Privacy Policy

Effective Date: February 27, 2026

RynHealth ("we," "us," or "our") is committed to protecting your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable British Columbia privacy law. This policy explains what we collect, how we use it, and your rights.

1. Who We Are

RynHealth is a health AI subscription service operated from British Columbia, Canada. We provide AI-powered agents that help you connect your health data, create personalized health plans, and take actions on your behalf (such as booking appointments or contacting healthcare providers). Our website is www.rynhealth.com.

Privacy contact: hi@rynhealth.com

2. Information We Collect

We collect the following categories of information:

Account Information: Name, email address, password (hashed), and subscription details when you create an account.
Health Data (Sensitive): Health information you voluntarily provide, including data synced from wearables and health apps (e.g., Apple Health, Fitbit, Garmin, Oura Ring), biometric data, fitness metrics, sleep data, nutrition logs, and any health goals or conditions you share with our AI agents.
Payment Information: Billing details processed through Stripe. We do not store your full credit card number, Stripe handles all payment card data under PCI-DSS compliance.
Usage Data: How you interact with our service, features used, session duration, and device/browser information for service improvement and security.
Communications: Messages you send to our support team and feedback you provide.

3. How We Use Your Information

Provide, operate, and personalize our AI health agent service
Process payments and manage your subscription
Power AI-driven health plans, recommendations, and actions on your behalf
Improve our service, algorithms, and user experience
Send transactional emails (receipts, subscription updates, support responses)
Comply with legal obligations and enforce our Terms of Service
Detect and prevent fraud or misuse

We will not use your information for purposes not listed above without obtaining your consent.

4. Health Data, Special Handling

⚕️ Your health data is sensitive and treated with the highest level of protection.

• Health data is encrypted at rest and in transit using industry-standard encryption (AES-256 / TLS 1.3).

We never sell your health data to third parties, advertisers, or data brokers.

• Health data is only used to power your personal AI agent and is not used to profile you for marketing.

• You may delete your health data at any time by contacting hi@rynhealth.com.

5. Who We Share Your Information With

We share your information only with the following trusted service providers, and only to the extent necessary to operate the service:

Stripe: Payment processing. Stripe receives payment card information directly under their own privacy policy. We receive only a customer token. Privacy Policy →
Supabase: Database and authentication infrastructure. Your account and health data is stored in Supabase-managed databases with encryption at rest. Privacy Policy →

We do not sell, rent, or trade your personal information to any third party. We may disclose information if required by law or to protect our legal rights.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the service.

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (e.g., financial records for 7 years under Canadian tax law).

Health data may be deleted independently of your account at your request.

7. Your Rights Under PIPEDA

As a Canadian resident, you have the right to:

Access the personal information we hold about you
Correct inaccurate or incomplete information
Withdraw consent to processing (may affect service availability)
Request deletion of your personal information
Know how your information is being used
Lodge a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, email us at hi@rynhealth.com. We will respond within 30 days.

8. Cookies & Tracking

We use essential cookies to maintain your session and authenticate your account. We do not use third-party advertising cookies or cross-site tracking. Analytics, if used, are aggregated and anonymized.

9. Security

We implement appropriate technical and organizational safeguards including encryption at rest and in transit, access controls, and regular security reviews. No method of transmission over the internet is 100% secure; we strive to use commercially acceptable means to protect your data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on our website at least 14 days before the changes take effect. Your continued use of the service after the effective date constitutes acceptance of the revised policy.

11. Contact Us

For privacy inquiries, requests, or complaints:

RynHealth Privacy Officer

Email: hi@rynhealth.com

British Columbia, Canada