Privacy Policy - Strongly

Introduction

Strongly ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

This policy also serves as our Consumer Health Data Privacy Policy as required under applicable state laws, including the Washington My Health My Data Act.

Contact: privacy@thestrongly.app

Consumer Health Data We Collect

We collect the following categories of consumer health data that you provide through the Service:

Account Information

Email address
Name (first and last)
Profile picture (optional)

Health & Wellness Data

Meal logs and nutritional information
Sleep duration and quality ratings
Water intake logs
Supplement and medication tracking
Mood and energy check-ins
Weight, body measurements, and biometrics
Workout and exercise data
Health goals and progress

Uploaded Health Documents

Lab result PDFs and images
Supplement label photos
Continuous glucose monitor (CGM) data files
Body composition scan photos (InBody, DEXA, BIA result sheets — photos are sent to our AI for data extraction and are not stored; only the extracted metrics such as body fat %, lean mass, and BMR are retained)

AI-Derived Health Information

Health profile knowledge learned from your conversations
AI-generated health assessment reports
Coaching actions and recommendations

Device Information

Device type and operating system
App version
Crash reports and performance data (via Sentry)

We do NOT sell your personal health data to third parties.

How We Use Your Information

Your information is used for the following purposes:

Provide the Service: Track your health data, display dashboards, and maintain your account
AI-Powered Features: Parse your natural language inputs, generate personalized insights, create health assessment reports, and provide coaching recommendations using third-party AI services (see "AI Data Processing" below)
Improve the Service: Diagnose technical issues, monitor performance, and fix bugs
Communications: Send you notifications (if enabled) and respond to support requests
Security: Protect against unauthorized access and ensure account security

AI Data Processing

Strongly uses third-party artificial intelligence services to power core features of the app. When you interact with AI-powered features, portions of your health data are sent to these providers for processing:

Anthropic (Claude AI) — Sole AI Provider

What is sent: Your chat messages, health profile context, recent activity data, uploaded health documents (lab results, supplement photos, body composition scan photos), and conversation history — only what is necessary for the specific feature you are using
What is NOT sent: Personal identifiers beyond what is needed for context; we minimize PII in all AI requests
Purpose: All AI-powered features — natural language parsing, conversational AI responses, health assessment report generation, health document analysis (labs, body scan printouts), coaching recommendations, workout program generation, and body composition scan photo OCR
Data retention: Anthropic does not use API inputs to train models. See Anthropic Privacy Policy

Important: AI-generated content (reports, recommendations, coaching actions) is for informational and wellness purposes only. It is not medical advice. See our Terms of Use for the full health disclaimer.

Data Storage and Security

We take your data security seriously:

Encryption in transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption
Encryption at rest: Your data is encrypted when stored on our servers (provided by our hosting infrastructure)
Row-Level Security: Database-level access controls ensure you can only access your own data
Secure authentication: We use Firebase Authentication for secure sign-in
Audit logging: We log access to health data for security monitoring

Third-Party Service Providers

We share your data with the following third-party service providers, solely to operate the Service:

Firebase Authentication (Google): User authentication and sign-in. Receives your email and authentication credentials. Firebase Privacy Policy
Render: Cloud hosting for our backend servers and database. Stores all user data on our behalf. Render Privacy Policy
Whop: Payment processing, subscription management, and billing. Receives your email and subscription information. Whop acts as Merchant of Record and handles tax, chargebacks, and payment card data directly — we never receive full card numbers. Whop Privacy Policy
Anthropic: All AI-powered features (sole AI provider). See "AI Data Processing" above. Anthropic Privacy Policy
Resend: Transactional email delivery (account notifications, health reports, coaching check-ins). Receives your email address and email content. Resend Privacy Policy
Umami: Privacy-safe website analytics. Collects anonymized usage data only — no personal identifiers, no cookies, GDPR/CCPA compliant by design. Umami Privacy Policy
Sentry: Error monitoring and crash reporting. May receive technical error data including device info and anonymized user identifiers. We configure Sentry to minimize collection of personal data. Sentry Privacy Policy

We require all service providers to protect your data and use it only for the purposes described above. We do not sell, rent, or share your health data for advertising or marketing purposes.

Data Retention

We retain your data for as long as your account is active. When you delete your account:

All personal data and health records are permanently deleted
Data held by third-party processors is deleted according to their retention policies
Backup data is purged according to our backup retention schedule

Your Rights

Depending on your location, you may have the following rights regarding your health data:

Access: Request a copy of all personal and health data we hold about you
Correction: Update or correct inaccurate data
Deletion: Delete your account and all associated data
Export: Download your data in a portable format
Third-party disclosure: Request a list of all third parties with whom we have shared your data
Withdraw consent: Withdraw your consent for data collection or AI processing at any time
Opt-out: Disable marketing communications

To exercise any of these rights, contact us at privacy@thestrongly.app. We will respond within 30 days.

Account Deletion

You can delete your account at any time through:

In-App: Go to Profile > Edit Profile > Delete Account
Web: Visit thestrongly.app/delete-account
Email: Send a request to privacy@thestrongly.app

Account deletion permanently removes all your data from our servers, including all health records, conversations, reports, and AI-derived information. This action cannot be undone.

Consent

By creating an account and using the Service, you consent to the collection and processing of your health data as described in this policy, including the use of third-party AI services to process your health information.

You may withdraw your consent at any time by deleting your account or contacting us at privacy@thestrongly.app. Withdrawing consent may limit your ability to use certain features of the Service.

Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@thestrongly.app.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

Posting the new policy on this page
Updating the "Last Updated" date
Requesting your re-consent within the app for material changes

Contact Us

If you have questions about this Privacy Policy, your health data, or wish to exercise your rights, contact us at:

Privacy inquiries: privacy@thestrongly.app
General support: support@thestrongly.app

We aim to respond to all inquiries within 48 hours.