Privacy Policy
Last updated: May 6, 2026 · Effective immediately
At Scndbrain Inc. ("Scndbrain," "we," "us," "our"), your health data is among the most personal information you can share. We treat it accordingly. This Privacy Policy explains what we collect, why we collect it, how we use it, who we share it with, and the rights you have over it.
Our core principles
- We collect only what's needed to make the Service work and improve your experience
- We never sell your personal information
- We never use your health data for advertising, marketing, or data mining
- We never share your data with advertisers or marketing networks
- We never use your individual data to train AI models for any purpose other than your personalized coaching
- You always retain the right to access, correct, or delete your data
Information we collect
Information you provide directly
- Account information — your email address, name, and authentication credentials (managed via Clerk)
- Profile information — age, height, weight, sex, training history, dietary goals, medical context you choose to share, and metabolic markers entered during onboarding
- Logged content — meals (typed, spoken, or photographed), workouts, mood check-ins, sleep quality reports, and any notes or messages you share with your AI coach
- Communications — messages exchanged with your AI council, support requests, and feedback
Information collected automatically
- Apple HealthKit data — with your explicit, granular permission, we read biometric data including heart rate, heart rate variability (HRV), sleep stages, resting heart rate, steps, active energy, and workout sessions
- Device information — device model, operating system version, and app version, used for compatibility and debugging
- Diagnostic data — crash reports and error logs, used to fix bugs (this data is anonymized wherever possible)
- Usage analytics — anonymized data about which features you use and how often, used to improve the product
Information from the website
- Email submissions — when you join the waitlist or contact us, we collect the email address you provide
- Basic web analytics — anonymized page views, referrers, and visit duration to measure site performance
How we use your information
Your data exists to power the coaching experience you signed up for. Specifically, we use it to:
- Provide personalized AI coaching — your nutrition, biometric, training, and lifestyle data is analyzed by our AI council to generate recommendations tailored to your body and goals
- Calculate adaptive targets — your daily macronutrient, hydration, and recovery targets are dynamically calibrated based on your patterns and current state
- Operate the Service — account creation, authentication, subscription management, transactional emails, and customer support
- Improve the product — anonymized aggregate analytics help us identify bugs, prioritize features, and improve coaching quality
- Communicate with you — sending essential account notifications, occasional product updates, and important changes to terms or policies (you can opt out of non-essential emails anytime)
- Ensure safety and compliance — detecting fraud, abuse, or violations of our Terms; complying with legal obligations
Apple HealthKit data — specific commitments
Scndbrain integrates with Apple HealthKit to read biometric data from your iPhone or Apple Watch. We only access the data categories you explicitly grant us permission to read. In compliance with Apple's App Review Guidelines (Section 5.1.3):
• HealthKit data is never sold to advertisers, marketers, or any third party.
• HealthKit data is never used for advertising or for similar services.
• HealthKit data is never disclosed to third parties for marketing, advertising, or data mining purposes.
• HealthKit data is never stored in iCloud.
• HealthKit data is only used to provide health and fitness services within Scndbrain.
You can revoke HealthKit permissions at any time through your iPhone's Settings → Health → Data Access & Devices → Scndbrain. Doing so will not delete your existing data within Scndbrain, but we will stop reading new HealthKit data immediately.
What we will never do
- We will never sell your personal information to anyone
- We will never share your health, nutrition, or biometric data with advertisers, ad networks, or data brokers
- We will never use your individual identifiable data to train AI models that benefit anyone other than you
- We will never store Apple HealthKit data in iCloud or in any form that violates Apple's policies
- We will never share data from medical research, the HealthKit API, the Motion and Fitness API, or similar APIs for advertising or marketing
- We will never disclose your AI coaching conversations to anyone except the third-party AI providers necessary to generate responses
How we share information
We share your information only in the following limited circumstances:
With your explicit consent
If you choose to share information with another service (e.g., exporting your data to a third-party app), we will share only what you authorize.
With service providers ("processors")
We rely on trusted third-party vendors that process data only on our behalf and only to provide functions of the Service. Each is contractually bound to handle your data securely and may not use it for their own purposes:
- Cloud infrastructure — Supabase (database), Vercel (hosting and serverless compute) — for storing your account data and processing API requests
- Authentication — Clerk — for secure account login and identity management
- AI providers — OpenAI, Anthropic, or similar — to power language understanding, vision recognition, and speech-to-text for your coaching. We have agreements prohibiting these providers from using your data to train their models.
- Analytics — anonymized product usage metrics through privacy-preserving analytics platforms
- Email delivery — for transactional emails and waitlist communication
For legal reasons
We may disclose information if required by valid legal process (subpoena, court order, government request) or if necessary to protect the rights, property, or safety of Scndbrain, our users, or the public. We will resist overbroad requests and notify you when legally permitted.
Business transfers
If Scndbrain is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you and any successor will be bound by this Privacy Policy or a substantially similar one.
Data security
We protect your data with industry-standard security practices:
- Encryption in transit (TLS 1.2 or higher) for all network communication
- Encryption at rest for sensitive data in our databases
- Secure authentication with multi-factor options available
- Strict role-based access controls — only authorized personnel can access user data, and only when needed for legitimate operational reasons
- Regular security audits and dependency monitoring
- Secure storage of API credentials and secrets
No system is perfectly secure. While we work hard to protect your data, we cannot guarantee absolute security. In the unlikely event of a data breach affecting your information, we will notify you and applicable regulatory authorities as required by law.
Data retention
We retain your account data for as long as your account is active or as needed to provide the Service. Specifically:
- Active accounts — your data is retained while you continue using Scndbrain
- Account deletion — when you delete your account, we permanently remove your personal data within 30 days, except where retention is required by law (e.g., financial records for tax purposes)
- Apple HealthKit data — biometric data read from HealthKit is retained only as needed to provide your coaching; we do not retain HealthKit data after you revoke permissions or delete your account
- Backups — anonymized or encrypted backups may persist for a limited period (typically 90 days) before being purged
- Aggregate analytics — non-identifying aggregate data (e.g., total daily active users) may be retained indefinitely
Your rights
You have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Correction — update or correct inaccurate information
- Deletion — request that we permanently delete your account and all associated data
- Portability — export your data in a machine-readable format
- Opt-out — unsubscribe from non-essential communications anytime
- Restriction — request that we limit how we process your data in certain circumstances
- Objection — object to certain uses of your data
- Withdrawal of consent — withdraw any consent you previously gave (such as HealthKit access) at any time
To exercise any of these rights, email us at jacqueline@scndbrain.com. We respond to verified requests within 30 days. We may need to verify your identity before fulfilling certain requests.
California residents (CCPA / CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to:
- Know what personal information we collect, use, disclose, and sell about you (we do not sell personal information)
- Request deletion of your personal information
- Correct inaccurate personal information
- Limit the use and disclosure of sensitive personal information
- Not be discriminated against for exercising your privacy rights
We do not sell or share (as those terms are defined under CCPA/CPRA) your personal information. To exercise your California rights, contact jacqueline@scndbrain.com.
European Economic Area, UK, and Switzerland (GDPR)
If you are located in the EEA, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation including access, rectification, erasure, restriction, portability, and objection. Our legal basis for processing your personal data is your consent and the performance of our contract with you (these Terms). Where data is transferred outside the EEA, we use standard contractual clauses or other appropriate safeguards.
You also have the right to lodge a complaint with your local supervisory authority.
Children's privacy
Scndbrain is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us at jacqueline@scndbrain.com and we will promptly delete it.
International data transfers
Scndbrain is operated from the United States. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using Scndbrain, you consent to this transfer. We honor applicable data protection rights regardless of where you reside.
Cookies and tracking
Our website uses minimal cookies and similar technologies, primarily for essential functionality (such as remembering you're logged in) and for anonymized analytics. We do not use cross-site tracking cookies, advertising cookies, or third-party trackers that build profiles of your behavior across the web. The mobile app does not use tracking identifiers for advertising purposes.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we'll notify you via email, in-app notification, or by posting a prominent notice on our website. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
Contact us
If you have questions about this Privacy Policy, how we handle your data, or want to exercise any of your rights, please reach out.
Privacy inquiries: jacqueline@scndbrain.com
General support: jacqueline@scndbrain.com
Mailing address: Scndbrain Inc., 920 Bayswater Avenue, Burlingame, CA 94010