Back to Home

Privacy Policy

How we collect, use, and protect your personal health information

Last updated: December 27, 2025 | Effective: January 1, 2025

Your Privacy is Our Priority

Weight Loss Projection Lab (WLPL) is HIPAA compliant and committed to protecting your personal health information. We never sell your data and only use it to provide you with the best health tracking experience.

HIPAA CompliantGDPR CompliantSOC 2 Certified

Table of Contents

  1. 1. Information We Collect
  2. 2. How We Use Your Information
  3. 3. Data Sharing and Disclosure
  4. 4. Data Security
  5. 5. Your Privacy Rights
  6. 6. Data Retention
  7. 7. Cookies and Tracking
  8. 8. Children's Privacy
  9. 9. International Data Transfers
  10. 10. Changes to This Policy
  11. 11. Contact Us

1. Information We Collect

1.1 Personal Information

  • Name, email address, phone number
  • Date of birth, gender
  • Profile photo (optional)
  • Account credentials (encrypted)

1.2 Health Information (Protected Health Information - PHI)

  • Weight measurements and tracking data
  • Meal logs and nutritional information
  • Photos of meals (if provided)
  • Exercise and activity data
  • Health goals and preferences
  • Medical conditions (if voluntarily provided)
  • Medication information (if using medication tracking features)
  • Vital signs (blood pressure, heart rate, etc.)
  • Provider and appointment information

1.3 Biometric Information

  • Facial recognition data for authentication (encrypted, never shared)
  • Biometric templates stored locally on your device when possible

1.4 Usage Information

  • Device information (type, OS, browser)
  • IP address and location data (city/region level)
  • App usage patterns and feature interactions
  • Log data and error reports

1.5 AI-Generated Content

  • AI analysis results and health insights
  • Nutritional assessments from meal photos
  • Personalized recommendations

2. How We Use Your Information

We use your information for the following purposes:

2.1 Service Delivery

  • Provide weight tracking and health monitoring
  • Generate AI-powered insights and recommendations
  • Process meal photos and provide nutritional analysis
  • Enable family and household care management
  • Facilitate appointments and medication tracking

2.2 Account Management

  • Create and maintain your account
  • Authenticate your identity (including biometric authentication)
  • Process payments and manage subscriptions
  • Send service-related notifications

2.3 Improvement and Analytics

  • Improve our services and develop new features
  • Analyze usage patterns (aggregated, de-identified data)
  • Train and improve AI models (with your consent)
  • Conduct research (only with explicit consent)

2.4 Communication

  • Send important service updates and security alerts
  • Respond to your support requests
  • Send marketing communications (opt-in only)

2.5 Legal and Safety

  • Comply with legal obligations
  • Prevent fraud and ensure platform security
  • Protect rights and safety of users

3. Data Sharing and Disclosure

🔒 We NEVER sell your personal health information

Your health data is yours. We only share it in the limited circumstances described below.

3.1 When We Share Your Information

With Your Consent

We share your information when you explicitly authorize us to do so (e.g., sharing with family members, healthcare providers).

Service Providers

We work with trusted third-party service providers who help us operate our platform:

  • Cloud hosting (Google Cloud Platform, Firebase)
  • AI services (OpenAI, Google Gemini) - with strict data agreements
  • Payment processing (Stripe) - PCI DSS compliant
  • Analytics (privacy-focused, aggregated data only)
  • Customer support tools

All service providers sign Business Associate Agreements (BAAs) as required by HIPAA.

Legal Requirements

We may disclose information when required by law, court order, or to protect rights and safety.

Business Transfers

In the event of a merger, acquisition, or sale, your information may be transferred. We will notify you and ensure continued protection.

Aggregated/De-identified Data

We may share aggregated, de-identified data that cannot be linked back to you for research and analytics.

4. Data Security

We implement industry-leading security measures to protect your information:

🔐Encryption

AES-256 encryption at rest, TLS 1.3 in transit. All PHI is encrypted.

🔑Access Controls

Role-based access, multi-factor authentication, principle of least privilege.

🛡️Security Monitoring

24/7 monitoring, intrusion detection, regular security audits and penetration testing.

🔄Backups

Automated encrypted backups, disaster recovery plans, 99.9% uptime SLA.

👥Staff Training

All employees receive HIPAA and security training. Background checks required.

🔍Audit Logs

Comprehensive audit trails for all PHI access and modifications.

Certifications: SOC 2 Type II, ISO 27001, HIPAA compliant infrastructure

5. Your Privacy Rights

You have the following rights regarding your personal information:

Right to Access

Request a copy of all personal data we hold about you. Available through your account settings or by contacting us.

Right to Rectification

Correct inaccurate or incomplete information through your account settings.

Right to Erasure

Request deletion of your account and associated data. Some data may be retained for legal compliance (7 years for HIPAA).

Right to Data Portability

Download your data in a machine-readable format (JSON, CSV) from account settings.

Right to Restrict Processing

Request limitations on how we process your data while maintaining your account.

Right to Object

Opt out of marketing communications, analytics, or AI training data usage.

Right to Withdraw Consent

Withdraw consent for optional features (e.g., biometric authentication, AI analysis) at any time.

Exercise Your Rights

To exercise any of these rights, contact us at privacy@weightlossproglab.com or use the privacy controls in your account settings.

6. Data Retention

We retain your information for different periods based on type and legal requirements:

Data TypeRetention Period
Account InformationWhile account is active + 7 years after closure (HIPAA)
Health Data (PHI)While account is active + 7 years after closure (HIPAA)
Biometric DataWhile feature is enabled + 30 days after opt-out
Usage Logs90 days
Marketing PreferencesUntil you opt out or close account
De-identified DataIndefinitely (cannot be linked to you)

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Essential Cookies (Required)

Authentication, security, session management. Cannot be disabled.

Functional Cookies (Optional)

Remember your preferences, language settings, theme choices.

Analytics Cookies (Optional)

Understand usage patterns, improve features. Privacy-focused, aggregated data only.

Manage cookie preferences in your account settings or browser settings.

8. Children's Privacy

WLPL is not intended for children under 13. We do not knowingly collect information from children under 13.

For users aged 13-17, we require parental consent before creating an account. If you believe we have collected information from a child under 13, please contact us immediately at privacy@weightlossproglab.com.

9. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate.

We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission for EU/EEA users.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification to your registered email address
  • Prominent notice on our platform
  • In-app notification

Your continued use after changes become effective constitutes acceptance. If you do not agree, you may close your account.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices:

Email:privacy@weightlossproglab.com
Privacy Officer:privacy@weightlossproglab.com
Mail:
Weight Loss Projection Lab
Privacy Department
[Address to be added]
Response Time:Within 30 days (GDPR requirement)

HIPAA Notice of Privacy Practices

This Privacy Policy serves as our Notice of Privacy Practices as required by HIPAA. For more detailed information about how we protect your Protected Health Information (PHI), please visit our HIPAA Compliance page.

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights. You will not be retaliated against for filing a complaint.

Terms of ServiceHIPAA ComplianceSecurityAccessibility
U

User

Main

Health

Tracking

Food

Engage