WellVue collects biometric data from your connected wearable device via its official cloud API. This includes sleep, readiness, activity, heart rate, HRV, SpO2, stress, body temperature, and workout data. Additional data you provide - including meal photos, workout logs, mood logs, habit tracking entries, and menstrual cycle data - is stored to power personalized wellness insights.

If you choose to connect Apple Health, WellVue reads sleep, heart rate, HRV, activity, workout, and respiratory data via Apple's HealthKit framework. HealthKit data is read on demand, transferred to your WellVue account over HTTPS, and stored on the same secure servers as your other wellness data. You can revoke WellVue's access at any time from iOS Settings → Privacy & Security → Health → WellVue. Apple HealthKit data is never shared with advertisers, never used for marketing, and never sold to third parties. Per Apple's HealthKit policy we do not use this data for any purpose other than providing health and wellness features inside the app.

All your health data is stored on secure servers hosted by Railway (cloud infrastructure). All data is transmitted over HTTPS (TLS 1.2+). Passwords are hashed using PBKDF2 with SHA-256 and are never stored in plain text. Your data remains under your control at all times.

Sensitive free text fields you write (meal descriptions, journal entries, chat messages, and supplement or habit notes) are encrypted at rest using AES 256 with a server side key. Database backups, even if leaked, would not expose this content in plaintext.

In addition to the wearable and Apple HealthKit data described above, WellVue collects and processes the following limited information so the app and its features can work correctly:

• Account identifiers: email address, account ID, sign-in tokens (Apple, Google).
• Device and connection metadata: IP address (held in server logs only, never displayed to other users), device type and OS version (User-Agent), iOS app version, and a per-request identifier used for support troubleshooting.
• Coarse location: the timezone derived from your device or IP. WellVue does not collect precise GPS location.
• Calendar events: if you connect Google Calendar (used by the Day Optimizer agent), WellVue reads event titles, start and end times to suggest optimal windows. You can disconnect at any time and the data is purged.
• Voice and audio (transient): when you use voice meal logging or voice chat, the audio is processed in real time and is not retained on our servers.
• Visual content: meal photos when you use food-photo logging.
• Inferences and AI memory: wellness insights generated from your data, plus vector embeddings of your conversations and goals so the AI assistant can remember context across sessions. You can delete this memory from Settings at any time.
• Feature usage and AI cost events: internal metering rows that record which features you use and the per-user AI generation cost. Used to enforce daily AI usage caps and to forecast capacity. No personal data is included in these rows.
• Notification logs: when WellVue queues a notification (morning briefing, agent message), the queue is recorded so we can verify delivery. The notification body is removed once the user has seen it.
• Sign-in events: a log of successful and failed sign-in attempts (timestamp, IP, success/fail) for security and account-recovery purposes.

WellVue does NOT sell your health data to advertising or data broker services. To provide AI features, limited data is sent to Google's Gemini API (Google LLC), a third party cloud AI service, for nutrition analysis and conversational AI features. The data sent includes your relevant health metrics, the messages you type to the AI, and the food photos you submit. Google processes this data on its servers to generate the AI response, under Google's applicable API data processing terms. We use Mixpanel for product analytics so we can understand how the app is being used and improve it; Mixpanel receives a stable user identifier, your email address, your subscription status, and behavioral events (which screens you opened, when you subscribed or cancelled, when you logged a meal or workout). Mixpanel never receives your health readings, biometric values, meal photos, AI conversations, or the contents of any logged entry.

AI features (chat, insights, custom agents) use Google's Gemini API (Google LLC), a third party cloud AI service, to generate wellness suggestions. Food photo analysis and chat features send your food photos, the messages you type, and relevant biometric context to Google's servers for processing under Google's applicable API data processing terms. Under these terms, Google does not use your data to train its models. AI conversations are stored on WellVue servers and can be deleted from Settings at any time. The AI assistant maintains persistent memory of your preferences and goals to provide more personalized responses.

WellVue integrates with the following third-party service providers. Each receives only the minimum data required for its function:

• Google (Gemini API, Google LLC): third party cloud AI service that receives your meal photos, the messages you type, and relevant biometric context to power AI nutrition analysis and conversational wellness insights, under Google's applicable API data processing terms.
• Resend: sends transactional emails (magic-link sign-in codes, password resets). Receives your email address and the email contents.
• Google Sign-In: optional authentication. Receives the OAuth handshake; we receive your name and email from Google.
• Apple Sign-In: optional authentication. Receives the OAuth handshake; we receive an Apple-issued identifier and (if you choose to share) your name and email.
• Apple App Store: handles subscription purchases. Receives purchase metadata; WellVue receives a verified subscription status from Apple. Apple does not receive your health data.
• Oura: your wearable device provider. We access your biometric data via Oura's official cloud API with your OAuth consent. Oura's own privacy policy governs their collection of API usage data.
• Railway: cloud hosting infrastructure that runs the WellVue backend and stores your data on US-based servers.
• Cloudflare: content delivery network for the WellVue web pages, and object storage (Cloudflare R2) for data export files. Cloudflare receives standard HTTP request metadata for the website and stores export files until they expire.
• Mixpanel: product analytics. Receives a stable user identifier, your email address, your sign-in provider, your subscription status, and behavioral events such as which screens you opened, when you started or cancelled a subscription, and when you logged a meal or workout. Mixpanel never receives your health readings, biometric values, meal photos, AI conversations, or the contents of any logged entry. Categorical attributes you entered in Settings (sex assigned at birth, age) are sent so we can analyze usage by cohort. Mixpanel's own privacy policy is available at mixpanel.com/legal/privacy-policy.

Wearable-sourced biometric data is retained for a maximum of 30 days and refreshed during regular sync cycles. Data older than 30 days is automatically purged from our servers. User-generated data (meal logs, workout entries, habit tracking, mood entries) is retained until deleted by the user.

When you delete your WellVue account, all wearable-sourced biometric data is permanently deleted from our servers. You may also revoke WellVue's authorization to your Oura account at any time directly from the Oura app or your Oura account settings — this stops further data syncing immediately, and any previously-synced data is purged when you delete your WellVue account. User-generated content (meals, workouts, mood logs, habit entries) is retained until you delete your WellVue account.

OAuth access tokens and refresh tokens are encrypted at rest and stored server-side. Tokens are never exposed in client-side code or transmitted in URLs. If WellVue's API access is revoked by the wearable device provider, all associated user data is securely deleted.

You may delete all stored data at any time from Settings. When you delete your account, ALL data is permanently and irreversibly deleted from our servers. Uninstalling the app removes all locally cached data from your device.

You have the right to: access all data we store about you (Data Summary in Settings), export all your data in JSON format (Data Export in Settings), and delete all your data permanently (Delete Account in Settings). You may revoke WellVue's authorization to your Oura account at any time directly from the Oura app or your Oura account settings.

If you are located in the European Union or European Economic Area, you have the following additional rights under the General Data Protection Regulation (GDPR):

Your GDPR Rights:
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to object to processing
• Right to data portability (JSON export is available in app Settings, per GDPR Article 20)
• Right to lodge a complaint with your local data protection supervisory authority

Legal Basis for Processing: We process your personal data based on your explicit consent, which you provide when connecting your wearable device to WellVue. You may withdraw consent at any time by deleting your WellVue account, or by revoking WellVue's authorization directly from the Oura app or your Oura account settings.

International Data Transfers: Your data is processed on servers located in the United States. AI features send the data described above to Google's Gemini API (Google LLC), a third party cloud AI service, for processing in the United States. By using WellVue, you consent to the transfer of your data to the US for processing.

Standard Contractual Clauses (Schrems II): Where personal data is transferred from the European Union, European Economic Area, United Kingdom, or Switzerland to the United States, the transfer is governed by the European Commission's Standard Contractual Clauses (SCCs) (Module Two: controller-to-processor, 2021/914/EU). Our infrastructure providers maintain their own SCC commitments: Cloudflare via its Data Processing Addendum (cloudflare.com/cloudflare-customer-dpa) and Google (Gemini API) via the Google Cloud Data Processing and Security Terms. We assess the destination jurisdiction and supplementary measures (encryption in transit and at rest, access controls, audit logging) on a periodic basis as required by the Schrems II framework. To request a copy of the SCC documentation that applies to your transfer, email [email protected].

To exercise any of these rights, contact us at [email protected].

If WellVue becomes aware of a personal data breach that is likely to result in a risk to the rights and freedoms of users, we commit to:

• Notify affected users without undue delay by email when the breach is likely to result in a high risk to their rights and freedoms. Notification will describe the nature of the breach, the categories of data involved, the likely consequences, and the mitigation steps WellVue has taken.
• Document every breach in an internal incident log (date, scope, root cause, remediation) so we can demonstrate accountability.

If you suspect a security incident affecting your WellVue account, contact us immediately at [email protected] with the subject line "Security Incident".

Washington state residents have additional rights regarding their consumer health data under the Washington My Health My Data Act (effective 2024):

• Right to know what consumer health data we collect, share, and sell
• Right to withdraw consent for collection or sharing of consumer health data at any time (via Settings → Delete Account, or by revoking WellVue's authorization from the Oura app or Oura account settings)
• Right to delete your consumer health data
• Right to confirm whether we are processing your consumer health data
• We will not sell your consumer health data, share it for advertising, or use geofencing around health facilities
• Consent for data collection is obtained at signup and at the point of new sensitive data collection (e.g., connecting your wearable device)

To exercise any of these rights, contact us at [email protected].

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) give you specific rights regarding your personal information. This section describes those rights and how to exercise them. The disclosures below cover the previous 12 months.

Categories of Personal Information We Collect:
• Identifiers: email address, account ID, sign-in tokens (Apple, Google), IP address (in server logs only)
• Internet or Network Activity: in-app usage events, login history, request identifiers used for support
• Geolocation: coarse timezone (derived from your device or IP). We do not collect precise GPS location.
• Sensor and Health Data (Sensitive PI): heart rate, heart rate variability, sleep stages, SpO2, body temperature, activity, workouts, readiness, and other biometric signals from your Oura Ring (and Apple HealthKit if you connect it)
• Inferences: AI-generated wellness insights and personalized memory derived from your conversations and goals
• Audio (transient): when you use voice meal logging or voice chat. Audio is processed in real time and is not retained.
• Visual: meal photos when you use food-photo logging

How We Use Your Personal Information: to provide and personalize the WellVue service, deliver wellness insights, support sign-in and account management, prevent fraud and abuse, comply with legal obligations, and respond to your support requests.

Categories Disclosed for a Business Purpose: identifiers, internet/network activity, sensor and health data, and inferences may be processed by the third-party service providers listed in the "Third-Party Service Providers" section above (Apple, Apple App Store, Cloudflare, Resend, Oura, Railway, Mixpanel). Each provider receives only the minimum data required to perform its function. Mixpanel receives identifiers, internet/network activity, and categorical demographics only — it never receives sensor or health data.

Sale or Sharing of Personal Information: WellVue does NOT sell your personal information for monetary or other valuable consideration, and does not share your personal information for cross-context behavioral advertising. We have not done so in the past 12 months.

Your California Rights:
• Right to Know: request the specific personal information we have collected, used, disclosed, or sold about you
• Right to Delete: request deletion of your personal information (use Settings → Delete Account, or contact us)
• Right to Correct: request correction of inaccurate personal information (use Settings, or contact us)
• Right to Opt Out of Sale or Sharing: WellVue does not sell or share personal information, so this right is automatically honored
• Right to Limit Use of Sensitive Personal Information: your health and biometric data is sensitive personal information. To limit our processing, you can disconnect your Oura Ring (and Apple HealthKit) from Settings, which stops further data sync immediately
• Right to Non-Discrimination: we will not deny service, charge a different price, or provide a lower quality of service because you exercised your CCPA rights

Do Not Sell or Share My Personal Information: WellVue does not sell or share your personal information.

WellVue is not intended for use by individuals under 18 years of age. We do not knowingly collect data from minors.

WellVue is a wellness and fitness companion application. It is NOT a medical device, and is not intended to diagnose, treat, cure, or prevent any disease or medical condition.

Information provided by WellVue, including AI-generated insights, scores, and recommendations, does not constitute medical advice. Always consult a qualified healthcare provider before making health decisions.

All wellness estimates are algorithmic approximations based on biometric sensor data. Accuracy varies by feature and individual. Error margins are documented within each feature's detail view.

You use WellVue at your own discretion. The developers are not liable for any health decisions, actions, or outcomes based on information provided by this application.

WellVue requires a compatible wearable device and its associated cloud account. WellVue is an independent application and is not affiliated with, endorsed by, or sponsored by any wearable device manufacturer.

You may terminate your WellVue account at any time from Settings → Delete Account, or by emailing [email protected]. WellVue may suspend or terminate your account, with or without notice, in cases of (a) material breach of these Terms, (b) abusive, fraudulent, or unlawful use of the service, (c) non-payment of subscription fees, or (d) extended account inactivity exceeding twelve months. Upon termination by either party, all data associated with the account is deleted in accordance with the deletion policy in the Privacy Policy section.

All subscription purchases and renewals are processed by Apple via the App Store. Refund requests must be submitted to Apple at reportaproblem.apple.com. WellVue cannot issue refunds for App Store transactions directly. If you believe you were charged in error, please contact us first at [email protected] and we will assist with the Apple refund flow when appropriate.

The WellVue application, brand, source code, model design, AI prompts, written copy, and visual design are owned by WellVue (operated by MG Tech AI Solutions Inc.). You receive a limited, non-transferable, revocable license to use the application for personal, non-commercial wellness purposes during the term of your subscription. Your data remains yours. You retain full ownership of the wellness data you provide or generate (meal logs, mood entries, habit entries, etc.) and can export it at any time from Settings → Data Export.

To the maximum extent permitted by law, WellVue's total cumulative liability arising out of or related to these Terms or your use of the application is limited to the greater of (a) the subscription fees you paid to WellVue in the twelve (12) months preceding the event giving rise to the claim, or (b) one hundred US dollars (US$100). WellVue is not liable for indirect, consequential, incidental, special, exemplary, or punitive damages, including loss of profits, loss of goodwill, or loss of data, even if advised of the possibility. This section does not limit liability that cannot be excluded under applicable law (such as gross negligence, willful misconduct, or product-liability claims that statute prohibits limiting).

WellVue may update these Terms from time to time. Material changes will be communicated through the in-app re-acceptance flow on your next launch. Continued use of WellVue after a re-acceptance prompt constitutes acceptance of the updated Terms.

WellVue is available as a monthly subscription at $12.99 USD per month. An annual subscription is also available at $107.88 USD per year (approximately $8.99 per month). Prices are charged in your local currency at the equivalent rate set by the App Store.

New subscribers receive a 7 day free trial of WellVue. The free trial begins when you start the subscription. After the trial, the subscription automatically continues at $12.99 USD per month (or the annual rate if selected) unless cancelled at least 24 hours before the trial ends. Any unused portion of a free trial period is forfeited when you purchase a subscription.

Payment is charged to your Apple ID account at confirmation of purchase.

Your subscription automatically renews unless cancelled at least 24 hours before the end of the current billing period. Your account will be charged for renewal within 24 hours prior to the end of the current period at the same rate.

You can manage or cancel your subscription at any time in your App Store account settings (Settings > Apple ID > Subscriptions).

Prices may vary by region and are subject to change. If the subscription price changes, you will be notified in advance and given the opportunity to cancel before the new price takes effect.

WellVue uses biometric data from your connected wearable device to power specialized nutrition, fitness, and cognitive wellness workflows. It adds analysis tools on top of the data your wearable already collects.

Full integration via official wearable device cloud APIs. All data is accessed with your explicit consent via OAuth authorization. WellVue requests the following data scopes: daily (sleep, readiness, activity, stress, resilience), heartrate, workout, session, spo2, personal, and tag. Each scope powers specific features within the app. No scopes are requested beyond what is needed for active features.

WellVue provides nutrition tracking, gym recovery, habit tracking, custom AI agents, and cognitive scheduling tools that correlate user-generated data with wearable biometrics. WellVue is designed to work alongside your wearable device's official app, adding specialized workflows for fitness-oriented users.

WellVue is an independent third-party application developed by MG Tech AI Solutions Inc., Vancouver, BC, Canada. It is NOT developed by, affiliated with, endorsed by, sponsored by, or in any way officially connected to any wearable device manufacturer or their subsidiaries or affiliates. Users should continue using their wearable device's official app for core device features, firmware updates, device setup, and primary health tracking.