Consumer Health Data Privacy Policy

1. Who We Are & Scope

Weight Pocket is a weight-management coaching and tracking app operated by JP Medicina de la Montaña LLC ("we," "us," or "our"). This Consumer Health Data Privacy Policy explains how we collect, use, share, and protect consumer health data, and the rights you have over it.

"Consumer health data" means personal information that is linked or reasonably linkable to you and that identifies your past, present, or future physical or mental health status. For Weight Pocket this includes data such as your weight and body measurements, the GLP-1 and other medications you log, dosages and injection sites, symptoms and side effects, meals and nutrition, exercise, and related notes.

This policy applies to consumers who are residents of states with consumer health data laws, including Washington (My Health My Data Act), Nevada (SB370), and Connecticut. We extend the core protections below to all of our users as a matter of practice.

2. Consumer Health Data We Collect

Depending on the features you use, we may collect the following categories of consumer health data:

• Body metrics: weight, height, BMI, body measurements, and (if you connect them) steps, heart rate, HRV, and active energy from Apple HealthKit or Google Health Connect.
• Medication data: GLP-1 and other medications you choose to log, including drug name, dose, schedule, injection sites, and refill timing.
• Symptoms & side effects you record.
• Nutrition & activity: meals, water, food photos, and exercise.
• Health-related messages: the content of chats with the AI coach or with your linked coaching staff, and personal health notes.

We practice data minimization: we collect only the data needed to provide the features you use.

3. Sources of the Data

We collect consumer health data directly from you (manual entry, photos, chat), from connected device platforms you authorize (Apple HealthKit, Google Health Connect, Bluetooth smart scales), and, if you are linked to a coach, coaching practice, clinic, or other place of service, from your authorized coaching staff within the App. We do not buy consumer health data from data brokers.

4. How We Use Consumer Health Data

We use consumer health data only to:

• Provide the App's tracking, coaching, analytics, and reminder features you request.
• Generate educational, AI-assisted insights and visualizations (e.g., medication-level estimates, trends).
• Enable coaching by your linked coach, coaching practice, clinic, or other place of service, if you have scanned their QR code to link.
• Keep you safe (e.g., missed-dose reminders) and maintain, secure, and debug the service.
• Comply with legal obligations.

We do not use consumer health data for advertising, ad targeting, profiling for advertising, or any purpose unrelated to providing the App.

5. How We Share Consumer Health Data

We share consumer health data only with the limited categories of recipients needed to run the App, each bound by a written data-processing agreement and prohibited from using it for their own purposes:

• Google Firebase — authentication, database, storage, crash reporting (processor).
• Google Gemini — AI processing of only the text or image you submit, via our server-side proxy (processor).
• RevenueCat — subscription receipt validation only (no health data).
• Your linked coaching staff (whether an individual coach, coaching practice, clinic, or other place of service) — only after you affirmatively link by scanning their QR code, and only the staff associated with that coach or organization.

We may also disclose data when required by law or to protect rights and safety. We will not otherwise collect or share your consumer health data without your affirmative, opt-in consent (see § 7), and we will never share it with anyone for advertising.

6. We Do Not Sell Your Consumer Health Data

We do NOT sell your consumer health data, and we have not done so. Under the Washington My Health My Data Act, any "sale" of consumer health data requires a separate, specific valid authorization from you. Because we do not sell consumer health data, we do not seek or rely on any such authorization. The App contains no advertising SDKs, no third-party trackers, and no cross-app tracking identifiers.

7. How We Obtain Your Consent

Before we collect or process your health data, we obtain your explicit, opt-in consent during onboarding, separately from our general Terms. Connecting a health platform (HealthKit / Health Connect) or linking to a coach, coaching practice, clinic, or other place of service each requires a distinct, affirmative action by you. You may withdraw consent at any time in Settings → Privacy; withdrawal stops future processing of the affected data (it does not affect processing already performed lawfully) and may disable features that depend on that data.

8. Your Rights

Regardless of where you live, you may:

• Access / confirm the consumer health data we have collected and the third parties and affiliates with whom we have shared it.
• Withdraw consent to our collection and sharing of your consumer health data.
• Delete your consumer health data. You can delete your account at any time in Settings → Delete Account, which triggers our multi-step erasure of your data across collections, subcollections, and storage. You may also email us.

To exercise these rights, use the in-app controls or contact privacy@weightpocket.com. We will verify your request and respond within the timeframe required by law (for Washington MHMDA requests, within 45 days, extendable once by 45 days where reasonably necessary). We will not discriminate against you for exercising any of these rights.

9. Right to Appeal

If we decline to take action on your request, we will tell you why. You may appeal that decision by replying to our response or emailing privacy@weightpocket.com with the subject line "Health Data Appeal." We will respond to your appeal within a reasonable time. If we deny your appeal, you may contact your state Attorney General (for example, the Washington State Attorney General at atg.wa.gov/file-complaint).

10. Biometric Data

Weight Pocket does not create, capture, or store biometric identifiers (such as faceprints). Photos are analyzed only to recognize food; and any Face ID / Touch ID app-lock is handled entirely by your device's operating system, which returns only a success/failure signal to us. See § 15.2 of our Privacy Policy for details.

11. Security & Retention

We protect consumer health data with the safeguards described in our Privacy Policy (encryption in transit and at rest, audited access-control rules, server-side validation, and least-privilege access). We restrict access to consumer health data to the personnel and processors who need it to provide the service. We retain consumer health data only as long as your account is active or as needed to provide the App; on account deletion we purge personal data on the schedule described in our Privacy Policy. No system is 100% secure, and we cannot guarantee absolute security.

12. We Are Not a HIPAA Covered Entity

Weight Pocket is an educational coaching and wellness tool — not a healthcare provider, telemedicine service, pharmacy, or medical device — and the consumer health data we hold is generally not "protected health information" (PHI) regulated by HIPAA. If you are a member linked to a coach, coaching practice, clinic, healthcare provider, or other place of service that is itself a HIPAA-covered entity, any HIPAA-governed relationship exists between you and that external organization, not between you and Weight Pocket. This policy governs the consumer health data we process as described above.

13. Changes to This Policy

If we make material changes to this policy, we will update the Effective Date above and, for substantive changes, provide notice and (where required) obtain renewed consent before the change affects previously collected data.

14. Contact Us

For any question or request about your consumer health data: