Last Updated: Jan.15th, 2025
This privacy policy (“Privacy Policy”) explains how information about you is collected, used and disclosed by Theta Health, Inc. and its affiliates (the “Company”, “we”, “our” or “us”). This Privacy Policy applies to information we collect when you use our website, which is available at https://www.thetahealth.ai/, and other products, features, apps, services, technologies, and software we offer (collectively, our “Services”).
By downloading, accessing, using and/or interacting with our Services, you agree and expressly consent to our collection, use and disclosure of the information that you provide as described in this Privacy Policy. This Privacy Policy is incorporated by reference into the Terms of Service available at https://theta.thetahealth.ai/protocol-tos.html (our “Terms of Service”) and is subject to the provisions of the Terms of Service. Capitalized terms used but not defined in this Privacy Policy shall have the meaning ascribed to such terms in our Terms of Service. If you have any concerns about providing information to us or the use of that information as described in this Privacy Policy, you should not use our Services.
Because we are always looking for new and innovative ways to help you achieve your goals in connection with the use of our Services, this Privacy Policy may change over time, so please review it frequently. The date at the top indicates the last time this Privacy Policy was modified. If we modify the terms of this Privacy Policy, we will notify you. If we are required by applicable data protection laws to give you enhanced notice or seek your consent for any such changes, we will do so. You can see when this Privacy Policy was last updated by checking the “Last Updated” date displayed at the top of this Privacy Policy. Any revised Privacy Policy will supersede all previous privacy policies.
You may opt-out of any revised Privacy Policy by cancelling your account through the settings of the Services you are using. If you are not able to cancel your account through the account settings, please contact us here. We are happy to assist you.
If you have any questions about this Privacy Policy or any other matter, please contact us via the methods outlined below.
Please email us at support@thetahealth.ai. You may also submit feedback through Theta Wellness by navigating to the “Setting” and clicking “Help & Feedback.
You may also write to us at:
Theta Health Inc.
303 Twin Dolphin Drive, Ste 6054
Redwood City, CA 94065
Table of Contents
We may collect and use the following personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household or natural person:
| Categories of Personal Information | Specific Types Collected |
|---|---|
| Identifiers | |
| Username or other online identifier, email address, account password, and region. | |
| Internet or other similar network information and activity | |
| In-Service browsing and search history, IP address, and information on user interactions with our website, application, or advertisements. | |
| Health data | |
| - Health Metrics: heart rate, blood pressure, respiratory rate, blood oxygen levels, and electrocardiogram (ECG) readings. | |
| - Fitness Activity Data: Steps taken, calories burned, workout details, distance walked or run, and hours spent standing. | |
| - Sleep Data: sleep patterns, including sleep duration, stages, and consistency. | |
| - Nutrition and Diet: caloric intake, water consumption, and specific macronutrients like carbohydrates, protein, and fats. | |
| - Reproductive Health: menstrual cycle, ovulation cycle, and fertility window predictions. | |
| - Mental Health: mood and emotional state and certain mental health assessments. | |
| - Medical History: immunizations, lab results, medications, allergies, and medical conditions. | |
| Certain types of personal information listed above may be considered sensitive personal information (also sometimes referred to as “sensitive personal data” or “sensitive data” under applicable laws and regulations) or may be otherwise legally protected in your jurisdiction. Throughout this Privacy Policy, this type of personal information is referred to as Sensitive Personal Information, and includes: | |
| We will not use your Sensitive Personal Information without first obtaining your consent. We only collect and use your sensitive personal information when you choose to track them within our Services or activate and use certain features within our Services. | |
| Commercial information | Financial account information, payment card type, credit or debit card number, billing address, phone number, purchase history. |
| User-generated profiles and content | User profiles, avatars, user-generated text information. |
| Device information | |
| Hardware model, operating system and version, unique device identifiers, mobile network information, country of access, crash reports, request and referral URL’s and/or system activity details. | |
| Software information | |
| Which version of software and what updates a user has installed or uses, and/or the presence of required plug-ins. | |
| Use information | |
| A user’s browser type, preferred language, access times, pages viewed, activity, and interactions with other users. | |
| Cookies | |
| The small data files stored on your hard drive or in device memory that help us enable the effective operation of our Services. We only use cookies that are technically necessary to enable effective operation of the Services and that support functionality to improve your experience. For more information about cookies, and how to disable them, please see Section 10 (Your Controls) below. | |
We collect personal information that you chose to provide to us, for example, when you create an account, manage your user profile, participate in any interactive features of our Services, request our e-newsletter or other marketing communications, participate in a promotion or survey, request customer support or otherwise communicate with us.
In some cases, personal information may be automatically collected from you when you interact with our Services. We only collect personal information that is necessary for providing our products and services in accordance with the principles of legitimacy, legality, necessity, and good faith. We collect internet information, device information, software information, use information, and cookies from you automatically when you use the Services.
In addition to personal information we automatically collect, you may share your personal information with us in the following ways:
In addition to the information that we collect directly from you, we also collect certain information from our third party sources listed below (our “Third Party Sources”):
| Third Party | Privacy Policy | Personal Information We Receive |
|---|---|---|
| Link | ||
| Avatar, username, and email address |
We have identified the names of some third-party payment channels that you may use to conduct transactions on our Services. Please see the links below to learn more about the personal information practices of such payment channels and the personal information collected from the associated third party.
| Third Party | Privacy Policy | Personal Information We Receive |
|---|---|---|
| Apple Inc. | Link | Subscriber ID, financial account information, payment card type, credit or debit card number |
| Third Party | Privacy Policy | Personal Information We Receive |
|---|---|---|
| AppsFlyer, Inc. | Link | Internet information and activity, device information, and use information |
| Google Analytics | Link | Internet information and activity, device information, and use information |
In particular, and in the past twelve (12) months, we collected the following categories of personal information:
| Categories of Personal Information | How We Collect It |
|---|---|
| Identifiers | Directly from you when you create or manage an account with us, and where applicable, from our Third Party Sources. |
| **** | |
| Internet or other similar network activity | Directly from you when you access our Services from a computer, mobile, and/or other device. |
| **** | |
| Health data | Directly from you when you choose to sync your Apple Health app data with us, or upload your medical examination reports, medical records. |
| User-generated profiles and content | |
| Directly from you when you create or manage an account with us, or upload content through our Services, and where applicable, from our Third Party Sources. | |
| Device information | |
| Automatically from you, when you access our Services from a computer, mobile, and/or other device, and where applicable, from our Third Party Sources. | |
| Software information | Automatically from you when you use our Services, and where applicable, from our Third Party Sources. |
| Use information | |
| Automatically from you when you use our Services. | |
| Cookies | |
| Automatically from you when you use our Services. For more information about cookies, and how to disable them, please see Section 10 (Your Controls) below. | |
We will only use your personal information for achieving the purposes listed in this Privacy Policy. Before using your personal information beyond the purposes outlined in this Privacy Policy, we will inform you in a timely and reasonable manner and:
We only use your personal information when we have a proper reason for doing so, such as:
Because we are continuously improving our products and Services, we may launch optimization functions from time to time which may increase or change the scope, purpose and/or method of collecting and using your personal information. In the event any optimization functions increase or change the scope, purpose, and/or method of collecting and using your personal information, we will clearly explain it to you by updating this Privacy Policy and providing you with notice.
In particular, and over the past twelve (12) months, we collect and use the below types of personal information in the following contexts for the following reasons:
| Context of Use | Personal Information Collected | Used… |
|---|---|---|
| Account registration | ||
| Username, email address, and password. | ||
| **** | With your consent | |
| For our legitimate interests | ||
| Health data management | We may collect your health data, including health metrics, fitness activity data, sleep data, nutrition and diet, reproductive health, mental health, medical history that you voluntarily sync or provide. Refusal to provide this information will not affect your ability to use other features of our Services. | |
| With your consent | ||
| For our legitimate interests | ||
| AI-Powered Health and Lifestyle Recommendation | We will collect text information, audio content, images, OCR-recognized content, and PDF document content that you voluntarily input or upload when using our AI-Powered health and lifestyle recommendation functions. Refusal to provide this information will not affect your ability to use other features of our Services. | |
| We will also collect and use your question-and-answer history, health data to ensure a continuous, high-quality experience, when you use the health and lifestyle recommendation function. Refusal to provide this information will not affect your ability to use other features of our Services. | ||
| With your consent | ||
| For our legitimate interests | ||
| Transaction/Subscription | We may collect your financial account information, payment card type, credit or debit card number, purchase history, billing address, phone number, and email in connection with your subscription for our paid Services. Refusal to provide this information will not affect your ability to use other features of our Services. | |
| With your consent | ||
| For the performance of our contract | ||
| To comply with our legal and regulatory obligations | ||
| Customer service and dispute resolution | We may need you to provide your email and other contact information to help you solve problems. We may also collect your communication information with us (including text / picture / audio and video / call record form), and other necessary information related to your request. | |
| **** | With your consent | |
| For the performance of our contract | ||
| To comply with our legal and regulatory obligations | ||
| For our legitimate interests | ||
| Product optimization | ||
| We may collect your device information, log information (operation log, service log), bugs and crashes reports to conduct analysis on user behavior and product performance, in order to improve our services in the future. | ||
| With your consent | ||
| For our legitimate interests | ||
You may ask us to share your personal information in a portable format with a third party of your choosing by submitting a verifiable request in accordance with Section 9 (How To Exercise Your Rights) of this Privacy Policy. In certain circumstances, we may disclose (i.e., share, release, disclose, disseminate, make available, transfer, or otherwise communicate) personal information with others for our operational and business purposes. We will only disclose your personal information for legal, legitimate, necessary, specific and clear purposes, and will only disclose the personal information necessary to provide services. At the same time, we will enter into agreements with third party recipients where necessary and require them to process your personal information in accordance with our instructions, this Privacy Policy and any other relevant confidentiality and security measures. Except as described in this Privacy Policy, we will not disclose your personal information with any other third parties. We do not sell your personal information. In particular, we may disclose personal information to:
Our affiliates, including Theta Health Inc. and the professional advisors of the Company, such as lawyers, auditors and insurers, where necessary in connection with such professional advisor services. Our affiliates are subject to the processing scope and purpose restrictions of this Privacy Policy. If an affiliate wants to change the purpose of processing for your personal information, we or the affiliate will ask for your authorization again.
Our service providers, who work on our behalf for the purposes described throughout this Policy and receive and process personal information for our business purposes. All of our service providers are contractually obligated to protect personal information to the highest degree required under law. If you refuse to allow our service providers to collect the personal information necessary for providing specific services, you may not be able to use such services in our platform. Our service providers are not authorized to use your personal information for any other purpose. Our service providers include:
| Service Provider | Categories Shared in the Last 12 Mos. | Business Purpose |
|---|---|---|
| OpenAI, LLC | ||
| Health data | ||
| User-generated profiles and content | To provide AI-powered chat functionalities | |
| Anthropic PBC | Health data | |
| User-generated profiles and content | To provide AI-powered chat functionalities | |
| Microsoft Corporation | Health data | |
| User-generated profiles and content | To provide AI-powered chat functionalities |
We also may disclose personal information with any competent law enforcement body, regulatory body, government agency, court or any other third party where we believe disclosure is necessary:
In case of a merger, acquisition, bankruptcy, or liquidation of our Company where the transfer of personal information may be involved, we will require new companies and/or organizations that come into possession of your personal information to continue to be bound by this Privacy Policy. If the new company or organization wishes to change its practices with respect to the collection and processing of your personal information and as outlined in this Privacy Policy, such new company or organization will ask for your consent before doing so.
We may also disclose anonymized, aggregated information (no longer personal information) with selected third parties for statistical or research purposes.
We store information about users on servers primarily located in the State of Oregon, USA. If you are accessing our Services from outside of the United States, please know personal information you submit may be transferred to and stored on servers in the States of Oregon. The data protection and other laws of the relevant states of the United States might not be as comprehensive as those in your country. By submitting your data and/or using our Services, you acknowledge that your data might be transferred, stored and processed in and to relevant states of the United States and other countries where we may choose to store data in the future. When we disclose your information to third parties, we also take steps to implement appropriate safeguards to ensure that such protection is maintained and is not undermined as a result of that disclosure.
Typically, we will retain your personal information while you have an account with us or while we are providing Services to you. Thereafter, we will retain your personal information for as long as is necessary to respond to your questions, complaints, claims or as required by law. We will not retain your personal information for longer than necessary to achieve the purposes set out in this Privacy Policy. When it is no longer necessary to retain your personal information, we will delete and/or anonymize it. In the event the jurisdiction in which you are located has personal information retention requirements that are not compatible with those listed in this Privacy Policy, the requirements of such jurisdiction with respect to personal information retention shall control.
| Category of Personal Information | Our Retention Practice |
|---|---|
| Identifiers | We retain these types of personal information for as long as needed to provide our Services, respond to your questions, complaints, or claims, or as required by law. |
| Internet or other network activity | |
| Health data | |
| User-generated profiles and content | |
| Device information | |
| Software information | |
| Use information | |
| Cookies |
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to access it. We take appropriate precautions to ensure those processing your information will do so only in an authorized manner and subject to a duty of confidentiality. We adopt encryption technology to protect your personal information. We have established special management regulations and procedures to safeguard the security of the personal information we collect. We hold security and privacy protection training courses to enhance employees' awareness of the importance of protecting personal information. In the event of a personal information security incident, we will initiate the emergency plan for security incidents, report to the relevant government authorities where necessary, and where legally required, inform you of the basic facts related to the security incident and the remedies we will take or have taken as well as our advice for you, via announcements, push notifications or emails. If it is difficult to inform every user, we will issue a notice through public announcements. Notwithstanding the security measures that have been taken and the legal requirements that have been implemented, we cannot guarantee the security of your personal information when communicating through unsafe channels. Therefore, you should also take measures to ensure the security of your personal information, such as changing your account password regularly. We will notify you and any applicable regulator of a suspected data security breach when we are legally required to do so.
You have specific rights regarding your personal information. This section describes your rights. You, or an authorized agent acting on your behalf, may exercise your personal information rights by submitting a verifiable request directly or through our Services (see Section 9 (How To Exercise Your Rights) below). If an authorized agent submits a request to know or delete your personal information, we require you to:
| Your Right To… | Details of Your Right |
|---|---|
| Know About Our Practices With Respect To Your Personal Information | |
| Upon receipt of a verifiable request, we will confirm whether or not we are processing your personal information, and inform you of the categories of personal information we collected about you, the categories of sources for the personal information we collected about you, our basis or purpose for collecting such information, and the third parties with whom we shared your personal information. | |
| Access Your Personal Information in a Portable Format | |
| You can access the personal information submitted to us at any time. Upon receipt of a verifiable request, we will deliver a copy of your personal information to you or another entity free of charge and in a readily useable format. | |
| Correct Your Personal Information | |
| In the event you discover the personal information we have about you is incorrect, upon receipt of a verifiable request we will correct such information and direct our service providers, contractors, or other third party affiliates to similarly correct the information. | |
| Delete Your Personal Information | |
| You may delete your personal information by deleting your account with us. In addition, subject to certain lawful exceptions, upon receipt of a verifiable request we will delete your personal information from our records and direct our service providers, contractors or other third party affiliates to delete your personal information from their records unless they have obtained your separate consent for processing. | |
| Restrict Us From Certain Uses of Your Personal Information | |
| You have the right to require us to restrict processing of your personal information in certain circumstances, such as when you submit a verifiable request to correct your personal information. You can also exercise control over certain types of use of your personal information, such as ancillary personal information, in Section 10 (Your Controls) below. | |
| Cancel Your Account | You may cancel your account with us anytime through a verifiable request, by deleting your account directly through our Services, or by contacting us here. After you cancel your account, (i) you will no longer be able to log in and use our products and services with this account; (ii) the content, information, data, and records under your account will be deleted or anonymized (unless otherwise required by applicable law); and (iii) after the cancellation of an account is completed, it cannot be recovered. |
| Limit the Use of Your Sensitive Personal Information | Under various applicable privacy laws, you have the right to request that we limit our disclosure or use of your sensitive personal information to only what is necessary to perform our Services or provide features as requested by you. We only collect and use your sensitive personal information as necessary to provide our Services when you choose to activate and use features that necessitate such information. |
To easily access, view, update, correct, delete or port your personal data, or to update your subscription preferences, please sign into your account and visit the account settings. Where we rely on consent to collect and use information about you, you can withdraw your consent at any time by deleting your account or contacting us. If you make a request to delete your personal data and that data is necessary for the products or Services you have purchased, the request will be honored only to the extent it is no longer necessary for any Services purchased or required for our legitimate business purposes or legal or contractual record keeping requirements.
To exercise the access, data portability, correction, and deletion rights described above please submit a verifiable request to us at support@thetahealth.ai.
Only you, or a person authorized by law to act on your behalf, may make a verifiable request related to your personal information. You may also make a verifiable request on behalf of your minor child.
The verifiable request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
If your account is lost, you can verify through verification email or contact customer support to reset your password. However, in this process, you need to provide some personal information to verify your identity.
Making a verifiable request does not require you to create an account with us. We will only use personal information provided in a verifiable request to verify the requestor’s identity or authority to make the request.
We will send you confirmation of receipt of any verifiable request within ten (10) business days of its receipt. We endeavour to respond substantively to any verifiable request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period required in writing.
If you have an account with us, we will deliver our written response to that account or by the method you submitted your request. If you do not have an account with us, we will deliver our written response by the method you submitted your request.
If we cannot comply with a verifiable request, we will explain our reasons to you in writing, if applicable. Where we inform you that we cannot comply with a verifiable request, you may submit an appeal to us within a reasonable period of time following your receipt of our decision to refuse to process your request. In the event you submit an appeal, we will respond to you in writing within forty-five (45) days and disclose any action taken or not taken in response to your appeal and an explanation of our decisions. In some U.S. states, you may have the right to submit your concerns with the result of the appeal to your Attorney General.
For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another without hindrance.
Typically, you will not have to pay a fee to access your personal information or to exercise any of your privacy rights. However, except in relation to consent withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing the request. We may also refuse to comply with your request in such circumstances.
We may decline to comply with your request under the following circumstances, and in accordance with applicable laws and regulations:
We give you control over our use and collection of your personal information. In this section, we detail your controls.
| Control | Details |
|---|---|
| Our Use Of All Personal Information | |
| You can restrict our further use of your personal information by cancelling your account through the settings of the Service you are using. | |
| If you are not able to cancel your account through the account settings, please contact us here. We are happy to assist you. | |
| In the event you request us not to use your personal information any further, we will halt processing of your personal information unless necessary for the performance of our contract with you, or if processing is necessary to comply with a legal obligation or to protect the rights and interests of ourselves or a third party. | |
| Use Of Ancillary Personal Information | You can restrict our use of any of your personal information unnecessary for the provision of our Services to you by navigating to the settings of the Service you are using and deleting such personal information. |
| If you are not able to restrict our use of your personal information unnecessary for the provision of our Services to you through the account settings, please contact us here. We are happy to assist you. | |
| In the event you request us not to use ancillary personal information, we will only collect the personal information necessary to perform the functions of our Services. Your refusal to provide certain categories of personal information will only result in your inability to use certain functions of our Services that require that information but will not affect your normal use of other functions of our Services. | |
| Our Use of Sensitive Personal Information | We self-limit the use of your Sensitive Personal Information by only collecting and processing your Sensitive Personal Information as necessary to provide our Services when you choose to activate and use features that necessitate such information. We do not use your Sensitive Personal Information for any other purposes. If you have any questions about our use of or your rights with respect to your Sensitive Personal Information, please contact us here. |
| ****** | |
| Cookies | |
| You can disable cookies by setting your browser to remove or reject browser cookies. Please note that if you remove or reject cookies, this could affect the availability and functionality of our Services. | |
| Universal Opt-out Mechanisms | You may use the Global Privacy Control (“GPC”) or another universal opt-out mechanism to communicate your privacy preferences. If we detect the GPC or other universal opt-out mechanism signal from your device, we will not share your personal information unless necessary to provide you our Services (we do not sell your personal information). Note that if you have GPC or another universal opt-out mechanism activated, certain functionalities of our Services empowered by sharing your data may not function properly. |
| Push Notifications | You can deactivate push notifications by changing your “Notifications” via your device. |
We will not discriminate against you in any manner prohibited by applicable law for exercising any of your controls or rights over your personal information. However, we may offer you certain permitted financial incentives related to the collection and/or retention of your personal information, such as programs, benefits, or other offerings. These may be deemed a financial incentive, loyalty program, or price or service difference under applicable law. We are providing you with the information contained in this section so that you may make an informed decision on whether to participate in our programs, such as:
Such financial incentives may not be available at all times. The amount and terms of such financial incentives will be presented to you at the time of the offer. The monetary value of any financial incentive will be based on our good-faith estimate of the benefit we receive when you accept our financial incentive offer. We calculate that monetary value by comparing our costs to offer you the financial incentive to the benefit we receive when you accept our offer.
By participating in any of our promotional programs, you agree that the benefits are reasonably related to the value of your personal information collected and retained. Participation in any promotional program is always optional, and you can terminate your participation by contacting us here.
In order to provide you with convenient and high-quality services, we may request some permissions on your device. If you have previously granted us permission authorizations, you may choose to turn off some or all permissions in the setting function of the client or device you are using. The methods for granting or withdrawing permissions may be different on different devices.
| Authorization | Services and Functions **** | | --- | --- | | Microphone authorization | You can send voice messages in some of our Services. **** | | Camera authorization | You can use the camera to take photos, capture and upload videos and pictures to use certain features of our Services. | | Photo album and storage authorization | You can upload your photos/pictures/videos and locally cached video and audio files by authorizing the access to your photo album, so that you can change your avatar, communicate, or engage with other features on certain Services. | | Sports and fitness authorization | You can share your step count and other fitness data. |
Because consumers are often unaware that their do not track beacons are active, do not track signals frequently does not reflect the actual preferences of our users. We currently do not respond to Do Not Track signals. In the meantime, you may opt out of certain types of tracking, including certain analytics and tailored advertising by changing your cookie settings or using a universal opt-out mechanism in your browser.
As set out in our Terms of Service (available at https://theta.thetahealth.ai/protocol-tos.html), you must be at least 18 years old and have the requisite power and authority to access and/or use our Services. If you are still a minor (i.e., under 18 years old), you must obtain the consent of your parent or legal guardian to use our Services.
If you are the legal guardian of a minor, please pay attention to whether the minor uses our Services or provides his or her personal information after obtaining your authorization and approval. If you have questions about the personal information of the minor under your guardianship, please contact us here. We are happy to assist you.
Our Services are not intended for children under the age of thirteen (13) (a “Child” or “Children”), and we do not knowingly collect any personal information from Children. Children should not use or attempt to use our Services, and if you are a Child, please do not attempt to use our Services or send any information about yourself to us.
In the event that we learn that we have inadvertently gathered personal information from a Child, we will take reasonable measures to delete such information from our records. Parents who believe that we might have gathered any information from or about a Child may submit a request to delete such information by contacting us here. We are happy to assist you.
We hope that we can resolve any query or concern you raise about our use of your personal information. You can submit feedback or a complaint regarding our privacy practices by contacting us here. We will reply to your feedback or complaint as soon as we can. If you feel that a complaint has not been adequately resolved, certain U.S. state-level data privacy laws may enable you to lodge a complaint with your Attorney General or another regulatory body.
If you would like this Privacy Policy in another format (e.g., audio, large print, braille, et cetera) please contact us here. We are happy to assist you.