Privacy Policy

Introduction

CorrelateWell ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our health data correlation platform.

By using CorrelateWell, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Information We Collect

Personal Information

We may collect personal information that you provide directly to us, including:

• Email address and contact information
• Account credentials
• Profile information
• Payment information (processed securely through third-party payment processors)

Health and Fitness Data

With your explicit consent, we collect and process:

• Glucose monitoring data from connected devices
• Fitness tracking data (workouts, activity levels, heart rate)
• Sleep patterns and quality metrics
• Nutrition and meal information (if provided)
• Other health metrics you choose to share

Automatically Collected Information

• Device information and identifiers
• Usage data and analytics
• IP address and location data (with permission)
• Cookies and similar tracking technologies

How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide, maintain, and improve our health correlation services
• Data Analysis: To analyze correlations between your fitness and glucose data using AI/ML algorithms
• Personalization: To generate personalized insights and recommendations
• Communication: To send you updates, notifications, and respond to inquiries
• Security: To protect against fraud and unauthorized access
• Legal Compliance: To comply with applicable laws and regulations
• Research: To conduct aggregated, anonymized research (only with explicit consent)

Data Security

We implement robust security measures to protect your sensitive health information:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Strict authentication and authorization protocols
• HIPAA Compliance: Our infrastructure and processes are designed to meet HIPAA standards
• Regular Audits: Security assessments and penetration testing
• Data Minimization: We only collect data necessary for service functionality

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

Data Sharing and Disclosure

We do not sell your personal or health data. We may share your information only in the following circumstances:

• With Your Consent: When you explicitly authorize us to share your data
• Service Providers: With trusted third-party vendors who assist in operating our platform (under strict confidentiality agreements)
• Device Integration Partners: With fitness tracker and glucose monitor manufacturers (only to facilitate data sync)
• Legal Requirements: When required by law or to protect rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)

Your Privacy Rights

You have the following rights regarding your personal information:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and associated data
• Portability: Request your data in a machine-readable format
• Opt-Out: Withdraw consent for data processing at any time
• Restrict Processing: Request limitation on how we use your data

To exercise these rights, please contact us at privacy@correlatewell.com. We will respond to your request within 30 days.

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. When you delete your account, we will delete or anonymize your personal data within 90 days, except where retention is required by law.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards.

Children's Privacy

CorrelateWell is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Medical Disclaimer

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

State-Specific Rights

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (Note: We do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

European Residents (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right to access, rectify, and erase your personal data
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority