PRIVACY POLICY
Last updated: January 16, 2026
This Privacy Notice for Alexander Guerrero ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or
share ("process") your personal information when you use our services ("Services"), including when you:
• Download and use our mobile application (ORI), or any other application of ours that links to this Privacy Notice
• Use ORI. Ori is an AI-powered health optimization mobile app that provides personalized wellness coaching through advanced data
analysis. The app collects and analyzes user health data including nutrition intake, workout performance, sleep patterns, recovery
metrics, and biomarker results to generate customized weekly health protocols. Users input meals, log workouts, track sleep, and sync
data from Apple Health. Our AI coach "Ori" provides real-time guidance, meal recommendations, workout plans, and
recovery strategies based on individual user data and goals. The app includes features for meal tracking, exercise logging, biomarker
analysis, AI chat coaching, and personalized protocol generation to help users optimize their health, fitness, and recovery.
• Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for
making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use
our Services. If you still have any questions or concerns, please contact us at orihealth.contact@gmail.com.
SUMMARY OF KEY POINTS
This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by using our table
of contents below to find the section you are looking for.
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on
how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal
information you disclose to us.
Do we process any sensitive personal information? Some of the information may be considered "special" or "sensitive" in certain
jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. We may process sensitive personal
information when necessary with your consent or as otherwise permitted by applicable law. Learn more about sensitive information we
process.
Do we collect any information from third parties? We may collect information from public databases, marketing partners, social media
platforms, and other outside sources. Learn more about information collected from other sources.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you,
for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We
process your information only when we have a valid legal reason to do so. Learn more about how we process your information.
In what situations and with which types of parties do we share personal information? We may share information in specific situations and
with specific categories of third parties. Learn more about when and with whom we share your personal information.
How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your
personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be
100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to
defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information
safe.
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights
regarding your personal information. Learn more about your privacy rights.
How do you exercise your rights? The easiest way to exercise your rights is by visiting orihealth.contact@gmail.com, or by contacting us.
We will consider and act upon any request in accordance with applicable data protection laws.
TABLE OF CONTENTS
1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE PROCESS YOUR INFORMATION?
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
5. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
7. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
8. HOW LONG DO WE KEEP YOUR INFORMATION?
9. HOW DO WE KEEP YOUR INFORMATION SAFE?
10. DO WE COLLECT INFORMATION FROM MINORS?
11. WHAT ARE YOUR PRIVACY RIGHTS?
12. CONTROLS FOR DO-NOT-TRACK FEATURES
13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
14. DO WE MAKE UPDATES TO THIS NOTICE?
15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining
information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and
the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
• names
• email addresses
• usernames
• passwords
• contact or authentication data
Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories
of sensitive information:
• health data
Consumer Health Data Privacy
In Short: We collect health-related data to provide personalized health insights and AI coaching recommendations.
Health Data We Collect: We collect health-related data including:
• Fitness and workout information
• Nutrition and dietary data
• Sleep and recovery metrics
• Biomarker and vital sign data
• Data from Apple Health
• AI coaching conversations and responses
How We Use Health Data: We use this data to:
• Provide personalized health insights and recommendations
• Generate AI coaching recommendations through our chat features
• Track your progress toward health and fitness goals
• Analyze patterns in your health and wellness data
Health Data Sharing: We share health data only with:
• Service providers who help operate our app (Supabase for data storage, OpenAI for AI features)
• These providers are contractually required to protect your data
• We never sell health data to third parties
• We never use health data for advertising or marketing
Your Health Data Rights: You have the right to:
• Delete your health data anytime by deleting your account in Settings
• Control data sharing through Privacy Mode toggle in Settings
• Access your health data by contacting us at orihealth.contact@gmail.com
• Withdraw consent by discontinuing use of health features
Health Platform Data (Apple HealthKit / Google Fit / Health Connect)
We access and write health data only to provide health and fitness features, with your explicit consent. We do not use this data for
advertising, marketing, or data mining, and we do not sell such data. We do not share HealthKit/Google Fit/Health Connect data with third
parties except to process such data on our behalf under a written contract, solely for these purposes and with equivalent protections.
Payment Data. Purchases are processed via the Apple App Store or Google Play through our subscription partner RevenueCat. We do not
receive or store full payment instrument details.
Social Login Data. We provide the option to register using your Apple or Google account. We receive only the minimal profile information
necessary to authenticate you.
Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or
permission:
• Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device's
camera, sensors, storage, and other features.
• Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating
system, version information and system configuration information, device and application identification numbers, browser type and
version, hardware model Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server).
• Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s).
Information automatically collected
In Short: We collect limited technical telemetry necessary to operate and secure the app. We do not collect precise device location, and we do not store IP addresses in our own logs. Our analytics and error reporting providers (such as Sentry and PostHog) are configured to prevent storing IP addresses and to disable geolocation enrichment. Our advertising and attribution partners may process IP addresses and other identifiers as part of their services, as described in their own privacy notices.
We may process device and usage information such as device model, OS version, app version, and error diagnostics. Our analytics and error
reporting providers are configured to prevent storing IP addresses and to disable geolocation enrichment.
Session Replay / Session Recording (PostHog).
We may use session replay technology provided by PostHog to help us diagnose bugs, improve app usability, and understand how users interact with the app. Session replay may capture in-app interaction events such as taps, swipes, scrolling, navigation between screens, and UI behavior, along with limited technical metadata about the app session.
We configure session replay to minimize data collection and to mask or exclude sensitive information where possible (for example, text entered into input fields). We do not intentionally collect passwords, full payment details, or highly sensitive personal information through session replay.
The information we process includes:
• Log and Usage Data. Service‑related diagnostic, usage, and performance information (e.g., feature usage counts, error codes).
• Device Data. Device model, OS version, app version, and similar technical metadata.
• Session Interaction Data. In-app interactions such as taps, swipes, navigation, and UI diagnostics collected via session replay for troubleshooting and product improvement.
Information collected from other sources
In Short: We may collect limited data from public databases, marketing partners, social media platforms, and other outside sources.
In order to enhance our ability to provide relevant marketing, offers, and services to you and update our records, we may obtain
information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social
media platforms, and from other third parties.
Advertising and attribution data. If you install ORI after viewing an advertisement for our app (for example via Apple Search Ads or Meta/Facebook ads), our advertising partners may receive limited technical and event information needed to measure the performance of those campaigns. This may include:
• Device identifiers (such as the Identifier for Advertisers (IDFA) when you have granted tracking permission, or the Identifier for Vendors (IDFV))
• Basic device information (device model, OS version, app version, language)
• Installation and engagement events (such as app install, app open, subscription start or renewal, and trial start/end)
• Campaign metadata (for example, which ad or keyword led to the install)
We configure our implementation so that we do not share your health data (such as specific workouts, meals, biomarker values, or AI coaching messages) with advertising partners.
2. HOW DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud
prevention, and to comply with law.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
• To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create
and log in to your account, as well as keep your account in working order.
• To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
• To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any
potential issues you might have with the requested service.
• To measure and improve our advertising and user acquisition. We may process limited technical and event information (such as device identifiers, app installs, and subscription events) to understand which ads and campaigns are driving installs and subscriptions, and to optimize our marketing spend.
• To send administrative information to you. We may process your information to send you details about our products and services, changes
to our terms and policies, and other similar information.
• To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our
Services.
• To send you marketing and promotional communications. We may process the personal information you send to us for our marketing
purposes, if this is in accordance with your marketing preferences.
• To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud
monitoring and prevention.
• To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we
can improve them.
• To troubleshoot, secure, and improve the app experience, including debugging issues and improving usability through analytics and session replay.
• To generate personalized health and fitness recommendations.
• To analyze user health data and provide coaching insights.
• To improve AI coaching recommendations.
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis)
to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our
contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
In Short: We may share information in specific situations described in this section and/or with the following categories of third
parties.
Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers,
contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that
work. The categories of third parties we may share personal information with are as follows:
• AI Platforms
• Data Analytics Services
• Data Storage Service Providers
• User Account Registration & Authentication Services
• Performance Monitoring Tools
• Cloud Computing Services
• Sales & Marketing Tools
• Advertising and attribution partners (for example, Apple Search Ads and Meta/Facebook) to measure the performance of our advertising campaigns and understand which ads lead to installs, subscriptions, and other key actions. We do not share your health data with these partners.
Diagnostics & analytics processors.
We use Sentry (error and crash reporting) and PostHog (product analytics and session replay) to help us understand app performance and improve reliability, security, and usability. These services are configured to disable IP address storage and geolocation enrichment. We do not intentionally send health data (such as meals, workouts, biomarker values, or AI coaching content) to these services. You may opt out of analytics and session replay at any time through the in-app Privacy Mode.
We also may need to share your personal information in the following situations:
• Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of
company assets, financing, or acquisition of all or a portion of our business to another company.
5. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
In Short: We offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies.
As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar
technologies (collectively, "AI Products"). These tools are designed to enhance your experience and provide you with innovative
solutions.
Use of AI Technologies: We provide the AI Products through third-party service providers ("AI Service Providers"), including Anthropic
and OpenAI.
Our AI Products: Our AI Products are designed for the following functions:
• AI insights
• Text analysis
• AI predictive analytics
• AI applications
6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
In Short: If you choose to register or log in using your Apple or Google account, we may receive minimal profile information needed to
authenticate you.
Our Services offer you the ability to register and log in using your Apple or Google account. We receive only the minimal profile
information necessary to authenticate you.
7. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
In Short: We may transfer, store, and process your information in countries other than your own.
Our servers are located in the United States. Regardless of your location, please be aware that your information may be transferred to,
stored by, and processed by us in our facilities and in the facilities of the third parties with whom we may share your personal
information, including facilities in the United States, and other countries.
8. HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise
required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a
longer retention period is required or permitted by law. No purpose in this notice will require us keeping your personal information for
longer than three (3) months past the termination of the user's account. Some diagnostic and analytics data, including session replay data, may be retained for a limited period for security, debugging, and product improvement purposes, and then deleted or anonymized in accordance with our retention settings and applicable law.
9. HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any
personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over
the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers,
cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or
modify your information.
For your privacy, we limit what is captured in our diagnostics tools. If session replay is enabled, it is configured to mask or exclude sensitive inputs where possible (such as text entered into input fields). We do not intentionally collect passwords or full payment information through session replay.
10. DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market to children under 18 years of age or the equivalent age as specified by law in
your jurisdiction.
We do not knowingly collect, solicit data from, or market to children under 18 years of age or the equivalent age as specified by law in
your jurisdiction, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or
the equivalent age as specified by law in your jurisdiction or that you are the parent or guardian of such a minor and consent to such
minor dependent's use of the Services.
11. WHAT ARE YOUR PRIVACY RIGHTS?
In Short: Depending on your state of residence in the US or in some regions, such as the European Economic Area (EEA), United Kingdom
(UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information.
In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may
include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii)
to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated
decision-making.
Account Information: If you would at any time like to review or change the information in your account or terminate your account, you
can:
• Log in to your account settings and update your user account.
If you have questions or comments about your privacy rights, you may email us at orihealth.contact@gmail.com.
App Tracking Transparency (iOS):
On Apple devices, you may see a system prompt asking whether you allow ORI to “track your activity across other companies’ apps and websites.” If you choose “Allow,” we may access the device’s Identifier for Advertisers (IDFA) and share it with our advertising partners to measure ad performance and show you more relevant ads for ORI. If you choose “Ask App Not to Track,” we will not access the IDFA or use it for tracking as described above. You can change your choice at any time in your device Settings under Privacy & Security → Tracking.
12. CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can
activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.
At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not
currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.
13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota,
Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to
request access to and receive details about the personal information we maintain about you and how we have processed it, correct
inaccuracies, get a copy of, or delete your personal information.
California "Shine The Light" Law: California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who
are California residents to request and obtain from us, once a year and free of charge, information about categories of personal
information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with
which we shared personal information in the immediately preceding calendar year.
14. DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of
this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such
changes or by directly sending you a notification.
15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have questions or comments about this notice, you may email us at orihealth.contact@gmail.com.
Alexander Guerrero
United States
16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal
information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information.
You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some
circumstances by applicable law.
To request to review, update, or delete your personal information, please visit: orihealth.contact@gmail.com.
By using the ORI App, you acknowledge that you have read, understood, and agree to this Privacy Policy.