Clarity Privacy Policy
1. The short version
- Your account is your phone number and a handle. That's the whole identity we require.
- We never collect precise location. Votes record a coarse region (city/country from the network edge) which is deleted within 24 hours, surviving only inside anonymized aggregates.
- Live video is deleted within 24 hours of the stream's start. We are ephemeral by design.
- We do not sell your personal information, and we don't show creators your data — they only ever see what you post.
- Clarity is not a HIPAA-covered entity; wellness data you choose to log is protected by this policy and the SHIELD Act safeguards below, not by HIPAA.
2. What we collect
| Data | Why | Kept |
|---|---|---|
| Phone number (verified via one-time code) | Account identity, login, fraud/Sybil defense | Life of account |
| Handle, goals, check-ins, verdicts you cast | The product itself | Life of account |
| Coarse region on a verdict (city/country) | Regional "what works where" aggregates | 24 hours, then nulled; aggregates are anonymized with a minimum-count floor |
| One-time passcode records | Login security | 10 minutes |
| Session tokens (hashed) | Keeping you signed in | 30 days |
| Live stream content | The live marketplace | 24 hours from stream start |
| Order records (item, amount, status) | Purchase history, verified-buyer status, tax/accounting | 7 years (financial-record retention) |
Payment card details go directly to Stripe and never touch our servers. Stripe's privacy policy governs its processing. OTP delivery uses Twilio; your number is shared with Twilio solely to deliver the code.
3. What we don't do
- No sale of personal information; no sharing with data brokers.
- No advertising use of your health-related logs.
- No precise geolocation, contact-list access, or background tracking.
- No AI training on your private logs without separate, explicit opt-in consent.
4. AI transparency
Clarity, our in-feed assistant, is AI and is labeled as AI. Conversations with Clarity are processed to answer you and to improve safety filtering; they are not sold and not used to target advertising. Clarity's statistics cite their source and are labeled when drawn from sample data.
5. Security (N.Y. SHIELD Act)
We maintain a written data-security program with administrative, technical, and physical safeguards designed to meet N.Y. Gen. Bus. Law § 899-bb, including: encryption in transit (TLS) and at rest, hashed session tokens and one-time codes, least-privilege access, rate-limited authentication, and vendor due diligence (Stripe, Twilio, Cloudflare). In the event of a breach of private information, we will notify affected New York residents and regulators as required by N.Y. Gen. Bus. Law § 899-aa without unreasonable delay.
6. Your choices and rights
- Access / export: request a copy of your data at privacy@healthai.com.
- Deletion: close your account in Profile or by email; personal data is deleted or de-identified within 30 days, except order records we must retain for legal/accounting purposes.
- SMS: login codes are transactional. Any marketing texts would require separate opt-in and honor STOP.
- Children: Clarity is 18+. We do not knowingly collect data from anyone under 18 (and never under 13, per COPPA); such accounts are deleted on discovery.
7. Legal bases and disclosures
We disclose personal data only to: service providers under contract (Cloudflare hosting, Stripe payments, Twilio SMS); a Presenter, limited to what's needed to fulfill your order from them (never your logs); and authorities when legally compelled. If Clarity is acquired, this policy binds the successor or you will be offered deletion first.
8. Changes and contact
Material changes will be announced in-app before taking effect. Questions and requests: privacy@healthai.com · HealthAI, [registered address], New York, NY.