Privacy Policy
Last updated date: August 22, 2025
This Privacy Policy explains how Flourish AI (“Flourish,” “we,” “us”) collects, uses, and shares information when you use our app and related services (the “Service”). Flourish is a U.S. direct-to-consumer health application specializing in chronic condition management, with a particular emphasis on dietary counseling. We are dedicated to safeguarding your personal information. If you do not agree, do not use the Service.
Contact: info@tryflourish.ai.
Our Core Privacy Commitments are simple:
We do not sell your personal information.
We do not share your health data with advertisers or allow third-party ad networks to use it for cross-context behavioral advertising.
We use strong encryption and security to protect your data (including encryption in transit and at rest, access controls, and monitoring).
We give you control over your data, including the ability to access and delete your information, subject to applicable law and technical limitations described below.
Information We Collect
You provide: account info (name, email, encrypted password); optional profile (e.g., health conditions, dietary preferences, etc); health/wellness inputs (symptom logs, meal notes, photos), voice entries (transcripts), chatbot conversations, surveys/feedback, and support emails.
Automatic: device and app information (device model/OS, app actions/screens, session duration), diagnostics/crash data, and approximate location (e.g., city/state from IP). We do not collect precise GPS.
Integrations: with your permission, we may import data from Apple HealthKit/Google Fit or connected wearables/apps (only the categories you authorize).
Sensitive data: Many inputs are health-related. We handle them with heightened care and do not use them for advertising.
How we use this information
Provide the Service: personalize logs/insights, power in-app features and the AI assistant, send you reminders (you can control in settings).
Improve and secure: analyze aggregated usage to fix bugs and develop features; monitor and protect against abuse or security incidents.
Support: respond to requests and provide customer service.
De-identified/aggregate use: we may use de-identified or aggregate data to analyze trends and improve the Service. We do not attempt to re-identify such data.
How We Share Information
We don’t sell your information. We share it only with:
Service providers (processors) that host, process, or support the Service (e.g., cloud hosting, analytics, diagnostics, communications). They act on our instructions, are bound by contract, and are not permitted to use your information for their own purposes.
Legal/safety: to comply with law, enforce our terms, or protect users and the Service.
Business transfers: in a merger, acquisition, or asset sale, your information may transfer subject to this Policy.
With your direction: for example, if you export or share your data with another app or a professional you select.
Retention and Deletion
Logs & content: kept until you delete them or delete your account. Deleted entries are removed from active systems within 24 hours and from backups within 90 days.
Account data: kept while your account is active. Post-deletion, we retain minimal records (e.g., email suppression) as required for security or compliance.
Analytics/diagnostics: retained about 12 months(analytics) and 90 days (crash logs). You can delete entries in-app or request account deletion at any time.
Security
We use administrative, technical, and physical safeguards appropriate to the sensitivity of your data, including encryption in transit and at rest, access controls and MFA for administrative access, and monitoring for unusual activity. No system is perfectly secure; if we learn of a security incident, we will act promptly as described below
Cookies/SDKs
The mobile app uses local storage for functionality (e.g., keeping you logged in). We do not enable third-party advertising SDKs.
Breach Notification (Health Apps)
If a data breach compromises the security of your identifiable health information, we will notify affected users and, where required, the U.S. Federal Trade Commission within applicable timeframes under the FTC Health Breach Notification Rule. Notices will describe what happened, information involved, our response, and how to contact us.
Your Privacy Rights
Depending on your state (including California), you may have rights to access, correct, and delete personal information, and to receive information about our practices. We do not sell or share personal information for cross-context behavioral advertising.
To submit a request, email info@tryflourish.ai. We will verify your request and respond within required timeframes. You may authorize an agent to act for you (California). We will not discriminate against you for exercising your rights.
California Disclosures (CCPA/CPRA)
Categories collected (last 12 months): identifiers (name, email, device ID, IP), internet/activity data (app usage, diagnostics), approximate location (city/state), audio/photos you upload, and health information you provide.
Sensitive personal information (health data) is used only to provide the Service or as otherwise permitted by law; we do not use it for advertising or to infer characteristics unrelated to the Service.
Service providers: we disclose categories above to processors to operate the Service. We do not sell personal information and do not share it for cross-context behavioral advertising.
Children
The Service is not directed to children under 13, and we do not knowingly collect data from them. If you believe a child under 13 provided data, contact us to delete it.
Changes to this Policy
We may update this Policy; we’ll post the date above and, for material changes, provide notice in-app or by email. Continued use after the effective date means you accept the updated Policy.
Contact
Email: info@tryflourish.ai
Thank you for trusting Flourish AI with your health journey.
Smart Eating, Better Living