Privacy Policy

1. Introduction

GLP Together, Inc. ("we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you acknowledge that you have read and understand this Privacy Policy and agree to our collection, use, and disclosure of your information as described herein.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Account Information: Name, email address, date of birth, and account credentials
• Profile Information: Gender, height, weight, and health goals
• Contact Information: Email address and, optionally, phone number for account verification and important notifications

2.2 Health Information

With your explicit consent, we may collect health-related information, including:

• Medication Information: Type of GLP-1 medication, dosage, injection schedule, and adherence tracking
• Health Metrics: Weight, blood glucose levels, blood pressure, and other health measurements you choose to track
• Symptom and Side Effect Data: Information about symptoms, side effects, and their severity
• Dietary Information: Food intake, meal photos, nutritional data, and eating patterns
• Activity Data: Exercise routines, activity levels, and physical activity tracking
• Wellness Data: Mood, energy levels, sleep patterns, and quality of life metrics

2.3 Usage Information

We automatically collect certain information about your use of the Service:

• Device Information: Device type, operating system, unique device identifiers, and mobile network information
• Usage Analytics: Features used, time spent in the app, user interactions, and navigation patterns
• Performance Data: App crashes, errors, and performance metrics to improve service quality
• Location Data: General location information (city/state level) if you grant permission, used for localizing content and features

2.4 Communication Data

• Customer Support: Communications with our support team, including emails, chat logs, and feedback
• Community Interactions: Posts, comments, and interactions in community features (if you choose to participate)
• Survey Responses: Feedback and responses to optional surveys and research studies

3. How We Use Your Information

3.1 Service Provision

We use your information to:

• Provide and maintain the Service
• Create and manage your account
• Track your health progress and medication adherence
• Generate personalized insights and recommendations
• Provide AI-powered meal planning and nutritional guidance
• Send medication reminders and health notifications
• Generate progress reports and analytics

3.2 Communication and Support

• Respond to your inquiries and provide customer support
• Send important service-related notifications
• Provide educational content and health information
• Conduct optional surveys and research studies (with your consent)

3.3 Service Improvement

• Analyze usage patterns to improve features and functionality
• Develop new features and services
• Ensure service security and prevent fraud
• Conduct research to advance GLP-1 medication support (aggregated and de-identified data only)

3.4 Legal and Safety

• Comply with legal obligations
• Protect our rights and the rights of our users
• Ensure user safety and prevent harmful behavior

4. Information Sharing and Disclosure

4.1 General Principles

We do not sell, trade, or otherwise transfer your personal health information to third parties. We may share your information only in the following limited circumstances:

4.2 Healthcare Providers

With your explicit permission, we may share your health data with your healthcare providers to support your medical care. This sharing requires:

• Your specific consent for each healthcare provider
• Verification of the healthcare provider's identity
• Use of secure, encrypted transmission methods

4.3 Service Providers

We may share information with trusted third-party service providers who assist us in operating the Service, including:

• Cloud Infrastructure: Secure data hosting and storage services
• Analytics Providers: Usage analytics and app performance monitoring (with de-identified data)
• Customer Support: Third-party support platforms to assist with user inquiries
• Payment Processors: Secure payment processing for subscription services

All service providers are contractually required to maintain the confidentiality and security of your information and may not use it for any purpose other than providing services to us.

4.4 Aggregated and De-identified Data

We may share aggregated, de-identified data that cannot reasonably be used to identify you for:

• Research purposes to advance understanding of GLP-1 medication effectiveness
• Public health initiatives and studies
• Industry benchmarking and analysis
• Academic research partnerships

4.5 Legal Requirements

We may disclose your information if required by law or if we believe disclosure is necessary to:

• Comply with legal process, government requests, or court orders
• Protect the rights, property, or safety of GLP Together, our users, or the public
• Investigate potential violations of our Terms of Service
• Prevent or address fraud, security, or technical issues

4.6 Business Transfers

In the event of a merger, acquisition, bankruptcy, or other sale of all or a portion of our assets, your information may be transferred to the successor entity. We will provide notice before your personal information becomes subject to a different privacy policy.

5. Data Security

5.1 Security Measures

We implement appropriate technical and organizational security measures to protect your information, including:

• Encryption: Data is encrypted in transit and at rest using industry-standard encryption protocols
• Access Controls: Strict access controls ensure only authorized personnel can access personal information
• Regular Security Audits: Periodic security assessments and vulnerability testing
• Employee Training: Regular privacy and security training for all employees
• Incident Response: Comprehensive incident response procedures for potential data breaches

5.2 Data Breach Notification

In the unlikely event of a data breach that may pose a risk to your privacy or security, we will:

• Notify affected users within 72 hours of discovery
• Report the breach to relevant authorities as required by law
• Take immediate steps to mitigate the breach and prevent future incidents
• Provide clear information about what information was involved and what steps we are taking

6. Your Privacy Rights and Choices

6.1 Account Management

You have the right to:

• Access: View and download your personal information
• Update: Correct or update your personal information
• Delete: Request deletion of your account and personal information
• Data Portability: Request a copy of your data in a structured, machine-readable format

6.2 Privacy Settings

Within the app, you can control:

• What health information you choose to track and share
• Notification preferences and communication settings
• Community participation and profile visibility
• Data sharing permissions with healthcare providers

6.3 Marketing Communications

You may opt out of marketing communications by:

• Clicking the unsubscribe link in any marketing email
• Adjusting your communication preferences in your account settings
• Contacting our customer support team

Note: You cannot opt out of essential service communications related to your account security or important service updates.

6.4 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about our data collection and use practices
• Right to Delete: Request deletion of your personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Right to Opt-Out: We do not sell personal information, so there is no opt-out required

6.5 European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR):

• Right of Access: Obtain confirmation and information about processing of your personal data
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we process your personal data
• Right to Data Portability: Receive your personal data in a portable format
• Right to Object: Object to processing based on legitimate interests

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. When we transfer personal information from the European Economic Area or United Kingdom to other countries, we ensure appropriate safeguards are in place through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent privacy protection
• Other appropriate transfer mechanisms as approved by relevant authorities

8. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Retention Periods

• Account Information: Retained while your account is active and for up to 7 years after deletion for legal compliance
• Health Data: Retained while your account is active and for up to 7 years after deletion for healthcare continuity
• Usage Data: Typically retained for up to 3 years for service improvement purposes
• Communication Data: Support communications retained for up to 5 years

8.2 Data Deletion

When you delete your account, we will:

• Immediately disable access to your account
• Delete or anonymize your personal information within 30 days
• Retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention)
• Remove your information from active systems while maintaining backup copies for a limited time for disaster recovery

9. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are under 18, please do not provide any information through the Service. If we learn we have collected personal information from a child under 18, we will delete that information as quickly as possible.

If you believe we might have information from or about a child under 18, please contact us immediately.

10. Third-Party Services and Links

The Service may contain links to third-party websites, applications, or services. This Privacy Policy applies only to our Service. We are not responsible for the privacy practices of third-party services, even if accessed through our Service.

We encourage you to read the privacy policies of any third-party services before providing your information.

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we update the Privacy Policy, we will:

• Post the updated Privacy Policy on this page
• Update the "Last updated" date
• Notify you of material changes through the Service or via email
• Obtain your consent for material changes that affect the use of your health information

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

12.1 Data Protection Officer (EU)

If you are in the European Economic Area, you may also contact our Data Protection Officer:

12.2 Response Timeframes

We strive to respond to all privacy-related inquiries within:

• General inquiries: 5 business days
• Access or deletion requests: 30 days
• GDPR-related requests: 30 days (may be extended to 60 days for complex requests)
• CCPA-related requests: 45 days (may be extended to 90 days for complex requests)

13. Regulatory Compliance

We are committed to compliance with applicable privacy laws and regulations, including:

• California Consumer Privacy Act (CCPA)
• General Data Protection Regulation (GDPR)
• Health Insurance Portability and Accountability Act (HIPAA) where applicable
• State privacy laws and regulations
• International privacy frameworks and regulations