Consumer Health Data Privacy Notice
Effective Date: July 4, 2026
Last Updated: July 4, 2026
This Consumer Health Data Privacy Notice (the “Notice”) supplements the Velora Privacy Policy and describes how Havra LLC (“Havra,” “Velora,” “we,” “us,” or “our”) collects, uses, shares, and protects “consumer health data” under the Washington My Health My Data Act (MHMDA), Nevada SB370, and the Connecticut Data Privacy Act (CTDPA). For residents of Washington, Nevada, and Connecticut, this Notice governs consumer health data and controls over the Privacy Policy if there is any conflict.
Velora is intended only for users who are 18 years of age or older. Velora is not a medical device, is not a HIPAA-covered entity, and does not provide medical advice or diagnosis.
In plain terms: Your stored health content (progress photos, coach chats, nutrition history) is encrypted, and your progress photos, coach chats, and nutrition history are additionally encrypted on your device before upload so we store only ciphertext. Meal-scan photos are deleted promptly after the AI returns your result. Menstrual cycle data and Apple Health data are stored only on your device — they are not uploaded to our servers. We send your data to our AI providers only to generate your response, and we contractually restrict them from using it to train or improve their models. We do not sell your consumer health data, and we do not use it for targeted advertising.
Contents
- 1. Scope
- 2. Categories We Collect
- 3. Sources
- 4. Purposes
- 5. Sharing & Recipients
- 6. Affiliates
- 7. Security, Image Encryption & Deletion
- 8. Consent
- 9. No Sale Without Authorization
- 10. No Geofencing
- 10A. Menstrual Cycle Data (On-Device)
- 11. Your Rights
- 12. Right to Appeal
- 13. Data Retention
- 14. Contact
1. Scope — What Is Consumer Health Data
This Notice applies to “consumer health data” as defined under the Washington My Health My Data Act, Nevada SB370, and the Connecticut Data Privacy Act. We treat the following as consumer health data:
- Your body metrics and goals (height, weight, body-fat estimates, target weight, measurements)
- Your nutrition and meal logs, calorie and macronutrient data, and barcode scan results
- Your body-progress, fat-loss, and workout photos
- The photos you submit for AI meal scanning
- Your menstrual cycle data (period dates, symptoms, notes, and the cycle estimates derived from them), if you use cycle tracking
- Apple Health metrics you allow Velora to read, and the wellness scores derived from them, if you connect Apple Health
- Health- and fitness-related inferences our features derive (such as recovery, muscle-group focus, cycle phase, and progress insights)
2. Categories of Consumer Health Data We Collect
We collect: (a) body and fitness metrics and goals you enter; (b) nutrition, meal, and dietary logs, including calorie and macronutrient information and barcode scan results; (c) images you upload, including body-progress, fat-loss, and workout photos, and meal-scan photos; (d) menstrual cycle entries and estimates, if you enable cycle tracking; (e) Apple Health metrics and on-device wellness scores, if you connect Apple Health; and (f) health-related inferences our AI features generate to provide coaching, nutrition guidance, cycle insights, and progress insights. We do not collect consumer health data that we do not need to provide the features you use.
3. Sources
- Directly from you, when you enter information, set goals, log your cycle, or upload photos
- From your device, limited to usage and diagnostic information needed to operate and secure the app, and — only if you connect it — Apple Health (read on-device only; not uploaded to us)
- From Apple, limited to your subscription status through In-App Purchase (we do not receive health data from Apple’s payment systems)
- From Open Food Facts, which supplies product and nutrition reference data matched to the barcodes you scan
4. Purposes for Which We Use Consumer Health Data
We collect and use consumer health data only to: provide the fitness, nutrition, body-progress, cycle, and AI coaching features you request; generate your AI coaching and meal-scan responses; maintain your logs, history, and progress; manage your account and subscription; apply safety guardrails; secure the service and prevent fraud; and comply with law.
We do not use your consumer health data for cross-context behavioral or targeted advertising. We do not sell your consumer health data. We do not use, and we contractually prohibit our AI providers from using, your consumer health data to train, fine-tune, or improve any artificial-intelligence model.
5. Categories of Consumer Health Data We Share and With Whom
We share consumer health data only with service providers that process it on our behalf and under contract, solely to provide the service to you:
- Supabase — authentication, database, and encrypted storage
- Render — application hosting
- Our AI/model inference providers — process your data only to generate your coaching and meal-scan responses, and are contractually restricted from retaining it beyond what is needed to operate the service or using it to train or improve any model
- Cloudflare — web delivery, content delivery, and security
- Resend — transactional email (does not receive your health data content)
We also exchange barcode query data with Open Food Facts (only the product barcode — not your identity or health data), and we receive subscription status from Apple. Our advertising partner (Start.io) and our subscription manager (RevenueCat) receive no consumer health data of any kind — advertising involves only a device advertising identifier for free-tier users (Privacy Policy, “Advertising”), and subscription management involves only an internal account identifier and purchase data. These are service-provider relationships, not sales, and we do not disclose your consumer health data to third parties for their own purposes.
6. Affiliates
Velora is operated by Havra LLC. We do not currently share your consumer health data with any affiliates. If this changes, we will update this Notice to identify each affiliate by name before any such sharing occurs.
7. Security, Image Encryption, and Meal-Scan Deletion
Images you upload — including body-progress, workout, and meal-scan photos — are encrypted in transit (TLS) and at rest (strong, industry-standard, provider-managed encryption such as AES-256). Your body-progress and workout photos, coach chat history, and nutrition history are additionally encrypted on your device (AES-256) before upload, so our servers store only ciphertext we cannot read; the encryption key is held only on your device and is not recoverable by us if you lose it.
Photos you submit for AI meal scanning are processed only to return your scan result and are deleted promptly afterward; we do not retain meal-scan images for any other purpose. Profile, body-progress, and workout photos that you choose to save are stored only while your account is active and are deleted on account deletion (within our standard window, currently up to 30 days), except for residual copies in encrypted backups (purged on our normal rotation) and where retention is required by law.
When we send your data to our AI providers to generate a response, we do so only to produce that response for you (“inference”), and our AI providers are contractually restricted from using your data to train, fine-tune, or improve their models; they may retain limited data briefly to operate the service and detect abuse under their standard terms.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security; we use reasonable, industry-standard safeguards.
8. Consent for Collection and Sharing Beyond What Is Necessary
We collect and share consumer health data that is necessary to provide a feature you have requested without separate consent. For any collection or sharing beyond what is necessary to provide a feature you request, we will first obtain your consent through a clear, affirmative, opt-in choice separate from your acceptance of our Terms and Privacy Policy. Optional health features — Apple Health and cycle tracking, and sharing your cycle context with the AI coach — are off by default and require a separate, affirmative opt-in. We do not use pre-checked boxes or deceptive designs, and you may withdraw consent at any time as described below.
9. No Sale of Consumer Health Data Without Valid Authorization
We do not sell your consumer health data. We will not sell it unless we first obtain your separate, written, signed valid authorization meeting applicable law (describing the data, recipient, and purpose, expiring no later than one year from signing, and revocable at any time). We will provide you a copy of any authorization you sign.
10. No Geofencing Around Health Facilities
We do not, and will not, use a geofence to establish a virtual boundary around any facility that provides in-person health-care services in order to identify or track consumers seeking those services, collect consumer health data, or send notifications, messages, or advertisements related to a consumer’s health data or health care. (Velora requests no device-location permission at all.)
10A. Menstrual Cycle Data (On-Device)
Cycle tracking is an optional feature. If you use it:
- On-device by default. Your cycle data (period dates, symptoms, notes) and the estimates we calculate are stored only on your iPhone. We do not upload cycle data to our servers, and cloud sync for cycle data has not shipped. If we later introduce cloud sync, it will be off by default and require your separate, affirmative opt-in, and we will update this Notice first.
- Coaching is opt-in and minimized. Cycle data is shared with the AI coach only if you turn on cycle-aware coaching. Even then, only a minimal, current snapshot (cycle phase, cycle day, a confidence level, and recent symptom categories) is shared — never your notes, and never your full history or dates. You can turn cycle-aware coaching off at any time, and the coach immediately loses access.
- No advertising or analytics use. Cycle data is never used for advertising, is never shared with our advertising partner, and is not sent to any analytics system.
- Estimates only — not for contraception. Cycle predictions are estimates and must not be used for contraception or to plan or avoid pregnancy. Velora is not a medical or fertility device.
- Delete anytime. You can erase all cycle data with the in-app “delete all cycle data” control, which permanently removes it from your device.
11. Your Consumer Health Data Rights and How to Exercise Them
If you are a resident of Washington, Nevada, or Connecticut, you have the right to:
- Confirm and access whether we are collecting, sharing, or selling your consumer health data and access that data, including a list of all third parties and affiliates with which we have shared it;
- Delete your consumer health data — we will delete it from our records and direct our service providers and any affiliates to delete it, except where permitted or required by law to retain limited information (for example, de-identified or anonymous records kept for security or legal compliance); and
- Withdraw consent to our collection and sharing of your consumer health data (for example, by turning off Apple Health or cycle tracking, or by deleting your account).
You can delete your account and data in the app; for access, a third-party list, or a formal withdrawal, email support@joinvelora.app. We will respond within 45 days; if we need more time, we may extend by an additional 45 days and will tell you why. We will not discriminate or retaliate against you for exercising these rights.
12. Right to Appeal
If we decline to act on your request, we will tell you why. You may appeal by replying to our response or emailing support@joinvelora.app with the subject line “Consumer Health Data Appeal.” We will respond within 45 days and explain our decision. If we deny your appeal, you may submit a complaint to your state Attorney General — in Washington, Nevada, and Connecticut, the respective Office of the Attorney General.
13. Data Retention
Meal-scan photos are transient and are deleted promptly after the AI returns your scan result. Menstrual cycle data and Apple Health data are stored only on your device and are removed when you delete them in the app, turn off the feature, or delete the app. Other consumer health data is retained while your account is active and is deleted on account deletion (immediately, and in all cases within our standard window of 30 days) unless deleted by you earlier or unless a longer period is required by law, to resolve disputes, or to enforce our agreements. On deletion, certain records may persist as permitted by law: de-identified analytics/abuse-prevention records (with your identifier removed) and anonymous records that never contained an identifier. Our internal administrative audit log (records of administrator actions, which may reference an affected account) is append-only and permanent by design for security and compliance integrity; it is access-restricted and is not used for any consumer-health-data purpose.
