OneBudd

Privacy Policy

Effective Date: November 2024 | Last Updated: November 2024

Introduction

OneBudd ("we," "our," or "us") is committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI health companion application and website. We take the protection of your personal data and health information seriously and comply with all applicable privacy laws and regulations globally.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our services. Your continued use of OneBudd following the posting of revised Privacy Policy means that you accept and agree to the changes.

This Privacy Policy applies to all information collected through our website, mobile application, API, and any other digital platform where we provide OneBudd services. We recommend reviewing this policy periodically to stay informed about how we protect your information.

Information We Collect

Personal Information

Name, email address, phone number, account credentials, date of birth, and contact information you provide during registration and account setup.

Health & Wellness Data

Health goals, wellness metrics, symptoms, medical history, fitness data, dietary preferences, sleep patterns, mental health information, and any health-related conversations with OneBudd. This information is sensitive and treated with utmost confidentiality.

Usage Data & Analytics

Log data, IP address, browser type, operating system, pages visited, time and date of visits, referring URLs, device information, session duration, and interaction patterns with our platform features.

Device Information

Device type, unique identifiers, mobile network information, hardware model, operating system version, and device settings. This helps us optimize the app for your specific device.

Authentication Data

When using OAuth (Google, Apple), we collect your OAuth provider ID, basic profile information, and authentication tokens to verify your identity and enable secure account access.

Cookies & Tracking Technologies

We use cookies, pixel tags, and similar technologies to track your activity, remember preferences, prevent fraud, and analyze platform usage patterns to enhance your experience.

How We Use Your Information

  • Provide personalized health insights and AI-powered recommendations tailored to your specific health profile
  • Authenticate your account and manage your identity with secure access controls
  • Send administrative updates, security alerts, and account notifications
  • Train and improve our AI models and machine learning algorithms with anonymized data
  • Conduct research on health trends and wellness patterns (with anonymization)
  • Detect and prevent fraud, abuse, and unauthorized access attempts
  • Comply with legal obligations, law enforcement requests, and regulatory requirements
  • Provide customer support and respond to user inquiries

Third-Party Services & Integrations

OneBudd may integrate with third-party services to enhance functionality. These include:

OAuth Providers (Google, Apple)

For authentication purposes. We receive your basic profile information and do not access your email or other personal data beyond what's necessary for account creation.

Health & Fitness Integrations

Optional integrations with fitness trackers and health apps (Apple Health, Google Fit, Fitbit, Oura Ring) to sync wellness data. You maintain full control over what data is shared.

Cloud Infrastructure Providers

We use certified cloud providers with HIPAA and GDPR compliance to store your data securely. These providers act as data processors under strict contractual obligations.

Analytics & Monitoring

Third-party analytics services help us understand usage patterns. All health-sensitive data is anonymized before being sent to these services.

Each third-party integration has its own privacy policy. We recommend reviewing these policies independently. We only share necessary data required for the service to function.

Data Security & Encryption

We implement comprehensive security measures to protect your personal and health information from unauthorized access, alteration, disclosure, or destruction.

Our Security Measures:

  • End-to-End Encryption: All health data communications use TLS 1.2+ encryption
  • AES-256 Encryption: Sensitive data is encrypted at rest using industry-standard encryption
  • Multi-Factor Authentication (MFA): Supports MFA to protect account access
  • Regular Security Audits: Third-party security audits conducted quarterly
  • Penetration Testing: Regular penetration tests to identify vulnerabilities
  • Access Controls: Role-based access control (RBAC) limits employee data access
  • Compliance: HIPAA, GDPR, SOC 2 Type II, and CCPA compliant infrastructure
  • Breach Notification: We notify users within 72 hours of any confirmed security breach

While we strive to implement the highest security standards, no system is 100% secure. We cannot guarantee absolute security. However, we continuously update our security practices to address emerging threats.

Data Retention & Deletion

We retain your personal and health data only for as long as necessary to provide services and comply with legal obligations:

Active Account Data

Stored for the duration of your account and 30 days after account deletion for recovery purposes

Anonymized Analytics Data

Retained for up to 2 years for research and service improvement purposes

Legal & Compliance Records

Retained for 7 years to comply with healthcare regulations and tax requirements

GDPR & International Privacy Laws

OneBudd complies with the General Data Protection Regulation (GDPR) and other international privacy standards. For EU residents:

  • Legal basis for processing: Consent, contract performance, legitimate interests, or compliance with legal obligations
  • Data Protection Officer: Available for privacy inquiries and data protection matters
  • Standard Contractual Clauses: For international data transfers outside the EU
  • Data Processing Agreements: Available upon request for business customers

Cookies & Tracking Technologies

OneBudd uses cookies and similar technologies to enhance functionality, security, and user experience:

Essential Cookies

Required for authentication, security, and basic platform functionality

Performance Cookies

Help us understand how you use OneBudd to improve user experience

Preference Cookies

Remember your settings and preferences for personalized experience

You can control cookie preferences through your browser settings. However, disabling cookies may impact platform functionality.

Your Privacy Rights

You have the right to:

  • Access: Request and receive a copy of your personal data in a portable, machine-readable format
  • Correct: Update, correct, or complete inaccurate or incomplete information
  • Delete: Request deletion of your data (right to be forgotten), subject to legal requirements
  • Port: Transfer your data to another service in a structured format
  • Restrict Processing: Limit how we use your data under certain circumstances
  • Withdraw Consent: Withdraw consent to data processing at any time
  • Opt-Out: Opt out of marketing communications without affecting service quality

To exercise any of these rights, contact us using the information below. We will respond within 30 days.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email: privacy@onebudd.com

Support Portal: https://support.onebudd.com

Response Time: We aim to respond within 14 business days