Supplemental Notice
Consumer Health Data Privacy Notice
Effective and last updated: July 15, 2026
1. Consumer health data we collect
Depending on the features and permissions you choose, Finn may collect:
- Body, fitness, and activity information: height, weight, goals, training experience, workout and mobility activity, schedule, exercise minutes, steps, active energy, and workout summaries.
- Recovery and physiological information: sleep duration, resting heart rate, heart-rate variability (SDNN), respiratory rate, soreness, injuries, symptoms, limitations, and recovery information you choose to provide.
- Nutrition information: dietary preferences, food intake, allergies you choose to identify, recipes, grocery information, and nutrition goals.
- Health-related inferences and outputs: plans, recommendations, classifications, and summaries generated from the information above. These are wellness outputs, not diagnoses.
- Data that identifies or can be linked to you: account identifiers and contact information associated with the health-related information.
2. Sources
- You: onboarding, chats, profile settings, logs, support messages, and other information you choose to enter.
- Apple Health: only the read categories you authorize. Raw HealthKit samples remain on-device; Finn uploads normalized daily and workout summaries.
- Our Services: health-related plans, summaries, and inferences created from your interactions and authorized information.
3. Why we collect and use it
- Provide and personalize the fitness, nutrition, mobility, planning, logging, and progress features you request.
- Display authorized Apple Health summaries and adapt your wellness plan when you ask Finn to use them.
- Generate requested AI coaching only after the applicable explicit permission.
- Maintain data quality, synchronize your history, troubleshoot, secure the Services, prevent abuse, and comply with law.
We will not collect or use additional categories of consumer health data, or use disclosed data for a materially different purpose, without first updating this Notice and obtaining affirmative consent when required.
4. Consumer health data we share and recipients
| Recipient | Categories | Purpose and condition |
|---|---|---|
| Google LLC (paid Gemini API) | Relevant chat, onboarding, profile, fitness, injury or limitation, nutrition, plan, and workout information; Apple Health summaries only under a separate permission. | Generate coaching you request, only after explicit AI-data permission. |
| Cloud infrastructure and security processors | The consumer health data stored or transmitted through the Services. | Host, secure, back up, transmit, and operate Finn under contractual restrictions. |
| Professional advisers, authorities, and transaction counterparties | Only the information reasonably necessary for the matter. | Legal compliance, protection of rights or safety, claims, or a proposed business transaction, subject to applicable restrictions. |
Finn has no affiliates with which it shares consumer health data as of the effective date. Auth0 and RevenueCat receive account or purchase information, not health data, for their respective authentication and subscription functions. Apple processes HealthKit and App Store information under your relationship with Apple.
Every third party with whom Finn shares consumer health data must process it only for authorized purposes and provide the same or equal protection of user data as stated in this Notice and required by Apple's App Review Guidelines.
5. Sale and advertising
Finn does not sell consumer health data. Finn does not use or disclose consumer health data for advertising, marketing, cross-context behavioral advertising, eligibility decisions, or unrelated data mining. We will not sell consumer health data without the separate, signed authorization required by applicable law.
6. Your rights
Subject to applicable law, you may:
- confirm whether Finn collects, shares, or sells your consumer health data;
- access the data and obtain a list of third parties and affiliates that received it;
- withdraw consent for future collection or sharing;
- delete consumer health data, including directing deletion by processors as required; and
- appeal our refusal to act on a request.
Submit a request or appeal to coachfinntech@gmail.com and identify the right you want to exercise and the email associated with your account. We may verify your identity and authority. If we deny a request, our response will explain why and how to appeal where required.
7. In-app controls and effect of withdrawal
- AI Data Sharing: withdrawing blocks future AI-backed coaching until you explicitly allow it again. It does not recall information already processed.
- Apple Health AI use: disabling it stops Apple Health summaries from being included in future Gemini requests without deleting imported summaries.
- Disconnect Apple Health: stops future imports and revokes Apple Health AI use but does not delete previously imported summaries.
- Delete imported health data: removes Finn's imported Apple Health observations, workouts, derived health contexts, and connection record from active systems.
8. Retention and deletion
Imported daily observations are retained for up to 180 days, imported workout summaries for up to 365 days, and value-free sync audit records for up to 90 days unless you delete them sooner. Other health-related profile, plan, chat, and log information is retained while your account is active and as needed to provide Finn. Verified deletion requests are subject only to legal, security, fraud-prevention, transaction-record, and backup-cycle exceptions described in our Privacy Policy.
9. Contact and changes
Contact coachfinntech@gmail.com or Ellison Software LLC, 1302 Bonnie Brae Street, Hermosa Beach, CA 90254, with questions or complaints. We will post changes here and update the date above. We will provide additional notice and obtain consent before materially expanding covered collection, use, or sharing when required.