Privacy Policy

Your health data, your control

Effective Date: March 30, 2026 | Last Updated: March 30, 2026

At BioPoint, your privacy is not negotiable. We believe health data is deeply personal. This policy explains exactly what we collect, how we use it, who we share it with, and what rights you have. We don't sell your data. We don't advertise. We're transparent about every integration.

Quick Navigation

  1. Information We Collect
  2. How We Use Your Data
  3. Data Storage & Security
  4. Third-Party Services
  5. HealthKit Data
  6. Your Rights (CCPA)
  7. Data Deletion & Account Closure
  8. Children's Privacy
  9. Policy Changes
  10. Contact & Support

Information We Collect

Account & Identity

  • Email address — used for account recovery and login
  • Password — hashed with bcrypt, never stored in plaintext
  • Display name — optional, set by you

Health & Biometric Data

You voluntarily enter this data. We never force collection:

  • Sleep logs (duration, quality, bedtime, wake time)
  • Energy levels (subjective 1–10 scale)
  • Mood tracking (subjective ratings)
  • Weight & body measurements
  • Supplement intake (brands, dosages, frequency)
  • Fasting windows and duration
  • Nutrition logs (meals, macros, ingredients)
  • Lab reports (blood work, genetic tests, biomarkers)
  • Food photos (analyzed by AI for nutrition estimation)

Apple HealthKit Integration

  • Sleep data (read-only from HealthKit)
  • Step count (read-only from HealthKit)
  • These are synced to your BioPoint account for analysis; never shared with third parties

Device & Technical Information

  • Device model, OS version, app version
  • IP address (for security & fraud detection)
  • Push notification tokens (for reminders & alerts)
  • Crash logs & error reports (Sentry)
  • Analytics events (feature usage, session duration)

What We Don't Collect

  • Location data (we don't ask for it)
  • Contacts or call logs
  • Biometric authentication data (Face ID / Touch ID stays on device)
  • Precise location via GPS
  • Photos or media except those you explicitly upload for AI analysis

How We Use Your Data

Core Functionality

  • Storing and organizing your health entries
  • Generating insights, trends, and recommendations
  • Syncing with Apple HealthKit
  • Enabling cross-device access to your data

AI Features

BioPoint uses Google Gemini AI to:

  • Analyze lab reports — Gemini reads your PDFs/images to extract biomarkers and generate insights
  • Identify foods in photos — Gemini analyzes images you upload for nutritional content
Important: Data sent to Google's API is processed in real-time but not retained for model training. Google may use this data to improve their API performance and safety, but your health data is not used to train their general models. Read Google's AI privacy policy.

Account Management

  • Sending account verification emails
  • Password resets and security alerts
  • Subscription management via RevenueCat
  • Push notifications for reminders (Expo)

Security & Legal

  • Detecting fraud, abuse, and unauthorized access
  • Complying with law enforcement requests (with proper legal process)
  • Protecting against spam and malicious activity

What We Don't Do

  • We do not sell your data to advertisers, brokers, or third parties
  • We do not use your health data for targeted advertising
  • We do not share your data with health insurance companies
  • We do not allow employers or workplace wellness programs to access your data
  • We do not train our own ML models on your health data

Data Storage & Security

Where Your Data Lives

Data Type Storage Location Encryption
Accounts, health logs, settings Supabase (PostgreSQL, AWS) AES-256 at rest; TLS 1.3 in transit
Lab reports, food photos, uploads Cloudflare R2 (object storage) AES-256 at rest; TLS 1.3 in transit
Error logs & crash reports Sentry (US-based servers) TLS encrypted; retention 30 days
Subscription records RevenueCat RevenueCat's security standards

Security Practices

  • Password hashing: bcrypt with salt cost 12
  • API authentication: JWT tokens with 1-hour expiry
  • Database access: Row-level security; users can only access their own data
  • File uploads: Virus scanned; private/signed URLs only accessible by account owner
  • Two-factor authentication (2FA): Available via authenticator apps
  • Regular security audits: Penetration testing quarterly
  • Incident response plan: Data breach notification within 72 hours per GDPR
No Unencrypted Backups: All backups of your data are encrypted. We do not store plaintext copies of your password or health data offline.

Data Retention

  • Health logs: stored indefinitely (your property) unless you delete
  • Error logs: 30 days max
  • Analytics events: 90 days, then aggregated
  • Login session tokens: 1 hour, then expire
  • Account deletion: all personal data erased within 30 days

Third-Party Services & Integrations

BioPoint integrates with the following third-party services. We've selected each carefully to minimize data exposure:

Google Gemini AI

  • What data is sent: Lab report PDFs/images and food photos (only when you ask us to analyze them)
  • Retention: Not retained for model training (Google's policy)
  • Your control: You choose whether to use AI features; they're optional
  • Privacy link: Google Cloud Privacy

Supabase (PostgreSQL)

  • What data is stored: All account and health log data
  • Infrastructure: AWS (us-east-1 region)
  • Privacy link: Supabase Privacy

Cloudflare R2

  • What data is stored: Files you upload (lab reports, photos)
  • Infrastructure: Global CDN with redundancy
  • Access control: Signed URLs; only you can download your files
  • Privacy link: Cloudflare Privacy

RevenueCat

  • What data is shared: Email, subscription status, purchase history
  • Purpose: Managing in-app subscriptions & refunds
  • Your control: Manage subscriptions directly in App Store Settings
  • Privacy link: RevenueCat Privacy

Expo (Push Notifications)

  • What data is shared: Device push token
  • Purpose: Sending reminders and alerts
  • Your control: Disable in iOS Settings > Notifications > BioPoint
  • Privacy link: Expo Privacy

Sentry (Error Tracking)

  • What data is collected: Crash logs, error messages, device info
  • Retention: 30 days; then deleted
  • Health data in logs: We scrub sensitive data before sending
  • Privacy link: Sentry Privacy

Apple HealthKit

  • We read: Sleep, step count (with your permission)
  • We write: None; BioPoint only reads from HealthKit
  • Data flow: Stays on your device & in BioPoint; not shared with Apple or others
Important: Each third-party service has its own privacy policy. We recommend reviewing them. We are not responsible for their practices, but we've chosen providers with strong privacy records.

Apple HealthKit Data

What We Access

BioPoint reads the following from HealthKit (with your explicit permission):

  • Sleep samples: Bedtime, wake time, total duration
  • Steps: Daily step count

How We Use It

  • Displaying your HealthKit data in BioPoint
  • Correlating with your manual health logs for trend analysis
  • Generating personalized insights

How We Protect It

  • Data synced from HealthKit is encrypted at rest in Supabase
  • We never write to HealthKit; only read
  • We never share HealthKit data with third parties (including Apple, Google, or advertisers)
  • You can revoke HealthKit access at any time in Health > Data Access & Devices > BioPoint

Revoking Access

To stop sharing HealthKit data with BioPoint:

  1. Open the Health app on your iPhone
  2. Tap your profile picture (top right)
  3. Tap Data Access & Devices
  4. Tap BioPoint
  5. Toggle off Sleep, Steps, or disable entirely

Revoking access does not delete data already synced to BioPoint; you must delete that separately in the app.

Your Rights (CCPA & General Privacy)

If you're a California resident or in any jurisdiction with privacy laws, you have rights:

Right to Know

You have the right to request what personal data we hold about you. Email support@goldenmindenterprize.com with "Data Request" in the subject line. We'll provide a copy within 45 days.

Right to Delete

You have the right to request deletion of your data. You can:

  • Delete your account in-app: Settings > Account > Delete Account (instant)
  • Request deletion by email: Email support@goldenmindenterprize.com with "Delete My Data"

All personal data is deleted within 30 days, except where we're legally required to retain it (tax records, legal holds).

Right to Correct

You can update or correct your information directly in the app. If you need help, email support@goldenmindenterprize.com.

Right to Opt-Out

We don't sell your data, but you can opt out of:

  • Analytics: Settings > Privacy > Disable Analytics
  • Push notifications: iOS Settings > Notifications > BioPoint
  • Email notifications: Email settings in your account

Right to Data Portability

You have the right to download your data in a portable format. Email support@goldenmindenterprize.com with "Data Export" and we'll provide a JSON export of your health logs and account info within 45 days.

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights. Exercising these rights will not affect your ability to use BioPoint.

California Residents (CCPA)

Under the California Consumer Privacy Act, you also have the right to:

  • Know what categories of personal data we collect and how we use them
  • Know whether we sell or disclose your personal data (we don't)
  • Opt-out of the "sale" of personal data (not applicable; we don't sell)
CCPA Shine-the-Light Disclosure: We do not sell, rent, or share personal information with third parties for their marketing purposes. Period.

Data Deletion & Account Closure

Delete Your Account

To delete your BioPoint account and all associated data:

  1. Open BioPoint
  2. Go to Settings
  3. Tap Account
  4. Scroll to bottom and tap "Delete Account"
  5. Confirm your password
  6. Confirm deletion (you'll get a warning this is permanent)

What Gets Deleted

  • Your email and password hash
  • All health logs (sleep, mood, weight, supplements, fasting, nutrition)
  • All uploaded files (lab reports, photos)
  • All analytics & settings
  • Your subscription (if active, RevenueCat handles cancellation separately)

Deletion Timeline

  • Immediate: Your account is deactivated; you cannot log back in
  • 24 hours: Data is soft-deleted (hidden but recoverable)
  • 30 days: Data is permanently erased from all backups

Canceling Your Subscription

Deleting your account does not automatically cancel your subscription. To stop charges:

  1. Open App Store > Tap your profile > Subscriptions
  2. Select BioPoint Premium
  3. Tap "Cancel Subscription"

You can also email support@goldenmindenterprize.com for help.

Data You Cannot Delete

We may retain:

  • Anonymous, aggregated analytics (no PII)
  • Tax records (for 7 years, legally required)
  • Legal holds (if involved in a dispute)
  • Backups (encrypted, separate from active systems)

Children's Privacy

BioPoint is not intended for children under 13. We do not knowingly collect personal data from children under 13. If we discover that a child under 13 has provided us with personal data, we will delete that data immediately.

If Your Child Created an Account

If a child under 13 created a BioPoint account, please:

  1. Email support@goldenmindenterprize.com with the account email
  2. Provide proof that you are the parent/guardian
  3. We will delete the account and all associated data

Ages 13–18

BioPoint can be used by teenagers 13–18. We recommend:

  • Parents review the privacy policy with their teen
  • Parents understand that BioPoint collects health data (with the teen's input)
  • Open conversations about data privacy and health tracking

Changes to This Privacy Policy

We may update this policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Notify you via email (if registered)
  • Update the "Last Updated" date at the top of this page
  • Post a notice in the app

Your continued use of BioPoint after changes become effective means you accept the updated policy. If you don't agree, you have the right to delete your account.

Material Changes vs. Minor Updates

Material Changes (we'll notify you):

  • New third-party data sharing
  • New ways we use your health data
  • Changes to data retention or deletion policies

Minor Updates (no email notification):

  • Clarifications or grammar fixes
  • Updates to contact information
  • Changes to service links

Contact & Support

Questions about this privacy policy or how we handle your data? We're here to help.

Email

support@goldenmindenterprize.com

Company

GoldenMind Enterprize LLC

Location

Atlanta, Georgia, USA

Response Times

  • Data requests: 45 days (legally required)
  • Deletion requests: 30 days
  • Data export requests: 45 days
  • Support inquiries: 24–48 hours

Privacy Requests

For formal privacy requests (data access, deletion, export), please include:

  • Your email address on file
  • The type of request (Data Access / Delete / Export / Other)
  • Any relevant details

Regulatory Complaints

If you believe we've violated your privacy rights, you have the right to file a complaint with your state's attorney general or data protection authority. In California, you can file a complaint with the California Attorney General.

We take privacy violations seriously. If you file a complaint, we will cooperate fully with investigators.

Summary: We collect only what you give us. We encrypt it. We don't sell it. We don't spy on you. You own your health data. You can delete it anytime. We respect your privacy like it's our own—because it is.

Privacy. Data security. Health autonomy.

GoldenMind Enterprize LLC

Atlanta, Georgia, USA

support@goldenmindenterprize.com

© 2026 GoldenMind Enterprize LLC. All rights reserved. | Effective: March 30, 2026