Ryn Health Inc. · Effective March 6, 2026

Privacy Policy

Ryn Health Inc. ("Ryn," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered health coaching platform, including our website, web application, and messaging integrations (collectively, the "Service"). We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy law.

By creating an account or using the Service, you consent to the practices described in this policy. You may withdraw consent at any time through your account settings.

1. Information We Collect

We collect the following categories of information:

Account Information

  • Your email address and password (hashed) when you create an account.
  • Payment information processed securely by Stripe; we do not store your card details.
  • Your display name and any profile preferences you choose to provide.

Health Data

  • Connected apps: Workouts, runs, rides, and heart rate data from Strava when you choose to connect it. Sleep scores, readiness, and HRV from Oura Ring (when available). Steps, sleep, and workout data from Apple Health via our iOS shortcut (when available).
  • Lab results: Blood test panels, biomarkers, and other clinical data you manually upload or enter.
  • DEXA scans: Body composition data you choose to share.
  • Self-reported data: Goals, health history, and information you share with Ryn through conversation.

Conversation Data

  • Messages you send to Ryn through the web interface, Telegram, or WhatsApp.
  • Coaching responses generated by the AI on your behalf.

Usage Data

  • Log data such as pages visited, features used, and timestamps.
  • Device and browser type, operating system, and IP address.
  • Consent records: timestamps and text of consents you have provided.

2. How We Use Your Information

We use your information solely to provide and improve the Service:

  • Personalized coaching: Your health data, goals, and conversation history are used to generate tailored AI coaching responses and insights.
  • Account management: To authenticate you, process your subscription, and send service-related communications.
  • Safety and compliance: To detect abuse, prevent fraud, and comply with our legal obligations.
  • Service improvement: Aggregated, anonymized analytics to understand how the Service is used and improve it.

We never sell your personal or health data to third parties. We do not use your data for advertising, and we do not share it with data brokers.

3. How We Share Your Information

We share your data only with trusted service providers who process it on our behalf:

  • Supabase: Secure database and authentication infrastructure. Data is stored on servers in Canada and/or the United States with SOC 2 compliance.
  • Anthropic: Your messages are processed through the Anthropic API to generate AI coaching responses. Per Anthropic's API terms, messages submitted via API are not used to train their models and are not retained beyond the processing window.
  • Stripe: Payment processing. Subject to Stripe's own privacy policy.
  • Twilio: WhatsApp message delivery infrastructure.

All third-party service providers are contractually bound to process your data only as directed by us and to maintain appropriate security standards.

We may disclose your information if required by law, court order, or to protect the rights, safety, or property of Ryn Health Inc. or others.

4. Data Storage and Security

Your data is stored on Supabase infrastructure located in Canada and/or the United States. We implement industry-standard security measures including:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Row-level security policies limiting data access to authenticated account owners.
  • Service-role authentication for server-side operations.
  • Regular security reviews and dependency updates.

No system is 100% secure. If you believe your account has been compromised, contact us immediately at hi@rynhealth.com.

5. Your Rights Under PIPEDA

As a Canadian privacy law, PIPEDA grants you the following rights regarding your personal information:

  • Access: You have the right to request a copy of the personal information we hold about you. Use the "Export Data" feature in your account settings for an immediate download.
  • Correction: You have the right to request correction of inaccurate information. Update your profile in account settings or contact us.
  • Withdrawal of consent: You may withdraw your consent to the collection and processing of your health data at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
  • Deletion: You have the right to request deletion of your personal information. Use the "Delete Account" feature in account settings, which permanently removes all your data from our systems.
  • Complaint: If you believe we have violated PIPEDA, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

All privacy rights are available directly in your account settings. You can also contact us at hi@rynhealth.com to exercise any right. We will respond to requests within 30 days.

6. Data Retention

We retain your personal information for as long as your account is active and for 30 days following cancellation of your subscription, in case you choose to reactivate. After this period, your data is permanently deleted from our systems.

You can request immediate deletion at any time through your account settings or by contacting us. Deletion is irreversible — we cannot recover data after it has been deleted.

Some information may be retained longer if required by law (e.g., financial records for tax compliance) or where we have a legitimate legal obligation to do so.

7. Cookies

We use cookies minimally. The only cookies we set are session authentication cookies necessary for you to remain logged in to the Service. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

You can disable cookies in your browser settings, but this will prevent you from signing in to the Service.

8. Children's Privacy

The Service is intended for users 18 years of age or older. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice in the Service. Your continued use of the Service after the effective date of any change constitutes your acceptance of the updated policy.

10. Contact Us

For privacy-related questions, requests, or concerns, please contact our Privacy Officer:

Ryn Health Inc.
British Columbia, Canada
hi@rynhealth.com

We are committed to resolving privacy concerns promptly and fairly.