Legal — Health Data

HIPAA Notice of Privacy Practices

Last updated: April 2026

Contents

🏥 This notice describes how health-related information about you may be used and disclosed and how you can get access to this information.

1Overview & Applicability

BuddyFood-AI is a digital wellness platform that generates AI-powered nutrition plans. To the extent BuddyFood-AI collects health-related information from users in the United States, we take compliance with applicable health data protection laws seriously, including the Health Insurance Portability and Accountability Act (HIPAA) where applicable. This notice explains our data handling practices as they relate to health information.

2Protected Health Information (PHI)

BuddyFood-AI may collect certain health-related data such as body weight, height, age, dietary restrictions, and health goals. This information is used exclusively to generate personalized nutrition plans. We do not collect clinical health records, medical diagnoses, or insurance information, and we are not a Covered Entity under HIPAA in the traditional sense.

  • Body metrics voluntarily submitted (weight, height, age)
  • Dietary preferences and food restrictions
  • General wellness goals (weight loss, muscle gain, etc.)
  • Allergy information

3Your Rights Regarding Health Data

  • Right to access your health data we hold
  • Right to request correction of inaccurate data
  • Right to request deletion of your health data
  • Right to data portability — export your data in a common format
  • Right to restrict how your data is used
  • Right to withdraw consent at any time

4Administrative, Physical & Technical Safeguards

We implement appropriate safeguards to protect health-related information against unauthorized access, use, or disclosure.

  • Encrypted data transmission (TLS/HTTPS)
  • Password-protected accounts with secure hashing
  • Access controls limiting employee access to user data
  • Regular security reviews and updates
  • Secure cloud infrastructure

5Use and Disclosure of Health Data

BuddyFood-AI does not sell, rent, or commercially exploit your health-related data. We may share health data only in the following limited circumstances:

  • With service providers bound by confidentiality agreements necessary to deliver the Service
  • As required by applicable law or legal process
  • To protect the rights, property, or safety of users or others
  • In anonymized, aggregated form for research and product improvement

6Breach Notification

In the event of a security breach involving your health data, BuddyFood-AI will notify affected users in accordance with applicable laws. Notifications will be sent via email within 72 hours of discovery, where feasible, and will include information about what occurred, what data was affected, and what steps we are taking.

7Minors' Health Data

BuddyFood-AI is not intended for use by individuals under 18 years of age. We do not knowingly collect health data from minors. If we become aware that health data of a minor has been submitted, we will delete it promptly.

8Contact for Health Data Concerns

If you have questions about how we handle health-related data, or to exercise any of your rights listed above, please contact us at: buddyfood.ai@gmail.com. We will respond to all health data inquiries within 30 days.