MetCheck

Privacy

Privacy Policy

Effective date: [EFFECTIVE DATE]

Your trust matters. This Privacy Policy explains what information MetCheck collects, how we use and share it, and the choices you have. It applies to MetCheck users in the United States, the European Economic Area, the United Kingdom, and Canada.

1. Scope of this Policy

This Privacy Policy describes how [COMPANY LEGAL NAME] (“MetCheck,” “Metabolic Checkup,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you use our website, applications, AI coaching, screeners, assessments, and related services (the “Services”).

Important: MetCheck is a consumer wellness platform. We are not a HIPAA-covered entity or business associate, and the screening, assessment, and coaching information you provide is not treated as Protected Health Information under HIPAA. We nonetheless apply meaningful privacy and security practices to your information as described below.

By using the Services, you agree to this Policy. If you do not agree, please do not use the Services.

2. Information we collect

We collect the following categories of information:

a. Information you provide

  • Account information: name, email, password, optional phone, postal code, gender, language preference, and authentication information (including via Google sign-in).
  • Health-related self-reported information: answers to QuickScreen, Wellbeing Checkup, Behavioral Health Checkup, Resilience Checkup, and other screeners; optional inputs such as blood pressure, glucose, lipids, waist circumference, medication usage, sleep, stress, mood, and lifestyle data; AI coaching messages and feedback.
  • Payment information: billing details collected and processed by our payment processor (Stripe). MetCheck does not store full card numbers.
  • Communications: emails, support requests, and feedback you send us.

b. Information collected automatically

  • Device and usage data: IP address, browser, operating system, device identifiers, pages and features used, timestamps, and referring/exit URLs.
  • Cookies and similar technologies: session cookies, preference cookies (such as your selected language), authentication cookies, and limited analytics.

c. Information from third parties

  • Identity providers (e.g., Google) when you sign in;
  • Payment processors for transaction status;
  • Optional lab partners (e.g., Ulta Lab Tests / Quest Diagnostics) only if you choose to use them, and subject to their own privacy practices.

3. How we use information

We use information to:

  • Provide, maintain, secure, and improve the Services, including generating screener scores and AI coaching responses;
  • Authenticate you, manage your account, and personalize your experience;
  • Process payments, billing, and subscription management;
  • Communicate with you, including service-related notices, security alerts, and (with your consent where required) marketing or product updates;
  • Monitor for safety signals (such as crisis-related language in coaching) and respond appropriately;
  • Detect, prevent, and respond to fraud, abuse, and security incidents;
  • Comply with legal obligations and enforce our Terms of Use.

AI processing. AI coaching messages are sent to AI model providers (currently including Anthropic and OpenAI / Lovable AI Gateway) on our behalf to generate responses. We instruct providers contractually not to use the content of your messages to train their public models. We do not sell coaching content.

Email communications. We send two categories of email:

  • Transactional emails (account confirmations, password resets, security alerts, billing receipts, screener results, and other service-related notices) — required to operate your account; you cannot opt out while your account is active.
  • Promotional and informational emails (newsletters, product updates, marketing offers, educational content) — optional and sent only with your consent. You can opt in or out at any time from Account → Email preferences or by clicking the unsubscribe link in any such email.

We honor unsubscribe requests promptly. Opting out of marketing emails does not affect your ability to use the Services or stop transactional emails.

5. How we share information

We do not sell your personal information for monetary consideration, and we do not share coaching message content for cross-context behavioral advertising. We share information only as described below:

  • Service providers (processors): hosting and infrastructure (e.g., Cloudflare Workers, Lovable Cloud / Supabase), analytics, email delivery, payment processing (Stripe), AI model providers (Lovable AI Gateway routing to Anthropic and OpenAI), and customer support tools — bound by contract to protect your data and process it only on our instructions.
  • Optional third-party services you initiate, such as bloodwork ordered through Ulta Lab Tests / Quest Diagnostics; their privacy practices apply to those interactions.
  • Legal and safety: to comply with law, lawful requests, court orders, or to protect the rights, safety, or property of MetCheck, our users, or the public.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.
  • With your direction or consent (for example, if you ask us to share results with a clinician you designate).

6. Data retention

We retain personal information for as long as your account is active and as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. When you delete your account, we will delete or de-identify your personal information within a commercially reasonable period, except where retention is required by law (for example, financial records) or necessary to defend against legal claims.

7. SMS / text messaging

If you provide a mobile phone number and opt in to SMS, MetCheck may send text messages for two-factor authentication (2FA) codes, account security alerts, and critical account notifications. Message frequency varies. Message and data rates may apply. You can opt out at any time by replying STOP to any message, or reply HELP for help.

Mobile phone numbers and SMS opt-in consent will not be shared with third parties or affiliates for marketing or promotional purposes. Phone numbers may be shared only with our SMS delivery provider (e.g., Twilio) strictly to transmit the messages you have requested, and with law enforcement where required by law.

You may also manage SMS preferences from Account → Preferences at any time.

8. Security

We use technical and organizational safeguards designed to protect your information, including encryption in transit (TLS), access controls, role-based permissions, row-level security in our database, audit logging, and vendor due diligence. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you and regulators where required by law.

9. Your privacy rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate information;
  • Delete your account and personal information;
  • Restrict or object to certain processing;
  • Receive a portable copy of your information;
  • Opt out of targeted advertising, “sale” or “sharing” of personal information (we do not engage in these activities), and certain profiling;
  • Withdraw consent where processing is based on consent;
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, email [CONTACT EMAIL]. We will verify your request and respond within the time required by applicable law. We will not discriminate against you for exercising your rights.

U.S. state-specific rights

Residents of California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), Virginia (VCDPA), Utah, and other states with comprehensive privacy laws have the rights listed above. We do not sell personal information or share it for cross-context behavioral advertising. California residents may designate an authorized agent to make a request on their behalf and may appeal our decision by emailing [CONTACT EMAIL].

Canada (PIPEDA)

Canadian users may request access to and correction of their personal information and may contact the Office of the Privacy Commissioner of Canada with concerns.

EU/UK (GDPR)

EU/UK users may contact our representative at [CONTACT EMAIL]. The lead supervisory authority for your jurisdiction is also available to receive complaints.

10. International data transfers

MetCheck operates from the United States, and our service providers may process your data in the U.S. or other countries that may have different data protection laws than your home country. Where required (for example, transfers from the EU/UK), we rely on lawful transfer mechanisms such as the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum, supplemented with appropriate technical and organizational safeguards.

11. Children

The Services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact [CONTACT EMAIL] and we will take appropriate steps to delete it.

12. Cookies and tracking

We use cookies and similar technologies to keep you signed in, remember your language and preferences, secure the Services, and understand usage in aggregate. You can control cookies through your browser settings; disabling some cookies may impact functionality. Where required by law, we will request your consent before placing non-essential cookies and provide a cookie banner with granular choices.

13. Do Not Track and Global Privacy Control

We currently do not respond to browser “Do Not Track” signals. We do honor recognized opt-out preference signals such as the Global Privacy Control (GPC) where required by applicable state law, treating them as an opt-out of “sale” or “sharing” of personal information.

14. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide reasonable notice (for example, by email or in-product notice) before the changes take effect. The “Effective date” at the top of this page indicates when this Policy was last updated.

15. Contact us

For questions, concerns, or requests about this Policy or your personal information, email [CONTACT EMAIL] or write to [COMPANY LEGAL NAME], [POSTAL ADDRESS].

Questions? Contact us at [CONTACT EMAIL].

← Return home