, the California Confidentiality of Medical Information Act (CMIA) where applicable, and similar state consumer health data laws.

If you are a resident of one of these states, you have specific rights summarized in Section 8.

1. What is "Consumer Health Data"

For the purposes of this Policy, "Consumer Health Data" means personal information that identifies your past, present, or future physical or mental health status, including data that is derived or inferred from non-health information, such as:

• Body measurements (weight, height, body composition entries)
• Progress photos showing your body
• Medication information you log (including GLP-1 medications such as Wegovy, Ozempic, Mounjaro, Zepbound, or Saxenda)
• Dose schedule and side-effect entries you record
• Food, hydration, and nutrient logs
• Exercise, activity, and sleep entries
• Fasting and meal-timing windows
• Goals and progress narratives
• Data shared with Phaze via Apple HealthKit or Google Health Connect (if you authorize)

2. Categories of Consumer Health Data we collect

3. Purposes for collection and processing

We process Consumer Health Data only to:

• Provide the Service to you (display dashboards, log entries, sync, charts)
• Generate insights, summaries, and personalized recommendations for your use
• Power AI features (Ember chat, food scan) that you choose to use
• Allow you to export your data (PDF reports, sharing)
• Sync data across your devices (with your authorization)
• Back up your data to your personal cloud storage if you enable Cloud Backup
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations

We do not process Consumer Health Data to: serve advertising, build advertising profiles, sell to third parties, share with data brokers, share with insurers or employers, or train AI models on your data.

4. Where your data is stored

4.1 On-device default

Consumer Health Data is stored on your device by default.

• iOS: SwiftData persistent store with iOS Data Protection. Sensitive medical fields (medication identifiers, doses, side-effect entries, injection-site notes, medical profile, dose schedule) are additionally encrypted with AES-256-GCM using a key stored in the iOS Keychain.
• Android: Room database. Sensitive medical fields are encrypted with AES-256-GCM (256-bit key, 12-byte IV, 128-bit tag) using a key stored in the Android Keystore. Preferences use Jetpack Security EncryptedSharedPreferences.

We do not operate a first-party server that stores your Consumer Health Data.

4.2 Cloud Backup (optional, off by default)

If you enable Cloud Backup, an encrypted archive is written to your personal cloud account:

• iOS: to your iCloud Drive, inside the Phaze ubiquity container (iCloud.com.zeit.phaze).
• Android: to the AppData folder of your Google Drive account (private to Phaze, application-scoped, not visible in your general Drive UI).

The archive is encrypted with AES-256-GCM before upload.

About the encryption key. So that you can restore the backup on a new device without managing a separate passphrase, the encryption key is generated locally and stored alongside the encrypted payload in the same backup file. This means the security of the backup file is bound to the security of your iCloud or Google account, not to a separate passphrase you hold. We do not market Cloud Backup as protected only for you or as having no key access by us. If you require true zero-knowledge encryption, do not enable Cloud Backup. We may add a user-passphrase option in a future release.

We do not retain a server-side Phaze copy of the backup outside your own iCloud or Google account.

4.3 What does leave your device

1. Cloud Backup, if enabled: to your own iCloud or Google Drive AppData.
2. AI features: see Section 6. Ember chat sends context fields (including weight range and current-day totals); food scan sends meal photos.
3. Health platforms, if you authorize them: Apple HealthKit (iOS) or Google Health Connect (Android) read and write through the system framework.
4. Analytics and crash reporting: see Section 5. Some currently transmit specific clinical fields to Mixpanel pending sanitization work.
5. PDF report export, milestone share, or screenshot share: if you initiate them.

4.4 HealthKit and Health Connect

Phaze reads these platforms only with your authorization. We do not store a separate server-side copy of HealthKit or Health Connect data. We do not use this data for advertising, marketing, sale, data mining, or user identification outside Phaze.

5. Categories of third parties with whom we share Consumer Health Data

We share Consumer Health Data only with the following categories of recipients, and only as needed to operate the Service:

We do not "sell" Consumer Health Data. We do not "share" Consumer Health Data for cross-context behavioral advertising. We do not engage in geofencing within 2,000 feet of any health care facility.

We require each recipient to (i) act only on our instructions, (ii) implement appropriate security, (iii) not use your Consumer Health Data for their own purposes other than aggregate statistics necessary for their service, and (iv) honor deletion requests passed through us. For the Meta and TikTok attribution SDKs specifically, we configure them to operate in aggregate-attribution mode (no personalized retargeting).

6. AI features: additional disclosures

Phaze includes AI-driven features:

• Ember (AI chat companion), routed through a Phaze edge service (Cloudflare Workers) to Google Gemini
• Food scan (image recognition for meal logging), routed through the edge service to Google Gemini Vision
• Body composition estimate from photo, routed through the edge service to Gemini Vision
• Voice meal description, transcribed by the platform speech API, then sent to Gemini for parsing

Important about AI features:

• AI responses can be inaccurate or out of date. Treat them as informational only.
• We instruct Google through the Gemini API not to use your inputs to train its models. The Cloudflare Workers edge service applies output redaction to strip dose-change suggestions, stop-medication suggestions, dose-recommendation patterns, and GLP-1 brand-name references from Gemini's responses before they reach the app. We are also working on a server-side refusal classifier to block dose Q&A, contraindication, and symptom-triage prompts at the edge layer; until that ships, the safety guidance is enforced through Gemini's own system prompt only.
• Ember will not knowingly provide dosing advice, contraindication guidance, side-effect triage, or any clinical recommendation. For any medical question, contact your prescribing healthcare provider.
• AI features can be disabled in Settings, Privacy. In-app toggles are tracked engineering work.

In accordance with the EU AI Act Article 50 transparency requirements, AI-generated outputs are labeled as AI in the interface, and you are informed when you interact with an AI system. Ember responses carry a per-output "AI-generated" label, and AI food-scan estimates are marked with an AI badge.

7. Retention

8. Your rights

8.1 Washington (My Health My Data Act)

You have the right to:

• Confirm whether Phaze is processing your Consumer Health Data
• Access your Consumer Health Data
• Request deletion of your Consumer Health Data: Phaze will delete the data within 30 days and direct any service provider or processor to do the same
• Withdraw consent: you may withdraw consent to processing or sharing at any time; withdrawal does not affect prior lawful processing
• Appeal a denial of any of the above

Submit requests by email to privacy@phaze.fit. You can also submit a "Delete All Data" request in the app today at Settings, Privacy, Delete Everything, which deletes your on-device data. To also remove a Cloud Backup file, disable Cloud Backup in Settings and delete the file from your iCloud or Google Drive account. We will verify your identity (typically by matching to the email on your account) and respond within the timeframes required by law (45 days, extendable once).

If we deny a request, we will explain why and how to appeal within 45 days. If your appeal is denied, you may contact the Washington Attorney General at https://www.atg.wa.gov/file-complaint.

Geofencing. Phaze does not use geofences within 2,000 feet of any in-person health care service or facility.

8.2 Nevada (SB 370)

Nevada residents have the right to confirmation, access, deletion, opt-out of sale, and opt-out of sharing for targeted advertising. Phaze does not sell Consumer Health Data and does not engage in targeted advertising. Submit requests to privacy@phaze.fit.

8.3 Connecticut, Colorado, Virginia, Texas, Oregon, and other state laws

Residents of these states have rights including access, correction, deletion, portability, opt-out of sale, opt-out of targeted advertising, and the right to limit the use of sensitive data including consumer health data. Phaze does not sell or engage in targeted advertising and processes sensitive data only with your opt-in consent. Submit requests to privacy@phaze.fit. Universal opt-out signals (GPC) are honored where required.

8.4 California (CCPA / CPRA / CMIA)

California residents have all rights described in Section 13.3 of our Privacy Policy, including the right to limit use of sensitive personal information (which includes Consumer Health Data). We process your Consumer Health Data only as needed to provide the Service you requested.

For purposes of the California Confidentiality of Medical Information Act (CMIA, Cal. Civ. Code sections 56 et seq.), to the extent Phaze qualifies as a "provider of health care" as defined in the statute, the medical information you provide is processed under the safeguards described in this Policy and disclosed only as permitted by law or with your authorization.

8.5 Brazil (LGPD)

Brazilian residents may exercise rights under LGPD Article 18 (confirmation, access, correction, anonymization or deletion, portability, sharing information, consent revocation). Submit to privacy@phaze.fit or the Encarregado (Vinicius) at privacy@phaze.fit. ANPD: gov.br/anpd.

8.6 EU / UK / EEA

EU and UK residents may exercise rights under GDPR Articles 15 to 22, including access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and the right not to be subject to a decision based solely on automated processing with legal or similarly significant effects.

9. Security

We apply the following safeguards to Consumer Health Data:

• Encryption at rest: AES-256-GCM for sensitive medical fields on device and for Cloud Backup archives
• Encryption in transit: TLS 1.3
• Platform key storage: Apple Keychain on iOS (kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly); Android Keystore on Android (hardware-backed where available)
• Crash-report scrubbing: Sentry breadcrumbs and event payloads are scrubbed to remove medication identifiers, doses, side-effect entries, injection-site notes, and medical profile before transmission
• Vendor diligence: processors are reviewed before engagement and subject to data-processing terms
• Access controls: role-based access to internal tools
• Code review and testing: code review and automated test coverage prior to releases that affect data handling
• We do not currently hold an independent security certification or audit attestation (for example, ISO 27001). We do not claim certifications we do not hold.
• Product-analytics events transmit specific clinical fields to Mixpanel under a device-scoped pseudonymous identifier as disclosed in Section 5. This is pseudonymization, not anonymization, and remains subject to the rights and obligations described in this Policy and in our Privacy Policy.

No method of transmission or storage is perfectly secure. If we discover a security incident that compromises the confidentiality of your Consumer Health Data, we will notify you and applicable regulators in accordance with the FTC Health Breach Notification Rule (16 CFR Part 318) within 60 days of discovery, the EU GDPR Article 33 and 34 (within 72 hours for the supervisory authority), the LGPD Article 48, and applicable US state breach-notification laws.

10. Consent

When you create an account and enable features that process Consumer Health Data, we obtain your consent in the relevant onboarding screens and in-product settings. You may withdraw consent at any time by:

• Disabling the relevant feature (for example, Cloud Backup, Ember, food scan) in Settings
• Deleting the relevant data
• Deleting your account from Settings, Account, Delete Account
• Emailing privacy@phaze.fit to withdraw consent for any specific processing

Withdrawal does not affect prior lawful processing.

For sale or sharing of Consumer Health Data, we obtain separate, signed valid authorization prior to any such activity. We do not currently sell or share Consumer Health Data, so no such authorization is requested.

11. Children

The Service is intended for adults aged 18 and over. We do not knowingly collect Consumer Health Data from anyone under 18. If we learn we have collected data from a person under 18, we delete it promptly.

12. Changes to this Policy

We will post material changes here with a new "Last updated" date and notify you in-app or by email at least 30 days before they take effect, unless a shorter timeframe is required by law.

13. Contact