Lyvewell
Back to home

Privacy Policy

Last updated: 10 May 2026

Lyvewell (“we”, “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you may have under applicable data protection laws in your jurisdiction.

1. Data Controller

The entity responsible for your personal data is Lyvewell.
Contact: privacy@lyvewell.fit

2. Data We Collect

2.1 Account Data

When you create an account, we collect your email address. Your password is hashed using bcrypt by Supabase Auth and never stored in plaintext. We do not have access to your raw password.

2.2 Health Profile Data

To generate personalised supplement protocols and meal plans, we collect health-related information that you provide voluntarily, including:

  • Age, biological sex, and weight/height
  • Primary health goal (e.g. longevity, energy, sleep, fat loss)
  • Dietary preferences and restrictions (e.g. vegan, gluten-free)
  • Self-reported medical conditions and medications
  • Activity level and sleep patterns

This data is treated as sensitive health information. We process it only with your explicit consent, obtained at onboarding, and only for the purpose of providing the Service.

2.3 Usage Data

When you use Lyvewell, we may collect:

  • AI coach conversation history (messages you send and responses received)
  • Supplement protocol generations and selections
  • Meal plans generated and saved
  • Daily tracking entries (meals logged, biomarkers recorded)
  • Feature usage patterns to improve the Service

2.4 Payment Data

Payment processing is handled entirely by Stripe, Inc. We do not store your card number, CVV, or full payment details. We retain only: subscription status (active, trialing, cancelled), subscription plan, and Stripe customer ID for billing administration.

2.5 Analytics Data

We use PostHog to collect anonymised analytics: page views, feature clicks, session duration, and conversion events. PostHog is configured with IP anonymisation. You can opt out of analytics tracking via your browser’s Do Not Track setting or by contacting us.

2.6 Technical Data

We automatically collect certain technical information: IP address, browser type and version, device type, operating system, referring URLs, and access timestamps. This data is used for security, performance monitoring, and fraud prevention.

3. Legal Basis for Processing

We collect and use your data on the following grounds:

  • Contract performance: processing necessary to provide the Service you have subscribed to, including generating protocols and processing billing.
  • Explicit consent: for processing sensitive health data, which you provide at onboarding. You may withdraw consent at any time by deleting your account.
  • Legitimate interests: for security monitoring, fraud prevention, and improving the accuracy of our AI models, where such interests are not overridden by your rights.
  • Legal obligation: where we are required to retain data by applicable law, such as financial records required for tax compliance.

4. How We Use Your Data

Your data is used to:

  • Create and manage your Lyvewell account
  • Generate personalised supplement protocols, meal plans, and AI coaching responses
  • Process subscription payments and send billing communications
  • Send transactional emails (password reset, subscription confirmations, receipts)
  • Respond to support enquiries
  • Detect and prevent fraud, abuse, and security incidents
  • Improve the accuracy and quality of our AI systems (using aggregated and anonymised data)
  • Comply with our legal and regulatory obligations

We do not sell your personal data to third parties. We do not use your data for advertising profiling.

5. Data Sharing

We share your data with the following trusted third-party processors, each bound by data processing agreements:

  • Anthropic, PBC(United States) — AI model provider. Your AI chat messages and health profile data are processed by Anthropic to generate responses. Anthropic’s API does not use your data to train models by default. Data transfers are governed by appropriate data transfer agreements.
  • Stripe, Inc. (United States) — payment processing. Stripe operates under its own Privacy Policy and is certified to applicable security standards. Data transfers are governed by appropriate data transfer agreements.
  • Supabase, Inc. (EU region — Frankfurt, Germany) — database hosting and authentication. All primary data is stored in the EU. Data is encrypted at rest and in transit.
  • Resend, Inc. (United States) — transactional email delivery (password resets, receipts). Data transfers are governed by appropriate data transfer agreements.
  • PostHog, Inc. (EU region available) — product analytics. Data is anonymised before transmission where possible.

We may also disclose your data where required by law, court order, or regulatory authority, or to protect the rights and safety of Lyvewell, our users, or the public.

6. International Transfers

Some of our third-party processors are based in the United States. When your data is transferred internationally, we take steps to ensure it receives an appropriate level of protection through contractual safeguards and data processing agreements with each provider.

7. Data Retention

We retain your personal data for as long as your account is active. When you delete your account:

  • Your personal data will be permanently deleted within 30 days.
  • Anonymised, aggregated analytics data that cannot be linked to you may be retained indefinitely for statistical purposes.
  • Financial records (billing history) may be retained for up to 7 years to comply with applicable tax laws.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data. Contact us at privacy@lyvewell.fit to exercise any of them:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure(“right to be forgotten”) — request deletion of your personal data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to certain types of data processing.
  • Right to restrict processing — request that we limit how we use your data in certain circumstances.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

We will respond to valid requests within one calendar month. If you are not satisfied with our response, you may have the right to lodge a complaint with the data protection authority in your country.

9. Cookies

We use cookies and similar technologies to operate the Service. For full details, including how to manage your preferences, please see our Cookie Policy.

10. Children’s Privacy

The Service is intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us immediately at privacy@lyvewell.fit and we will delete it promptly.

11. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of all data in transit using TLS 1.2+
  • Encryption of data at rest in our Supabase database (AES-256)
  • Row-level security (RLS) policies ensuring users can only access their own data
  • Hashed and salted password storage via Supabase Auth
  • Regular security reviews and access controls

No transmission over the internet is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.

12. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email and/or a notice within the Service at least 30 days before they take effect. We encourage you to review this page periodically.

13. Contact Us

For any privacy-related queries, data subject requests, or concerns:
Email: privacy@lyvewell.fit