Privacy Policy

This Privacy Policy ("Policy") applies to your use of the AdeleAI mobile application (the "App"), our websites located at adelehealth.com and its subdomains (the "Websites"), and all related software and services (collectively, the "Services") provided by Adele Health, Inc. and its wholly-owned subsidiary, AdeleAI LLC (collectively, "Adele," "we," "us," or "our").

By accessing or using our Services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Policy and our Terms of Service.

We are committed to building and maintaining your trust. Our approach to privacy is guided by the following core principles:

• You Own and Control Your Data. Your personal and wellness data belongs to you. Our goal is to make it simple for you to access, export, and delete your information at any time.

• Purpose Limitation and Data Minimization. We will only collect the information that is necessary to provide and improve our Services. We are committed to continually seeking ways to collect less data while still delivering a valuable experience.

• Transparency and Consent. We will be transparent about our data practices. For secondary uses of your data that are not essential to providing the core service to you, we will ask for your explicit, opt-in consent.

• Security by Design. We prioritize the security of your information in every decision we make.
We do not sell your personal information to third parties for advertising. Our business model is based on providing valuable services to our users. For more information on your rights regarding data "sharing," please see Section 6.

• We Do Not Sell Your Personal Information. We do not sell your personal information to third parties for advertising. Our business model is based on providing valuable services to our users. For more information on your rights regarding data "sharing," please see Section

We collect personal information to operate, maintain, and provide you with the features and functionality of the Services. The California Consumer Privacy Act (CCPA) requires us to provide a "Notice at Collection," which is fulfilled by the table below. It details the categories of personal information we collect and the purposes for which we use it.

‍A. Identifiers
‍
• Examples: First and last name, email address, unique user ID (UUID).
‍
• Purpose: To create and manage your account, communicate with you, provide customer support, and secure our Services.
‍
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
‍
• Examples: Name, email address, physical address and telephone number (if provided for support or waitlists).
‍
• Purpose: To manage your account and communicate with you.

C. Characteristics of protected classifications under California or federal law

• Examples: Age (required for eligibility), gender, height, weight (optional).

• Purpose: To verify you are at least 18 years old. Optional biometrics are used to personalize your educational insights within the App.

D. Commercial Information

• Examples: Records of services purchased (if any), payment information processed by our third-party payment processor (e.g., Stripe).

• Purpose: To process payments for premium features or subscriptions. Note: Adele does not directly access or store your full payment card information.

E. Internet or other similar network activity

• Examples: IP address, device type, operating system, browser type, browsing history on our Websites, interaction with our App features.

• Purpose: To provide and improve our Services, maintain security, analyze usage trends, and optimize user experience.

F. Geolocation Data

• Examples: We do not collect precise geolocation data. We may infer your general location from your IP address.

• Purpose: For analytics and security purposes (e.g., fraud detection).

G. Sensitive Personal Information

• Examples: Health and wellness information like glucose readings, logged meals, activities, notes, sleep data, and other wellness-related information you provide or import. This may include user-generated content like free-text notes or messages you enter into the App, which may contain sensitive information.

• Important: User-generated content, such as free-text notes, lifestyle tags, or custom user settings should never contain sensitive personal information.

• Purpose: To provide the core functionality of the App, including displaying your data back to you and generating personalized, non-medical educational insights and patterns.

H. Inferences drawn from other personal information

• Examples: Inferences about your lifestyle patterns or metabolic responses based on the Health and Wellness Information you provide.

• Purpose: To generate the educational trends, and insights displayed to you within the App.

In addition to the purposes listed above, we use your personal information for the following business purposes:

• To Provide, Improve, and Personalize the Services: We use your information to operate the App, display your data and insights back to you, and tailor the educational content to your profile. We may also use de-identified data across all users to improve our Services.

• To Communicate With You: We use your contact information to send you administrative emails (e.g., account verification, service updates, policy changes) and, with your consent, marketing communications about our Services. You can opt-out of marketing emails at any time.

• To Comply with Legal Obligations and Protect Our Rights: We may use your information to comply with applicable laws, lawful requests, and legal process, such as responding to subpoenas or requests from government authorities.

We do not sell your personal information. We may share your information only in the circumstances described below:

• With Service Providers: We share information with trusted third-party vendors and service providers who perform services on our behalf under strict contractual terms. These providers are contractually obligated to protect your data and are prohibited from using it for any purpose other than to provide the specific service we have requested. These include cloud hosting and storage providers (e.g., Supabase, Amazon Web Services), payment processors, and customer support platform providers.
‍
• With Our AI Processing Partner: The chat feature in our App is powered by a third-party AI service provider. When you use the chat feature, the content of your conversation is sent to this provider to generate a response.  We take reasonable steps to remove personally identifiable information (PII) and protected health information (PHI) before sending, using industry-standard tools, and we configure API calls to minimize data retention by the provider. To protect your privacy, do not include sensitive personal information in chat inputs or free-text logs.

• As Required by Law and for Business Transfers: We may disclose your information if required by law or in the good faith belief that such action is necessary to comply with legal obligations. We may also share or transfer your information in connection with a business transaction such as a merger, sale of company assets, or acquisition.

We store your data on secure databases hosted by third parties (e.g., Supabase) who do not have access to your personal information for any purpose other than cloud storage and retrieval. We have implemented and maintain reasonable administrative, technical, and physical security measures designed to protect your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. Our security practices include, but are not limited to:

• Encryption of data at rest and in transit.
• Strict, role-based internal access controls and multi-factor authentication.

The safety and security of your information also depends on you. You are responsible for keeping your account password confidential.

We retain your personal information for as long as your account is active or as needed to provide you with the Services. We may retain aggregated and de-identified data indefinitely for research and product improvement purposes.

We extend the privacy rights granted under the CCPA/CPRA to all our U.S. users. You have the following rights with respect to your personal information:

• Right to Know/Access: You have the right to request a copy of the personal information we have collected about you and information about how we have used and shared it over the past 12 months.
‍
• Right to Delete: You have the right to request that we delete the personal information we have collected from you, subject to certain legal exceptions.
‍
• Right to Correct: You have the right to request that we correct any inaccurate personal information we maintain about you.

• Right to Limit Use and Disclosure of Sensitive Personal Information: You have the right to direct us to limit our use of your sensitive personal information (such as your health and wellness data) to only that which is necessary to perform the Services. For the purposes of this right, "necessary" use is limited to providing you with the core features of the Services, such as displaying your data and generating your personal insights. It does not include secondary uses like research, for which we will seek your separate, opt-in consent.

• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We also do not "share" your personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA.

• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

How to Exercise Your Rights: You may exercise your rights by submitting a request to us via email at info@adelehealth.com. We will respond to your request within the timeframes required by law (typically 45 days for CCPA/CPRA requests).
‍
^‍You may also designate an authorized agent to make a request on your behalf. To do so, you must provide the authorized agent with written permission to act on your behalf, and we may require you to verify your own identity directly with us before we process the agent's request. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.

‍Verifying Your Request: We are required by law to verify your identity before processing your request to protect your information. The verification process will depend on the sensitivity of the information requested.

• For requests to know categories of information or to delete non-sensitive information, we will verify your identity to a reasonable degree of certainty, which may require matching at least two data points you provide with information we have on file.

• For requests to know specific pieces of information or to delete sensitive information, we will verify your identity to a high degree of certainty, which may require matching at least three data points you provide with information we have on file and may require a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.

We cannot respond to your request if we cannot verify your identity.
‍

In the event of a data breach involving your unsecured personal health information, we are committed to notifying you promptly and transparently, in accordance with our obligations under the FTC's Health Breach Notification Rule (HBNR) and applicable state laws. A "breach" under the HBNR includes not only a cybersecurity intrusion but also any unauthorized acquisition of your data, such as an unauthorized disclosure to a third party.

If we determine that a breach has occurred, we will provide notice as follows:

• Notice to Individuals: We will notify affected individuals without unreasonable delay, and in no case later than 60 calendar days after discovering the breach.

• Notice to the FTC: If a breach affects 500 or more individuals, we will notify the FTC as soon as possible, and in no case later than 10 business days after discovery. For breaches affecting fewer than 500 individuals, we will maintain a log and notify the FTC on an annual basis.

• Notice to the Media: If a breach affects 500 or more residents of a particular state or jurisdiction, we will provide notice to prominent media outlets serving that area within 60 calendar days.

• Children's Privacy: The Services are not intended for or directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18.
‍
• U.S. Operations: Our Services are intended for residents of the United States. Your information will be stored and processed in the United States. Our practices may not comply with the laws of other countries, such as the EU's General Data Protection Regulation (GDPR).

• Data Protection Officer: We have appointed a Data Protection Officer to oversee our privacy program. You can contact our DPO by emailing info@adelehealth.com.

• Changes to this Policy: We may update this Policy from time to time. If we make material changes, we will notify you by email or through the App prior to the change becoming effective. Your continued use of the Services after the effective date of the revised Policy constitutes your acceptance of the terms.

• Contact Us: For any questions, please email us at support@adelehealth.com or write to us at: Adele Health, Inc., 4205 Hillsboro Pike Suite 300 Nashville, TN 37215.