Privacy Policy for Hazel

Last Updated: December 5, 2025

Effective Date: December 5, 2025

1. Introduction and Scope

Hazel ("Company," "we," "our," or "us") operates the Hazel mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, retain, and protect information when you use our App.

BY DOWNLOADING, INSTALLING, ACCESSING, OR USING THE APP, YOU EXPRESSLY ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, DO NOT USE THE APP.

This Privacy Policy applies to all users of the App, regardless of how they access or use it.

2. Important Notice Regarding Health Information

The App allows you to voluntarily log health-related information. This App is NOT a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), and the health information you provide is not protected health information (PHI) under HIPAA. By using the App, you acknowledge and consent to the collection and use of your health-related information as described in this Privacy Policy.

3. Information We Collect

3.1 Information You Provide Directly

Account Information:

• Email address
• Password (securely hashed)
• Apple ID credentials (if using Sign in with Apple)

Profile Information:

• Age
• Biological sex
• Hashimoto's diagnosis date
• Other optional profile details

Health and Wellness Information:

• Symptom ratings and descriptions
• Medication names, dosages, and schedules
• Supplement names, dosages, and frequencies
• Thyroid lab results (TSH, T3, T4, antibodies, etc.)
• Meal logs and food descriptions
• Meal photographs
• Sleep quality and duration
• Stress levels
• Exercise and physical activity
• Menstrual cycle data (if applicable)
• Other lifestyle and wellness factors you choose to track

3.2 Information Collected Automatically

Device and Technical Information:

• Device type, model, and manufacturer
• Operating system and version
• Unique device identifiers
• App version
• Language and timezone settings

Usage Information:

• Features accessed and used
• Frequency and duration of use
• Interaction patterns within the App
• Timestamps of activities
• Error logs and crash reports
• Performance metrics

3.3 Information from Third Parties

We may receive information about you from third-party services you connect to the App, such as Apple (for Sign in with Apple authentication).

4. How We Use Your Information

BY USING THE APP, YOU EXPRESSLY CONSENT TO ALL OF THE FOLLOWING USES OF YOUR INFORMATION:

4.1 Providing and Improving the App

• Displaying your tracked data and generating personalized insights
• Identifying correlations between your logged factors and symptoms
• Personalizing your experience based on your data
• Operating, maintaining, and improving the App
• Responding to your inquiries and providing support
• Sending you service-related communications and notifications

4.2 Research, Analytics, and Product Development

YOU EXPRESSLY ACKNOWLEDGE AND CONSENT THAT WE MAY USE YOUR DATA, INCLUDING HEALTH-RELATED INFORMATION, FOR THE FOLLOWING PURPOSES:

• Internal Research and Analytics: Analyzing aggregated and individual user data to understand health patterns, symptom correlations, and treatment effectiveness across our user base
• Machine Learning and Predictive Modeling: Developing, training, testing, and improving machine learning algorithms and predictive models using your data to enhance the App's insights and create new features
• Product Development: Using insights derived from user data to develop new features, services, and products
• Population Health Research: Conducting research on Hashimoto's disease and thyroid conditions using aggregated and/or de-identified user data
• Statistical Analysis: Performing statistical analysis on user data to identify trends, patterns, and correlations

4.3 Anonymized and Aggregated Data

We may create anonymized, de-identified, or aggregated data from your information by removing or modifying data that could identify you. Such anonymized or aggregated data is not subject to this Privacy Policy and may be used for any lawful purpose, including:

• Publishing research findings
• Sharing insights with healthcare researchers and institutions
• Developing commercial products and services
• Creating industry reports and benchmarks

4.4 AI-Powered Features

• Analyzing meal photographs using artificial intelligence to identify foods and provide nutritional insights
• Using AI to generate personalized recommendations and insights

4.5 Communications

• Sending daily reminders (if you opt-in)
• Notifying you of important changes to the App or this Privacy Policy
• Responding to your communications

4.6 Legal and Safety Purposes

• Complying with applicable laws and regulations
• Enforcing our Terms of Service
• Protecting the rights, safety, and property of Hazel, our users, and others
• Detecting, preventing, and addressing fraud, security issues, or technical problems

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share your information with the following third-party service providers who assist us in operating the App:

OpenAI, L.L.C.

• Purpose: AI-powered meal photo analysis and food identification
• Data Shared: Meal photographs and associated metadata
• Processing: Photos are processed for analysis; OpenAI's data retention policies apply
• Privacy Policy: https://openai.com/privacy

Apple Inc.

• Purpose: Sign in with Apple authentication
• Data Shared: Authentication tokens and email (if provided)
• Privacy Policy: https://www.apple.com/privacy/

5.2 Business Transfers

If Hazel is involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, government agencies).

5.4 Protection of Rights

We may disclose your information when we believe disclosure is necessary to protect our rights, your safety, or the safety of others; investigate fraud; or respond to a government request.

5.5 Research Partners

We may share anonymized, de-identified, or aggregated data with research partners, academic institutions, and healthcare organizations for research purposes related to thyroid conditions and autoimmune diseases.

5.6 With Your Consent

We may share your information for other purposes with your express consent.

6. Data Retention

6.1 Active Accounts

We retain your personal information for as long as your account remains active and as necessary to provide you with the App's services.

6.2 After Account Deletion

Upon deletion of your account:

• Your personal information will be deleted within 30 days
• We may retain anonymized or de-identified data indefinitely for research and analytics purposes
• We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance)
• Backup copies may persist for up to 90 days

6.3 Research Data

Anonymized, de-identified, or aggregated data derived from your information may be retained indefinitely and is not subject to deletion requests.

7. Data Security

We implement reasonable administrative, technical, and physical security measures to protect your information, including:

• Encryption of data in transit using TLS/HTTPS
• Secure password hashing
• Row Level Security (RLS) to isolate user data
• Regular security assessments
• Access controls and authentication

HOWEVER, NO METHOD OF TRANSMISSION OVER THE INTERNET OR ELECTRONIC STORAGE IS 100% SECURE. WE CANNOT GUARANTEE ABSOLUTE SECURITY OF YOUR DATA.

8. Your Rights and Choices

8.1 Access and Portability

You may access your personal information through the App at any time. To request a copy of your data in a portable format, contact us at contact@meethazel.app.

8.2 Correction

You may update or correct your personal information through the App's settings.

8.3 Deletion

You may delete your account through the App (Profile → Delete Account). Note that:

• Deletion will not affect anonymized or aggregated data already created from your information
• Some data may be retained as required by law

8.4 Opt-Out of Communications

You may opt out of non-essential communications through the App's notification settings.

8.5 Withdraw Consent

You may withdraw your consent to data processing by deleting your account. Note that withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

9.1 Right to Know

You have the right to request information about:

• Categories of personal information we collect
• Purposes for collecting your personal information
• Categories of third parties with whom we share your information
• Specific pieces of personal information we have collected about you

9.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

9.3 Right to Correct

You have the right to request correction of inaccurate personal information.

9.4 Right to Opt-Out of Sale/Sharing

We do not sell your personal information in exchange for monetary compensation. However, some data sharing described in this Privacy Policy may constitute a "sale" or "sharing" under California law. You may opt out by contacting us at contact@meethazel.app.

9.5 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

9.6 How to Exercise Your Rights

To exercise your California privacy rights, contact us at contact@meethazel.app. We will verify your identity before processing your request.

9.7 Authorized Agent

You may designate an authorized agent to make requests on your behalf by providing written authorization.

9.8 Sensitive Personal Information

We collect sensitive personal information including health information. This information is used only for the purposes disclosed in this Privacy Policy to provide the App's services.

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional terms apply:

10.1 Legal Basis for Processing

We process your personal data based on:

• Consent: You have given explicit consent for processing your health-related data
• Contract: Processing is necessary to provide the App's services
• Legitimate Interests: Processing is necessary for our legitimate interests in improving the App and conducting research, provided those interests do not override your rights

10.2 Your Rights

You have the right to:

• Access your personal data
• Rectify inaccurate personal data
• Erase your personal data
• Restrict processing of your personal data
• Data portability
• Object to processing
• Withdraw consent
• Lodge a complaint with a supervisory authority

10.3 International Transfers

Your data is transferred to and processed in the United States. By using the App, you consent to this transfer. We rely on Standard Contractual Clauses and other appropriate safeguards for international data transfers.

10.4 Data Protection Officer

For GDPR-related inquiries, contact us at contact@meethazel.app.

11. Children's Privacy

The App is not intended for use by children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at contact@meethazel.app, and we will delete such information.

12. Third-Party Links and Services

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy at any time. We will notify you of material changes by:

• Posting the updated Privacy Policy in the App
• Sending you an email notification (if you have provided your email)
• Displaying a prominent notice in the App

Your continued use of the App after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: contact@meethazel.app
• Website: https://meethazel.app/privacy

15. Consent Acknowledgment

BY USING THE APP, YOU ACKNOWLEDGE THAT:

1. You have read and understood this Privacy Policy
2. You voluntarily consent to the collection, use, and disclosure of your information as described herein
3. You understand that your health-related information will be used for research, analytics, and product development purposes
4. You understand that anonymized or aggregated data derived from your information may be retained indefinitely and used for any lawful purpose
5. You understand that your data may be processed in the United States regardless of your location
6. You have the right to withdraw consent by deleting your account, but this will not affect data already anonymized or aggregated

This Privacy Policy was last reviewed on December 5, 2025.