Daybreak Privacy Policy

Introduction

Daybreak ("we," "our," or "us") is committed to protecting your privacy and handling your personal health and fitness information with the highest level of security and care. This Privacy Policy explains how we collect, use, share, and protect your information when you use our adaptive fitness coaching platform.

Your privacy is fundamental to our mission. We believe you should have control over your health and fitness data while benefiting from personalized, AI-powered coaching.

Definitions

• "Health Data": Fitness metrics, workout logs, sleep data, recovery scores, and other wellness information
• "User Content": Questions, conversations, and other content you create while using our Service
• "AI Coach": Our AI-powered feature that provides personalized training recommendations
• "Service": Our iOS application, website, and all related services

Our Regulatory Status

Important: Daybreak is a consumer fitness and wellness platform, not a covered entity under HIPAA (Health Insurance Portability and Accountability Act). While we implement security measures that often exceed industry standards, we are not bound by HIPAA regulations. We voluntarily adopt many healthcare-grade security practices to protect your sensitive health information.

AI Coach and Third-Party AI Technology

Daybreak AI Coach

The Daybreak AI Coach is a generative AI feature designed to help you understand your training data, make progress toward your fitness goals, and receive personalized workout recommendations. The AI Coach creates a personalized coaching experience by combining your unique fitness data with evidence-based training science.

If you choose to use the AI Coach, please note that it leverages third-party AI technology provided by our Large Language Model (LLM) partner. This technology generates intelligent and personalized responses based on your fitness data and training questions.

Important Safeguards:

• We require our LLM partner to use your anonymized fitness data only for generating responses to you
• Our LLM partner operates under a "Zero-Retention/Zero-Training Policy," meaning they do not store your data or use it to train their algorithms
• We only share anonymized fitness data with our LLM partner - never personally identifiable information
• We ask that you avoid providing identifying information in conversations with the AI Coach

Data Handling and Storage

Daybreak may retain your conversation history with the AI Coach to ensure continuity and improve your experience. When you revisit topics from previous conversations, we may share that context to create better, more personalized recommendations. You can delete your AI Coach conversation history at any time through your account settings.

Your Control

You have complete control over the AI Coach feature:

• Enable or disable the feature at any time through your account settings
• Delete conversation history whenever you choose
• Opt out of data sharing with our LLM partner by not using the feature
• Request manual deletion of all AI-related data by contacting us

Information We Collect

Health and Fitness Data

• Workout Data: Exercise logs, sets, reps, weights, duration, and training history
• Wearable Device Data: Sleep patterns, heart rate, HRV, activity levels, readiness scores, and other metrics from connected devices (Apple Health, Oura, Whoop)
• Body Composition: Weight, body measurements, and related metrics you provide
• Lifestyle Information: Training preferences, goals, constraints, schedule availability, and wellness context
• AI Conversations: Your interactions with the Daybreak AI Coach, including questions asked and recommendations received

Account and Usage Data

• Profile Information: Name, email address, date of birth, gender
• Subscription Data: Billing information, payment method, subscription tier and history
• Communication Data: Messages with our AI coach, support interactions, and feedback
• Platform Usage: Features used, recommendations followed, engagement patterns

Technical Data

• Device Information: IP address, device type, operating system, app version
• Cookies and Tracking: Session data, preferences, and usage analytics

How We Use Your Information

Primary Uses

• Personalized Training Recommendations: Analyze your fitness data to provide tailored workout schedules and daily intentions
• AI Coaching: Power our conversational AI system to answer your training questions and provide ongoing guidance
• Progress Tracking: Monitor your training progress and adapt your program over time
• Recovery Optimization: Use sleep and readiness data to adjust training intensity and protect against overtraining

Secondary Uses

• Service Improvement: Enhance our AI algorithms, recommendation accuracy, and user experience
• Customer Support: Respond to your questions and provide technical assistance
• Legal Compliance: Meet regulatory requirements and protect against fraud or misuse

Aggregated Research

We may use de-identified, aggregated data for research purposes to advance fitness science. This data cannot be linked back to individual users and helps improve our platform for everyone.

Information Sharing and Disclosure

We Do Not Sell Your Personal Health Information

Your fitness data, health information, and personal wellness data are never sold to third parties for marketing or commercial purposes.

Service Providers and Partners

• Payment Processors: Billing information is shared with secure payment providers to process subscriptions
• Technology Vendors: Trusted vendors who help operate our platform under strict data protection agreements
• Cloud Services: Computing and storage providers with appropriate security safeguards
• AI/LLM Partners: Our third-party Large Language Model provider, operating under strict zero-retention and zero-training policies

Required Disclosures

We may disclose your information when:

• Legal Obligation: Required by law, court order, or regulatory authority
• Safety Concerns: Necessary to protect your immediate health and safety or that of others
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with continued privacy protection)
• Consent: You have given explicit permission for specific sharing

Data Security and Protection

Technical Safeguards

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Multi-factor authentication and role-based access limiting who can view your data
• Infrastructure Security: SOC 2 Type II compliant cloud infrastructure with regular security audits
• Data Anonymization: Personal identifiers removed from research and analytics datasets

Organizational Safeguards

• Employee Training: All staff trained on privacy protection and data handling procedures
• Minimum Necessary: Access limited to information necessary for job functions
• Business Associate Agreements: All vendors handling health data sign strict data protection agreements
• Incident Response: Comprehensive procedures for addressing any security incidents

Data Breach Notification

In the unlikely event of a data breach that may compromise your personal information:

• We will notify affected users within 72 hours of discovery
• Notifications will include: nature of the breach, types of data involved, steps we're taking, and recommendations for you
• We will work with appropriate authorities as required by law

Your Privacy Rights

Access and Control

• View Your Data: Access all personal information we have about you
• Update Information: Correct inaccurate or incomplete health data
• Download Your Data: Export your workout history, recommendations, and fitness data
• Delete Your Account: Request complete removal of your account and associated data

State-Specific Rights

If you reside in California, Virginia, Colorado, Connecticut, Utah, or other states with enhanced privacy laws, you may have additional rights including:

• Right to know what personal information is collected and how it's used
• Right to delete personal information (subject to certain exceptions)
• Right to opt out of sale or sharing for targeted advertising
• Right to non-discrimination for exercising privacy rights
• Right to correct inaccurate personal information

Data Retention and Deletion

Retention Periods

• Active Accounts: Health data retained as long as your account is active
• Inactive Accounts: Data retained for 3 years after last login, then securely deleted
• Legal Requirements: Some data may be retained for 7 years to comply with financial regulations
• Research Data: De-identified data used for research may be retained indefinitely

Right to Be Forgotten

You may request immediate deletion of your account and all associated data. We will honor this request within 30 days, subject to any legal retention requirements.

Third-Party Integrations

Our Service integrates with third-party platforms (Apple Health, Oura, Whoop, etc.). These services have their own privacy policies, and we encourage you to review them. We only access data you explicitly authorize and use it solely for providing our Service.

You can disconnect any integration at any time through:

• The Daybreak app settings
• The third-party app's permissions settings

Children's Privacy

Daybreak is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly.

International Data Transfers

Daybreak operates primarily in the United States. If you access our Service from outside the U.S., your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international transfers.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service offerings. We will:

• Notify users of material changes via email at least 30 days before the effective date
• Post the updated policy with a new effective date
• Obtain consent for changes that materially affect how we use your health information

Contact Information

Privacy Questions

For questions about this Privacy Policy or our privacy practices:

• Email: privacy@daybreak.com

Exercising Your Rights

To exercise any privacy rights or submit requests:

• Email: privacy@daybreak.com
• Account Portal: Settings > Privacy

Response Times

• General inquiries: 3-5 business days
• Rights requests: Within 30 days (45 days for complex requests)
• Urgent security matters: Within 24 hours