Consumer Health Data Privacy Policy
Effective Date: March 28, 2026
About This Policy
This Consumer Health Data Privacy Policy is provided in addition to our general Privacy Policy to comply with the Washington My Health My Data Act (MHMDA), Nevada SB 370, Connecticut CTDPA health data provisions, and other applicable state consumer health data privacy laws. Where this policy addresses topics also covered in our general Privacy Policy, the more protective provision applies.
Tailored Nutrition LLC ("Tailored Nutrition," "we," "us," or "our") operates the Tailored Nutrition mobile application (the "App") and the website tailorednutritionllc.org (the "Website"). This Consumer Health Data Privacy Policy describes how we collect, use, share, and protect consumer health data as defined under applicable state health data privacy laws.
- Definitions
- Consumer Health Data We Collect
- Sources of Consumer Health Data
- Purposes for Collecting Consumer Health Data
- Sharing of Consumer Health Data
- Third-Party Processors
- We Do Not Sell Your Consumer Health Data
- Consent
- Your Rights
- Data Security
- Data Retention & Deletion
- Children's Data
- Geofencing
- Changes to This Policy
- Contact Us
1. Definitions
For purposes of this policy, these terms have the following meanings:
- "Consumer health data" — Personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status. This includes, but is not limited to: individual health conditions, treatment history, diseases or diagnoses, health-related measurements (height, weight, body mass index), nutrition and diet data, reproductive or sexual health information, biometric data, medications, allergen information, and data that may be used to infer any of the above.
- "Consumer" — A natural person who is a resident of a state with applicable consumer health data privacy laws (including Washington, Nevada, and Connecticut) and whose consumer health data is collected in connection with the Services.
- "Collect" — To buy, rent, access, retain, receive, acquire, infer, derive, or otherwise process consumer health data in any manner.
- "Share" — To provide consumer health data to a third party, whether for consideration or otherwise.
- "Sell" — To exchange consumer health data for monetary or other valuable consideration.
- "Processor" — A person or entity that processes consumer health data on behalf of Tailored Nutrition pursuant to a binding contract.
2. Consumer Health Data We Collect
Through the Services, we collect the following categories of consumer health data:
| Category | Specific Data Elements |
|---|---|
| Body Measurements & Composition |
|
| Reproductive & Sexual Health |
|
| Health Conditions & Medications |
|
| Dietary & Allergy Information |
|
| Activity & Fitness |
|
| Nutrition & Wellness Tracking |
|
| Health-Related Communications |
|
3. Sources of Consumer Health Data
We collect consumer health data from the following sources:
- Directly from you — Information you provide through the onboarding survey, food and weight logging, chat conversations, and account settings
- Derived by the Services — Data calculated or inferred by our systems based on information you provide, including adaptive TDEE calculations, nutritional analysis of logged meals, and weight trend analysis
- Third-party validation — Nutritional data validated against the USDA FoodData Central database based on ingredients you log or that appear in your meal plans
We do not collect consumer health data from data brokers, social media platforms, advertising networks, or any other third-party sources.
4. Purposes for Collecting Consumer Health Data
We collect and use consumer health data for the following purposes, and only for these purposes:
- Providing the Services — Generating personalized AI-powered meal plans tailored to your health profile, dietary needs, allergies, and wellness goals
- Adaptive recommendations — Adjusting your meal plans and nutritional targets based on your tracked progress, weight changes, and updated survey responses
- Nutritional tracking — Displaying your food log history, weight trends, caloric intake, and macronutrient breakdowns
- Chat assistance — Providing relevant responses through the AI nutrition chat assistant based on your health profile
- Notifications — Sending health-related reminders and updates (e.g., survey freshness, weight logging, reproductive health cycle notifications) based on your notification preferences
- Allergen management — Filtering and flagging potential allergens in generated meal plans based on your stated allergies and intolerances
- Nutritional validation — Verifying the accuracy of AI-generated nutritional information against the USDA database
- Service improvement — Improving the accuracy and quality of our AI meal generation algorithms (using aggregated, de-identified data only)
We do not use consumer health data for advertising, marketing to third parties, discrimination, or any purpose unrelated to providing and improving the Services.
5. Sharing of Consumer Health Data
We share consumer health data only with the following categories of recipients, and only as necessary to provide the Services:
| Recipient | Data Shared | Purpose |
|---|---|---|
| Anthropic (Claude AI) | Survey profile data (demographics, activity, health conditions, dietary preferences, allergies, medications) | AI-powered meal plan generation and chat assistance |
| OpenAI | Specific survey field values (medication names, health condition names, supplement/compound names, birth control type) | Survey field validation: health condition lookups, medication interaction checks, birth control validation, supplement analysis |
| USDA FoodData Central | Ingredient names and quantities | Nutritional data validation and calorie/macro verification |
Important notes about our data sharing:
- Both Anthropic's and OpenAI's API data usage policies prohibit using customer inputs and outputs to train their AI models. Your health data sent for meal generation and survey validation is not used to train their models.
- We do not share consumer health data with advertising platforms, data brokers, analytics providers, social media companies, or any other third parties not listed above.
- We do not share consumer health data with employers, insurers, or creditors.
6. Third-Party Processors
Any third party that processes consumer health data on our behalf does so under a binding contract that:
- Clearly sets forth the data, purposes, and duration of processing
- Requires the processor to maintain appropriate security measures
- Prohibits the processor from using consumer health data for any purpose other than performing services for Tailored Nutrition
- Requires the processor to delete or return all consumer health data upon termination of the contract
- Requires the processor to cooperate with our obligations under applicable consumer health data privacy laws
7. We Do Not Sell Your Consumer Health Data
Tailored Nutrition does not sell consumer health data. We have never sold consumer health data and have no plans to do so.
Under the Washington My Health My Data Act, the sale of consumer health data requires a valid written authorization signed by the consumer. We will never request such authorization because we do not engage in the sale of consumer health data.
If this practice ever changes, we will update this policy, notify affected consumers, and obtain all required authorizations before any sale occurs.
8. Consent
8a. Collection Consent
Before collecting consumer health data, we obtain your consent through the following mechanisms:
- Account creation — By creating an account, you consent to the collection of basic account data (email, name) as described in our general Privacy Policy
- Survey participation — Before beginning the health survey, you are informed about what data will be collected and how it will be used. Your voluntary completion of the survey constitutes consent to collect the health data you provide
- Food and weight logging — Your voluntary use of tracking features constitutes consent to collect the data you enter
- Chat interactions — Your voluntary use of the AI chat assistant constitutes consent to process the health-related information you share in conversation
8b. Sharing Consent
Before sharing your consumer health data with any third party (currently limited to Anthropic for AI processing and USDA for nutritional validation), we obtain your consent. This consent is obtained during the onboarding process and is separate from general terms acceptance.
8c. Withdrawing Consent
You may withdraw your consent to the collection and sharing of consumer health data at any time by:
- Deleting your account through the App's settings
- Contacting us at support@tailorednutritionllc.org
Withdrawing consent may limit or eliminate your ability to use certain features of the Services that require health data to function (e.g., personalized meal plan generation).
9. Your Rights
Depending on your state of residence, you may have the following rights regarding your consumer health data:
9a. Right to Know / Right to Access
You have the right to confirm whether we are collecting, sharing, or selling your consumer health data, and to access the specific consumer health data we have collected about you. We will provide this information within 30 days of a verified request.
9b. Right to Deletion
You have the right to request the deletion of your consumer health data. Upon receiving a verified deletion request, we will:
- Delete all consumer health data from our active systems within 30 days
- Direct any processors who received your data to delete it
- Confirm the deletion to you in writing
You may also delete your data at any time by deleting your account through the App's settings, which permanently removes all associated data.
9c. Right to Withdraw Consent
You may withdraw your consent to the collection and processing of consumer health data at any time, as described in Section 8c.
9d. Right to Non-Discrimination
We will not discriminate against you for exercising any of your rights under applicable consumer health data privacy laws. Exercising your rights will not result in: denial of services, different pricing, a different level of quality, or retaliation of any kind.
9e. Right to Appeal
If we decline to take action on your request, we will inform you of the reason and provide instructions for how to appeal the decision. You may also file a complaint with the Attorney General of your state.
9f. How to Exercise Your Rights
To exercise any of the rights described above, contact us at:
We will verify your identity before processing any request. We may ask you to confirm information associated with your account to verify that the request is legitimate.
We will respond to all verified requests within 30 days. If we need additional time (up to 15 additional days), we will notify you in writing with an explanation.
10. Data Security
We implement the following technical, administrative, and physical security measures to protect your consumer health data:
- Encryption — Sensitive credentials (JWT tokens, API keys) are stored using platform-specific secure storage mechanisms (Expo SecureStore on mobile devices)
- Password protection — Passwords are hashed using bcrypt with salt and are never stored in plaintext
- Access controls — Consumer health data is accessible only to authenticated users viewing their own data
- Rate limiting — API endpoints are protected by per-IP rate limiting to prevent abuse
- Atomic writes — Data storage operations use atomic writes with file locking to prevent corruption
- Input validation — All inputs are validated and sanitized to prevent injection attacks
- Token revocation — Authentication tokens can be revoked and expire after 24 hours
- Account lockout — Accounts are temporarily locked after 5 failed login attempts
While we implement these measures to protect your data, no system is completely secure. We cannot guarantee absolute security of your consumer health data.
11. Data Retention & Deletion
We retain consumer health data only for as long as necessary to provide the Services and fulfill the purposes described in this policy.
- Active accounts — Consumer health data is retained for the duration of your active account
- Account deletion — When you delete your account, all associated consumer health data is permanently and irreversibly deleted from our systems, including survey data, food logs, weight logs, meal preferences, chat history, and notification data
- Temporary data — Password reset codes expire and are deleted after 15 minutes. Authentication tokens expire after 24 hours. Revoked tokens are purged after their expiration time.
- Survey reset — If you reset your survey, related derived data (adaptive TDEE calculations and meal preferences) is also deleted
We do not retain consumer health data after account deletion for analytics, research, or any other purpose. As disclosed in our Terms of Service (Section 13), we may retain anonymized, aggregated data sets that cannot be linked back to any individual. For detailed retention periods per data type, see Section 7 of our general Privacy Policy.
12. Children's Data
Our Services are restricted to users who are 18 years of age or older. We do not knowingly collect consumer health data from anyone under 18. In compliance with COPPA, if we learn that we have collected consumer health data from a child under 13, we will promptly delete that data and terminate the associated account.
If you believe a child or minor has provided us with consumer health data, please contact us immediately at support@tailorednutritionllc.org.
13. Geofencing
In compliance with the Connecticut CTDPA and other applicable laws, Tailored Nutrition does not use geofencing technology to collect consumer health data from consumers who are in the vicinity of any physical health care facility, mental health facility, reproductive health clinic, or substance abuse treatment center.
14. Changes to This Policy
We may update this Consumer Health Data Privacy Policy from time to time. When we make material changes, we will:
- Update the "Effective Date" at the top of this page
- Post a notice on our Website or within the App
- For significant changes affecting how we collect, use, or share consumer health data, we will notify you by email at least 30 days before the changes take effect
If applicable law requires us to obtain your consent before making certain changes to our processing of consumer health data, we will obtain that consent before implementing the changes.
15. Contact Us
If you have questions about this Consumer Health Data Privacy Policy, wish to exercise your rights regarding your consumer health data, or have concerns about how your health data is handled, please contact us:
Tailored Nutrition LLC
Email: support@tailorednutritionllc.org
We will respond to all inquiries within 30 days.
Which Policy Should I Read?
Our general Privacy Policy covers all data we collect, how we use it, your rights, and our security practices. This Consumer Health Data Privacy Policy provides additional protections specifically for health data under state consumer health data privacy laws. Our Terms of Service governs your use of the Services. For the most complete understanding, we recommend reviewing all three documents.